Information Clause GDPR
Home > Information Clause GDPR > Information clause concerning the processing of personal data of employees in connection with visual monitoring
Information clause concerning the processing of personal data of employees in connection with visual monitoring
Pursuant to Article 13(1) and 13(2) of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) (hereinafter referred to as “GDPR”) we inform that:
1. Data Controller
The controller of your personal data is Polska Agencja Inwestycji i Handlu S.A. (PAIH) with its seat in Warsaw at ul. Krucza 50 (00-025 Warszawa), entered into the register of entrepreneurs of the National Court Register by the Capital City of Warsaw District Court, under the number KRS 0000109815 (hereinafter referred to as “Controller”). The Controller can be reached through the contact form on www.paih.gov.pl, by sending an email to: iod@paih.gov.pl, or by traditional mail at the address of the Controller’s seat stated above.
The controller of your personal data is Polska Agencja Inwestycji i Handlu S.A. (PAIH) with its seat in Warsaw at ul. Krucza 50 (00-025 Warszawa), entered into the register of entrepreneurs of the National Court Register by the Capital City of Warsaw District Court, under the number KRS 0000109815 (hereinafter referred to as “Controller”). The Controller can be reached through the contact form on www.paih.gov.pl, by sending an email to: iod@paih.gov.pl, or by traditional mail at the address of the Controller’s seat stated above.
2. Data Protection Officer
The contact person in all matters related to the protection of personal data and your rights is the Data Protection Officer. You can contact the Data Protection Officer by sending an e-mail to iod@paih.gov.pl or by traditional mail at the address of the Controller’s seat stated above with a note saying “c/o the Data Protection Officer.”
3. Purposes and grounds for processing personal data
Your personal data are processed for the purpose of ensuring security in the facility, protecting the assets of the Controller and maintaining the secrecy of information whose disclosure might prejudice the Controller, pursuant to Article 222 of the Labour Code – the legal basis for processing is the necessity of processing to achieve a legitimate interest of the Controller (Article 6(1)(f) of the GDPR in connection with Article 222 of the Labour Code).
The following areas are covered by visual monitoring: facility entrance, corridors and communication routes. Only the image from monitoring cameras, not the sound, is recorded. Monitoring does not extend to sanitary areas, cloakrooms, cafeterias, smoking rooms and premises assigned to the facility's trade union organisation. The Controller marks the monitored premises and areas in a conspicuous and legible manner, using suitable signs.
Your personal data are processed for the purpose of ensuring security in the facility, protecting the assets of the Controller and maintaining the secrecy of information whose disclosure might prejudice the Controller, pursuant to Article 222 of the Labour Code – the legal basis for processing is the necessity of processing to achieve a legitimate interest of the Controller (Article 6(1)(f) of the GDPR in connection with Article 222 of the Labour Code).
The following areas are covered by visual monitoring: facility entrance, corridors and communication routes. Only the image from monitoring cameras, not the sound, is recorded. Monitoring does not extend to sanitary areas, cloakrooms, cafeterias, smoking rooms and premises assigned to the facility's trade union organisation. The Controller marks the monitored premises and areas in a conspicuous and legible manner, using suitable signs.
4. Data recipients
The recipients of your personal data may be solely entities or authorities that have the right to receive your personal data in compliance with generally applicable provisions of law. Your personal data will not be transferred outside the European Economic Area.
5. The time for which personal data are stored
Recorded images are processed by the Controller solely for the purposes for which they were collected and stored for a period not exceeding 3 months from the recording date. Where recorded images are used as evidence in legal proceedings or the Controller learned that they could be so used, the deadline referred to above is extended until the final termination of proceedings. After the expiry of the above period, image recordings obtained via monitoring and containing personal data are to be destroyed, unless otherwise provided for in separate provisions.
6. Rights of data subjects
Pursuant to the GDPR, you have the following rights: the right to access data, to rectify data, to erase data, to restrict the processing of data, to object to the processing of data, to transfer data, and to file a complaint with the Chairman of the Personal Data Protection Office. You are entitled to these rights in the scope provided for in generally applicable provisions of law.
Pursuant to the GDPR, you have the following rights: the right to access data, to rectify data, to erase data, to restrict the processing of data, to object to the processing of data, to transfer data, and to file a complaint with the Chairman of the Personal Data Protection Office. You are entitled to these rights in the scope provided for in generally applicable provisions of law.
7. Information about required/voluntary submission of data
The submission of your data is voluntary, but required for your stay in the Controller’s facilities.
8. Information about automated decision-making, including profiling
The Controller will not use personal data to make automated decisions, including decisions that are the result of profiling, based on your personal data.
- Share:
