INFORMATIONAL NOTE REGARDING THE PROCESSING OF PERSONAL DATA - VIDEO SURVEILLANCE SYSTEM
Because ensuring the protection of your personal data processing is an extremely important objective for us, we have made all necessary efforts to comply with and align with the standards imposed by EU Regulation 2016/679 ("Regulation").
-
Identification Data of the Data Controller
The data controller is POLUS TRANSILVANIA INVESTMENT COMPANY S.A., a joint stock company with its registered office in Romania, Cluj County, Florești locality, Avram Iancu Street, No. 492-500, registered with the Trade Registry Office under registration number J12/1492/1997, having Fiscal Registration Code RO 9693652, represented by CBRE REAL ESTATE CONSULTANCY SRL, with its registered office in Bucharest, sector 1, Calea Floreasca, No. 165, One Tower of Bucharest Building, Splaiul No. 1, Office No. 1, 14th Floor, registered with the Trade Registry Office under registration number J40/6638/1997, having Fiscal Registration Code RO 9730670, Account: RO63 RZBR 0000 0600 0523 5901, opened at Raiffeisen Bank, Bucharest. And can be contacted at the email address: reception@vivo-shopping.com -
Definitions
Data Processing Activities - any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Personal Data - any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities to which personal data may be disclosed in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Controller - a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor - a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller; -
Description of Personal Data Processing Activities
VIVO! Cluj-Napoca, through video surveillance systems, collects and processes video recordings for the purpose of ensuring the security of persons and property, as well as the protection of assets, real estate, valuables, and personal belongings of customers and visitors, as well as tenants, and for the prevention and combating of crime.
The surveillance system is not used to monitor the activities of customers, employees, or collaborators or for employee attendance tracking, the sole purpose being to increase security.
The existing video system was installed following risk analysis and is operated by a licensed security company. The monitored video areas include:
• access areas and public spaces,
• restricted access areas,
• parking lot,
• surroundings of buildings to protect exterior spaces, merchandise unloading areas, and storage areas,
• places for storage, warehousing, and handling of goods.
Areas with a high expectation of privacy, such as offices, toilets, or similar locations, are not monitored.
All monitored areas have signs warning of video surveillance. -
Categories of Personal Data Subject to Processing Activities
Through the video surveillance system, only the image of the data subject and the license plate numbers of the cars parked in the VIVO! Cluj-Napoca parking lot are processed. -
Legal Basis for Personal Data Processing Activities
5.1.1. The processing of personal data through the video surveillance system is carried out based on Article 6(1)(c) of the Regulation "processing is necessary for compliance with a legal obligation to which the controller is subject" and based on Article 6(1)(f) of the Regulation, "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party".
Also, the processing of personal data is carried out in compliance with the current legislative acts. -
Transfer of Personal Data
In order to fulfill the obligations imposed by the current legislative acts, your personal data may be transmitted to national authorities, supervisory authorities or security service providers, as well as to the company managing VIVO! activity.
The controller shall inform the data subject of the identity of the recipients in case of transfers of personal data that have not been detailed in this document. -
Measures to Protect the Confidentiality of Personal Data
Personal data will be collected and processed in accordance with the standards imposed by the current legislative acts and the policies and procedures adopted by VIVO!.
If third-party services are used in the data processing process, they will undergo a verification process before any processing activities, aimed at ensuring compliance with the standards imposed by the current legislative acts and the policies and procedures adopted by VIVO!.
Furthermore, in order to ensure the confidentiality of the collected personal data, the controller has implemented the following measures:
• limiting the storage time of images according to legal requirements;
• restricted physical access to areas where storage media containing recorded images are located and where video images can be viewed;
• limiting access to real-time streaming images to designated security personnel/agents;
• logical access control to recordings.
• training on data confidentiality requirements for individuals viewing real-time images or accessing recorded images;
• contractual or agreement assurance that authorized persons implement technical and organizational measures to protect data. -
Data Storage Period
The storage period of personal data is determined by the period necessary to achieve the purposes for which the data was collected and in compliance with the deadlines imposed by the current legislation. The storage period is in accordance with legal requirements, being 20 days, after which the images are automatically deleted in the order in which they were recorded. In the event of a security incident or upon receipt of a justified request from the authorities, the storage period of the images may exceed normal limits depending on the time required for further investigation of the security incident or resolution of the request received. -
Rights of the Data Subject
9.1. Right of Access by the Data Subject
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed, and, if so, access to that data and the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;