I. General information
The information below is intended to inform the public and persons entering the monitored area (i.e. potential affected data subjects) about the procedures for processing, storing and managing the records taken by the CCTV system operated in the SAFINA, a.s. premises, Vídeňská 104, 252 50 Vestec, Czech Republic, ID No.: 03214257, Tax ID No.: CZ 03214257, registered in the Commercial Register kept at the Municipal Court in Prague, Section B, Insert 20972 (hereinafter also referred to as the “Controller“), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR“), in particular Article 13 GDPR.
The video surveillance system is operated and this information applies to the objects of the Administrator:
- SAFINA a.s., registered office and company premises – Vídeňská 104, 252 50 Vestec,
- all SAFINA a.s. facilities are operated in the Czech Republic.
II. Information on the processing of personal data and operation of the camera system
Controller and his contact details
The controller of your personal data is SAFINA, a.s., Vídeňská 104, 252 50 Vestec, Czech Republic, ID No.: 03214257, VAT No.: CZ 03214257, registered in the Commercial Register kept at the Municipal Court in Prague, Section B, Insert 20972.
Legal basis for processing
Your personal data is processed by the camera system on the basis of the necessity to protect the legitimate interests of the controller and third parties in accordance with Art. 6 para. 1 point. f) GDPR, specifically:
- ensuring the protection of the health and life of persons on the premises of the administrator;
- protection of the property of the administrator, the company IP Vestec s.r.o. (landlord of the premises in the premises of the administrator) and other persons, in particular. employees of the Administrator and companies operating on the premises of the Administrator.
The Controller is fully aware of the rights of data subjects enshrined in the provisions of Act No. 89/2012 Coll., the Civil Code, as amended, relating to the conditions for the protection of privacy, personality and the human form, as well as the provisions of Act No. 262/2006 Coll., the Labour Code, as amended, regulating covert and overt surveillance of employees in the workplace. In both cases, however, the Controller considers that the nature of its activities and the purpose of the operation of the CCTV system (see below) reasonably entitles it to interfere with the rights of the persons recorded and, therefore, its interests outweigh the interests and rights of the data subjects.
Purpose of processing
The purpose of the processing is in particular to ensure compliance with work procedures in terms of occupational health and safety in the facilities of the Administrator, where chemical and other substances are handled, as well as to protect the property of the Administrator and other persons from other illegal or criminal activities.
Ensuring security on the premises of the Administrator with the help of a camera system is really necessary with regard to the activities of the Administrator. The administrator carries out activities in the field of refining of precious metals, production of semi-finished products and products made of precious and base metals, production of jewellery alloys for the jewellery industry, jewellery and metalworking, production of homogenizers and mixers for the glass industry, production of laboratory tools, chemical and physical analysis, electroplating, production of chemical compounds based on precious metals, purchase, processing of waste containing precious metals, etc.
The operation of the camera system and the related processing of personal data of recorded persons is also carried out in order to fulfill the Administrator’s obligation to the landlord IP Vestec s.r.o., with registered office at Vídeňská 104, 252 50 Vestec, ID No.: 08271631 to ensure the safety (protection and security) of the premises at the same address.
The purpose of the operation of the CCTV system is therefore to prevent undesirable phenomena, especially against entry and unauthorized stay in the building, especially in places that may be dangerous to health.
Record retention period
The camera system takes video recordings, the storage period of which usually does not exceed 14 days. If there is no other legal reason for keeping the recordings, they are destroyed. A record of the captured incident is retained for as long as necessary for the investigation of the case and for legal protection.
Method of processing personal data
A CCTV system is an automatically operated permanent technical system enabling the acquisition and storage of video recordings from monitored locations. The content of image records may therefore include personal data of the recorded persons – their appearance and visual information about their behaviour and actions.
No audio recording is made by the camera system.
The controller does not foresee the transfer of personal data to other countries, this will not occur. Exceptions may be foreign disputes or foreign criminal and misdemeanour proceedings.
Monitored area and marking of the camera system
The camera system is located both on the premises and in the production or production facilities. sales premises. Cameras are placed in these areas both outside and inside the buildings to capture all critical areas.
A detailed description of the camera system is not publicly available for security reasons.
The monitored area is clearly marked at all main entrances to the premises of the Administrator with information signs, where all persons entering the area are aware of the fact that all activities in the monitored area can be recorded. On the other hand, in order to provide a comfort and private zone, the Administrator clearly informs on information boards inside the buildings about the areas (changing rooms, toilets, etc.) that these areas are not monitored.
The security agency that oversees the entire campus, or its employees, have access to the cameras and their online monitoring, but they do not have access to their footage. In terms of the GDPR, the Agency is in the role of a personal data processor and the Controller has a contract with this processor for the processing of personal data in accordance with the GDPR.
Possibility of transferring records outside the Administrator
Under certain circumstances, recordings made by the CCTV system containing personal data of the data subjects may be handed over to law enforcement authorities (police, prosecutor’s office, court), court or other state or local government authorities dealing with misdemeanours on the basis of statutory rules or even to an insurance company. Similarly, personal data of the data subject may be transmitted to the data subject himself or herself on the basis of his or her request for access to the personal data in accordance with Article 15(1) of Directive 95/46/EC. 1 GDPR. Each transfer of data is instructed by a person authorised by the Administrator, resp. responsible for the operation of the camera system and a record of each such handover is made in the Administrator’s operating log.
It is not possible to retain records in any other way (other than the transfer or segregation of a particular record outside of the standard expiration deletion procedure for possible evidence, defense of legal claims, etc.) for a period longer than that specified above.
Taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the differently likely and differently serious risks to the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in question.
Rights of the data subject
Each data subject, i.e. the person whose personal data is recorded by the camera system, has the following rights in relation to the Controller:
- the right to obtain information about what personal data is being processed about the data subject,
- request access to your personal data,
- the right to rectification of your personal data,
- the right to have your personal data erased,
- the right to restrict the processing of your personal data,
- the right to object to processing,
- the right to the portability of your personal data,
- the right to lodge a complaint with the Office for Personal Data Protection.
You can file a complaint with the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Praha 7, mailbox ID: qkbaa2n, e-mail: email@example.com, telephone: +420 234 665 111.