HELP & FAQ
What is Facial Recognition?
Facial recognition software takes your features and turns them into a numerical code or unique user profile. When you compare this profile with any database of photos, you can start making matches and identifications. Our facial recognition software is activated as soon as you have your photo taken by our official photography team at our partner global locations.
Which partner global locations do you have facial recognition software active at?
As of February 2023, we currently have this software installed at San Diego Zoo and San Diego Safari.
What data are you collecting when you take my photo?
When we take your photograph at one of our partner theme parks or attractions, we know which attraction you visited and when you were there. In addition to this, at the above listed locations, our facial recognition service collects data relating to your facial features. This data comes in the form of the addition of lines that match features on your face as well as the colour of your top or hair.
Every photo that we take on site is then analysed by the software to find faces. We then apply an algorithm that creates a unique map of some of your features which becomes a searchable record.
As well as your facial features being collected, the software also checks the selfie you upload for approximate age. This helps us protect the data of minors and ensures that the selfie provided is of a legitimate individual.
This method of processing results in the data being classed as biometric by the Information Commissioner’s Office (ICO).
Biometric data, like DNA records?
The facial data we collect does fall into the biometric category. However, because of the classification of this data under the General Data Protection Regulations, we are applying all recommended precautions to handling your data as if it were your DNA.
Using facial recognition sounds like a Police process - am I being profiled?
Absolutely not. Facial recognition has gained a bit of a bad name recently. We want to change that. We don’t share your facial data with anyone else, we only use it to find the photographs you’ve had taken at our partner locations.
We don’t profile you, mine your data, or match you against any kind of database that could reveal more information about you. We simply turn faces into strings of numbers which are linked to a photograph. When our software receives your uploaded selfie, we turn that into another string of numbers and search for that. Where there is a match, we send that photograph to your smartphone.
Is that secure?
We are confident that this process is more secure than ever before. With this system, you are the only one to have access to your photos . Your face is the key to your account. It enables greater privacy control than we have been able to previously provide. You control your photo from the privacy of your own phone or device.
All our data is encrypted in transit and at rest . Meaning it is secure from the moment we take it, to the moment we delete it.
What can you tell about me from the data that you collect?
Not a lot, other than your face matches the face in your selfie and that you were at a particular part of an attraction, at a particular time. We can’t even reconstruct your face from the data we collect, it’s a one-way process. We don’t know who you are, or anything about you. Our payment channels are separated from the Facial Recognition technology, so we don’t link to you in that way. We don’t require a user account to use our service, your face is your account.
We can tell when you were at a specific photo opportunity, (date and time), which means we know where you were during certain points in your visit.
We have purposefully limited the amount of data that we collect about you, even to the point of not having a ‘user account’ in the classic sense, but an account that is unique to your face.
If you contact us through our guest services channels, then we will collect data to enable us to process that request.
Why go to these lengths to not collect data about me?
We have had the opportunity to create a brand-new service. That meant that we could follow the ICO’s advice and build our service with ‘security by design’, right from the start. We believe that the less data that we have about you, the lower the threat that data is to your Rights and Freedoms.
Nobody wants the worst to happen and we take every precaution to protect any data that we have, but we also recognise that things can go wrong. In the event of a worst-case breach of our systems, all that could be known about you is that someone who looks like you visited an attraction, at a certain point in time, the string of numbers that relates to your photo and possibly who you were there with (if there is someone in the photo with you).
What are you doing with my data?
When you visit one of our global partner theme parks or attractions, we are the official photography team that capture your photos on site. Once we have taken your photo, we upload them to our Cloud Servers and begin to search for faces using our facial recognition software.
This software processes your photo and turns it into an anonymous, unique, and searchable piece of data which is in the form of a string of numbers. These numbers relate to various individual features on your face.
When you visit our website to find your photographs, we ask you to take a selfie which is also uploaded to the same Cloud Servers. The same processing techniques are applied, and we are then able to find matches between the photos taken during your visit and the selfie you uploaded.
At this point you can then view all the photos that have been taken by us on your smart device and you will then get the option to purchase them if you wish.
How does that work?
When we take a photograph, we immediately upload it, in an encrypted format, to our Cloud Servers. Once at the server, the photograph is analysed for faces. The faces are turned into a series of numbers, representing vectors of lines applied to your face by our software, that are based on key features on your face. The photo is then securely stored, and the unique reference numbers found are linked to the photograph in our database. Then, whenever a user initiates a search for our photos, we convert your selfie (by the same mechanism) and search for the result against the list in our database. Whenever we find a match, we pull up that photo, process it to make it look fantastic and send it directly to your device or web-browser.
What if I’m wearing a disguise? Or a face mask?
Our system looks for similarities between people in photographs. It is quite clever and capable of finding someone wearing a face mask, sunglasses or even costume makeup. We can find you from many angles and even if you’re pulling your best scary face (or screaming your head off).
But no system is infallible! What if the photo I receive isn’t me?
Good point! Our system can make mistakes and although it is rare, it could mistake you for someone else at a certain angle. This is why we have included the option to report the photo by tapping on 'This Isn't Me'
By doing this, the photo will be removed from your photo album as well as telling our software not to do it again! The next time it finds a result for you, it will automatically check that it doesn't match the photo you have flagged as not yours. The more our guests report these issues, the lower the risk becomes of it happening again.
What if someone gets my photo?
Although our system is over 99.9% accurate, there is a possibility that this could happen.
Ideally the individual will report the photo by tapping the 'This isn't me' button which will remove your photo from their gallery and add it to yours.
In the case of an individual not reporting the photo, if you contact our guest services team to locate your missing photo, we will be able to manually locate it and remove it from the incorrect gallery to add to yours.
What if I am missing a photo?
If you know you are missing a photo, please use the Contact Us form on picsolve.com and submit a passport style selfie with your form.
Why are you doing this? What was wrong with the old system?
We used to ask our customers to find their photos on a digital screen, zoom in and then they would say whether they wanted to purchase it or not. This system is still one we use across many global theme parks and attractions, but for those sites listed in question 2, we wanted to try something different.
Our new system allows you to collect and view all your digital photos, on your smart device, without the need to queue up at a retail counter and disrupt your day.
Do you need my consent to process my Biometric data?
Yes. Absolutely. Although it would be impossible for us to engage with the individual to obtain consent prior to taking our photographs and applying that first level of data processing.
That is why have made the process of not engaging with our service as easy as possible. We take great care to make sure that you, the guest, are notified of where our technology is in use and what you can do about it.
We have provided an in-app, and on-site route to register to have your data disassociated from your photograph as soon as we see them.
We rely on keeping you informed about how you can enact your data rights. We have posted information at every opportunity we can find - before the ride, during the queue and at the end. Our staff are given training on what we are processing and what you can do about it.
Therefore, by entering the area where photography is occurring you are consenting, through action, to allow us to apply the basic level of processing to our photos.
By engaging with our app or website, you will need to consent to processing your selfie data and to the search against your biometric data to be able to use our service.
If you want us to forget your photos, we've made sure that it is as easy as possible to remove yourself from the facial recognition software by simply heading to imagic and removing your account from the menu.
Can't you just turn the camera off?
We have put a lot of thought into how we could achieve this, but every solution is deeply flawed. We do not have a viable way to selectively take or not take photographs. This FAQ isn’t intended to discuss every idea we have explored, but if you want to talk about it further then please contact firstname.lastname@example.org, where we will be happy to discuss concerns, suggestions or ideas around this topic.
What can I do if I don’t want my photos to be searchable?
We still ask for you to submit a selfie, but it automatically gets tagged as one for the system to not process. As soon as the system sees your selfie, it will remove the string of numbers that connects the biometric data with the photo. This converts the biometric data into a useless string of random digits, which even we can't do anything with.
So although your photo will technically still exist before it is automatically removed after seven days, it stops being searchable. Even if you change your mind.
What about if I have already left the attraction but still want my data removing?
Same process as detailed in question 17 – this can be actioned where-ever you are.
I've viewed my photos but now I want to remove my data - why am I still able to see my photos?
If you have already submitted your selfie to the service but then want to remove your photos from our system, you will need to visit to imagic and removing your account from the menu,. You should remove the whole account.
What if I don’t like that?
When enacting your Data Rights, the ICO advises that there must be a certain exchange of personal data in order to enable us to enact your rights. If you don’t want to submit a selfie, we understand your reservations, facial recognition technology has a bad name in some circles. However, we will never use your data for any purpose other than allowing our system to forget you. If you don’t want to engage through this route, all photos and their associated data that are inactive for seven days are removed from our system automatically.
What if I want to enact my other rights or talk to someone about this?
Please contact email@example.com where our Data Security Team will be able to assist you with any data right or privacy concerns you may have.
You can’t take my photo without my permission! I don’t consent to you capturing me.
Picsolve captures your initial images, operating under the Legitimate Business Needs model, specifically the Street Photography model, as set out by the ICO (UK), which states that in any public space, where there is a reasonable expectation that photography can occur, then consent is not required to capture the image of an individual. The ICO has confirmed that it is reasonable to expect photography to be occurring in our places of business.
What about children?
The ICO defines a child as being an individual over the age of 13, however this differs between European countries where the general age of data consent is 16. To be safe and to protect the data of minors during our initial trials we are restricting the use of this service to over 18 only.
We are planning in the next few weeks to add a mechanism to our service that will allow a parent or guardian to provide consent on behalf of their child. However, as we are protecting the biometric data of children, we are taking the cautious route. We apologise for any inconvenience caused during this initial trial phase.
What about someone in my care?
Our system is not designed to identify individuals that are in the care of another. Therefore, we rely on the care giver to understand this privacy notice and provide appropriate action for those in their care. Please talk to a member of staff during your visit, who will be more than happy to assist further. If the individual has access to their own mobile device or has access to the Internet, then we must assume that the individual can consent to processing of their own data.
If you wish for an individual to be permanently removed from our system (a permanent block), please submit a Contact Us form via picsolve.com or email us at firstname.lastname@example.org
Can I consent for my friend/wife/nephew for example?
Consent can only be given for another individual when that individual is either under the age of 18 or requires assistance from a caregiver.
We employ technologies during our selfie capture process to help ensure that the photo provided is a real person, and that person is over the age of 18. We also employ technologies to stop users from providing photographs of others as their own selfie.
What about school groups or similar?
Your teacher, scout leader, volunteer cannot give consent to us to process your data. It must be a parent, guardian or caregiver.
But I really want my photograph!
Don’t worry. Because we keep your photos for seven days, you can register, with your parents’ / guardians’ / caregivers’ consent and your photos will still be available.
Failing this, please speak to a member of staff during your visit. Many of our locations are still offering a printed photograph service from limited locations at the site.
What happens to my data after my visit?
Unpurchased photo & biometric data - 7 days
Purchased photo & biometric data - 90 days
Selfie to remove photo from system & biometric data - 3 days
Personal data submitted to guest services - 2 years
What happens to my data if I don’t engage?
Nothing. We delete it after seven days. We don’t do anything further with it.
What happens to my data after purchase?
To enable us to provide you with your photos, we need to retain your biometric data for the duration that we are storing your photos. Once your photos have all expired then we will delete the association between your photos and your data, and the photos will be deleted from our system.
Who do you share my data with?
We don’t share your data with anyone. We do share statistical data, such as how many people have used our service, with our site partner (the site owner), but this is anonymous and does not contain any of your personal data.
Who is responsible for protecting my data?
Picsolve is the Data Controller for the data which we process. This is your photograph and your facial recognition data. Any other data supplied through our partners will be covered by their data protection and privacy notices.
I’m not from Europe, does the GDPR apply to me?
Strictly speaking, no, however, we apply the same level of data protection to every photo we take, no matter where we take it. So, with us and your data, yes GDPR applies, you can still enact your rights through us as if you were an EU citizen. Please contact email@example.com for more information.
I’m a UK/EU citizen, and I visited a site outside of the EU, does the GDPR still apply?
Absolutely, that’s by design of the GDPR. However, no matter where you visit, you can contact us directly at our head office, through firstname.lastname@example.org to enact your GDPR rights.
Where can I find out more about my rights?
The UK Information Commissioner’s Office (ICO) has a wealth of information. Every European country has its equivalent and provides advice free of charge.
I've purchased my digital photos but they still have the watermarks showing on them?
Apologies for this! Please get in touch with us via the Contact Us form on picsolve.com
How many people does one selfie cover? Does all my party need to have a selfie?
At the moment, we require everyone in your party to take their own selfie to find photographs. If you are in a group then we will find you in that group and provide that photograph. We are currently working on the technology to be able to add members of your family or your group to your account. We’re hoping to introduce this feature early 2021.