Skip to content

Information obligation regarding personal data processing — CCTV monitoring

1. The controller of personal data is Silevis Sp. z o.o. (hereinafter: "CONTROLLER"), with its registered office at: 25-007 Kielce, ul. Sienkiewicza 25/3, Poland. The Controller can be contacted in writing at: 25-007 Kielce, ul. Sienkiewicza 25/3 or via email at: hello@silevis.com.

2. The Controller has appointed a Data Protection Officer who can be contacted at the following email address: iodo@rt-net.pl.

3. Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

4. Processing is carried out in order to ensure the safety of persons and property in the area covered by CCTV monitoring, provided that the monitoring may not be used to monitor employees' work — Art. 6(1)(f) GDPR.

Area covered by monitoring:

  1. the area around the building, in particular: the car park adjacent to the building, the main entrance via the video intercom, the building entrance from the car park side;
  2. the interior of the building, in particular: the main entrance, corridors on all floors, staircase, event hall, exercise room, coworking rooms.

CCTV recordings will be stored depending on the volume of recorded data — until overwritten, but no longer than 30 days from the date of recording.

In cases where video recordings constitute evidence in proceedings conducted under the law, or where the employer has learned that they may constitute evidence in proceedings, this period shall be extended until the proceedings are legally concluded.

After these periods have elapsed, video recordings obtained through monitoring that contain personal data shall be destroyed.

5. Personal data does not originate from third parties.

6. The Controller does not intend to transfer data to a third country or international organisation.

7. The Controller does not intend to transfer personal data, and should this be necessary, it shall only be done on the basis of legal provisions or data processing entrustment agreements.

8. The data subject has the right to:

  1. request access to personal data, rectification, erasure, or restriction of processing;
  2. object to processing, as well as the right to data portability;
  3. lodge a complaint about the Controller's actions with the President of the Personal Data Protection Office.

9. The provision of personal data results from the legitimate interest of the Controller. Providing such data is mandatory due to entering the monitored area.

10. The Controller does not envisage automated decision-making.