Your building watches people. Does your ICO notice tell them?
14 cameras. WiFi analytics on every floor. A badge system that logs every entry. And a laminated A4 sheet that says 'CCTV in operation.' That's not consent. This is.
An ICO notice on the wall isn't consent
The ICO's CCTV Code of Practice requires operators to be transparent about surveillance โ who operates the cameras, what they're for, and how long footage is kept. A small sign in the corner doesn't meet the standard. And since Brexit, UK GDPR has its own enforcement regime with the ICO issuing fines directly.
- The ICO fined a gym chain ยฃ750,000 for cameras in changing areas with inadequate disclosure โ they had signs, they just didn't say enough
- WiFi probe requests capture MAC addresses. The ICO treats this as personal data โ collecting it without consent breaches UK GDPR
- The ICO's CCTV Code requires a documented assessment before deploying surveillance, including proportionality and data protection impact
- Sharing member data with partner companies without specific consent violates UK GDPR Article 6
One scan. Every purpose. Auditable forever.
Visitors see a toggle for each type of data you collect โ cameras, WiFi, marketing, waivers โ and choose what they consent to
Camera-by-camera disclosure
Not just 'CCTV in operation' โ your visitors see how many cameras, which zones they cover (lobby, gym floor, car park), what the footage is used for (security, analytics, marketing), and your retention period. Each zone gets its own toggle. Someone can consent to lobby cameras but decline gym floor recording. ICO CCTV Code compliant.
WiFi and beacon tracking
Your WiFi analytics system captures device MAC addresses from every phone in the building โ even phones that never connect to your network. Overturo discloses this before the visitor's phone is in range. Separate toggles for WiFi analytics, Bluetooth beacons, and indoor positioning. No more 'we use cookies' banners for technology that has nothing to do with cookies.
20-second QR check-in
A printed QR code at the entrance. Visitors scan it with their phone camera โ no app, no account, no download. The consent flow loads in their browser, pre-configured for your venue's specific data practices. Average completion time: 20 seconds. That's faster than signing a paper waiver on a clipboard.
Digital waivers that hold up
Every liability waiver and membership agreement captures: the exact text shown to the visitor, the timestamp of their acceptance, their device fingerprint, and an Ed25519 digital signature. The signature is hash-chained to the previous record โ proving the waiver hasn't been altered after the fact. Try doing that with a pen on paper.
Standing consent for regulars
Your gym member who comes every morning at 6am doesn't need to re-consent daily. Standing mandates carry forward for 30, 60, or 90 days. When they expire, the member sees a single prompt on their next visit โ not a full re-flow. Consent is continuous, not a speedbump.
Live dashboard with proof
Real-time view: 47 people checked in, 44 consented to cameras, 38 to WiFi analytics, 47 signed the waiver. Current occupancy: 47 of 120 capacity. Export the full consent manifest as JSON or CSV โ timestamped, signed, and hash-chained โ for your DPO, insurer, or the ICO.
How it works
Map your data
List what your venue collects: CCTV zones, WiFi analytics, membership data, marketing. Overturo creates a consent toggle for each one, with plain-language disclosure you can customise.
Print the poster
Download your QR poster as a PDF. Print it A3 and mount it at the entrance, reception desk, or turnstile. Multiple posters across multiple entrances all point to the same flow.
Visitors scan
Phone camera โ QR code โ consent flow loads in browser. No app. No login. They see each data practice, toggle what they consent to, and tap Submit. 20 seconds. Done.
You have proof
Every consent record is Ed25519-signed and hash-chained. You can prove what was disclosed, when they consented, and that the record hasn't been tampered with. Export any time.
Works everywhere people walk in
Gyms & fitness
Liability waivers + CCTV in workout areas + body scan consent + insurance data sharing. Members consent once on sign-up and check in daily with standing mandates. 6am regulars never see a prompt.
Offices & coworking
Visitor sign-in with NDA, security cameras, WiFi tracking, and third-party data sharing (cafรฉ tab, cleaning service). Hot-desk users consent on first visit. Building management gets aggregated occupancy data โ no PII.
Retail
In-store WiFi analytics, CCTV, loyalty programme, and marketing opt-in. QR at the entrance or checkout. Consent completion rates are 3x higher than cookie-style popups because visitors understand what they're agreeing to.
Healthcare
Patient check-in: HIPAA-aware consent for treatment records, waiting room cameras, and research participation. Integrates with FHIR endpoints. Parental consent flow for minors.
Education
Campus CCTV, student WiFi analytics, event photography. FERPA-aware flows for education records. Parental consent for under-16 visitors. University open days: temporary consent for one visit.
Hospitality
Guest check-in: corridor and lobby cameras, WiFi tracking, marketing, loyalty programme. The consent flow integrates with your PMS โ guest room number links to their consent record.
Three ways to deploy
Choose what works for your entrance โ or use all three
QR poster
Print an A3 poster. Mount it at the door. Visitors scan with any phone camera. No app, no account โ works in Safari, Chrome, Firefox.
Kiosk tablet
Mount an iPad or Android tablet at reception. Visitors complete consent on the shared device. Auto-clears between sessions.
NFC tap
Stick an NFC tag at the entrance. Visitors tap their phone โ the consent flow opens instantly. Sub-second deployment.
Built for ICO compliance
When the ICO asks 'can you prove this visitor consented to CCTV in zone 3 on March 15th?' โ you can
Venue consent included in every plan
Free plan: 1 venue, up to 50 visitors per day. Paid plans: unlimited venues, kiosk mode, NFC, real-time occupancy dashboards, and standing mandates.
"We have 12 cameras across three floors and WiFi analytics on every access point. Before Overturo, our ICO-compliant notice was a laminated A4 sheet nobody read. Now 91% of visitors actively consent. When the ICO asked for evidence during a routine check, we exported the full trail in under a minute."
โ Operations Manager, Central London coworking space (340 members)
The laminated sign isn't going to save you
Print a QR poster. Stick it at the door. Start collecting consent that actually holds up. Setup takes under 5 minutes. No credit card required.