VIVO!_Cluj_Inside2.png

INFORMATIONAL NOTE REGARDING THE PROCESSING OF PERSONAL DATA - VIDEO SURVEILLANCE SYSTEM

Because ensuring the protection of your personal data processing is an extremely important objective for us, we have made all necessary efforts to comply with and align with the standards imposed by EU Regulation 2016/679 ("Regulation").

  1. Identification Data of the Data Controller
    The data controller is POLUS TRANSILVANIA INVESTMENT COMPANY S.A., a joint stock company with its registered office in Romania, Cluj County, Florești locality, Avram Iancu Street, No. 492-500, registered with the Trade Registry Office under registration number J12/1492/1997, having Fiscal Registration Code RO 9693652, represented by CBRE REAL ESTATE CONSULTANCY SRL, with its registered office in Bucharest, sector 1, Calea Floreasca, No. 165, One Tower of Bucharest Building, Splaiul No. 1, Office No. 1, 14th Floor, registered with the Trade Registry Office under registration number J40/6638/1997, having Fiscal Registration Code RO 9730670, Account: RO63 RZBR 0000 0600 0523 5901, opened at Raiffeisen Bank, Bucharest. And can be contacted at the email address: reception@vivo-shopping.com

  2. Definitions
    Data Processing Activities - any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
    Personal Data - any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities to which personal data may be disclosed in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
    Controller - a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
    Processor - a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;

  3. Description of Personal Data Processing Activities
    VIVO! Cluj-Napoca, through video surveillance systems, collects and processes video recordings for the purpose of ensuring the security of persons and property, as well as the protection of assets, real estate, valuables, and personal belongings of customers and visitors, as well as tenants, and for the prevention and combating of crime.
    The surveillance system is not used to monitor the activities of customers, employees, or collaborators or for employee attendance tracking, the sole purpose being to increase security.
    The existing video system was installed following risk analysis and is operated by a licensed security company. The monitored video areas include:
    • access areas and public spaces,
    • restricted access areas,
    • parking lot,
    • surroundings of buildings to protect exterior spaces, merchandise unloading areas, and storage areas,
    • places for storage, warehousing, and handling of goods.
    Areas with a high expectation of privacy, such as offices, toilets, or similar locations, are not monitored.
    All monitored areas have signs warning of video surveillance.

  4. Categories of Personal Data Subject to Processing Activities
    Through the video surveillance system, only the image of the data subject and the license plate numbers of the cars parked in the VIVO! Cluj-Napoca parking lot are processed.

  5. Legal Basis for Personal Data Processing Activities
    5.1.1. The processing of personal data through the video surveillance system is carried out based on Article 6(1)(c) of the Regulation "processing is necessary for compliance with a legal obligation to which the controller is subject" and based on Article 6(1)(f) of the Regulation, "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party".
    Also, the processing of personal data is carried out in compliance with the current legislative acts.

  6. Transfer of Personal Data
    In order to fulfill the obligations imposed by the current legislative acts, your personal data may be transmitted to national authorities, supervisory authorities or security service providers, as well as to the company managing VIVO! activity.
    The controller shall inform the data subject of the identity of the recipients in case of transfers of personal data that have not been detailed in this document.

  7. Measures to Protect the Confidentiality of Personal Data
    Personal data will be collected and processed in accordance with the standards imposed by the current legislative acts and the policies and procedures adopted by VIVO!.
    If third-party services are used in the data processing process, they will undergo a verification process before any processing activities, aimed at ensuring compliance with the standards imposed by the current legislative acts and the policies and procedures adopted by VIVO!.
    Furthermore, in order to ensure the confidentiality of the collected personal data, the controller has implemented the following measures:
    • limiting the storage time of images according to legal requirements;
    • restricted physical access to areas where storage media containing recorded images are located and where video images can be viewed;
    • limiting access to real-time streaming images to designated security personnel/agents;
    • logical access control to recordings.
    • training on data confidentiality requirements for individuals viewing real-time images or accessing recorded images;
    • contractual or agreement assurance that authorized persons implement technical and organizational measures to protect data.

  8. Data Storage Period
    The storage period of personal data is determined by the period necessary to achieve the purposes for which the data was collected and in compliance with the deadlines imposed by the current legislation. The storage period is in accordance with legal requirements, being 20 days, after which the images are automatically deleted in the order in which they were recorded. In the event of a security incident or upon receipt of a justified request from the authorities, the storage period of the images may exceed normal limits depending on the time required for further investigation of the security incident or resolution of the request received.

  9. Rights of the Data Subject
    9.1. Right of Access by the Data Subject
    The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed, and, if so, access to that data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

    • where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period.

    9.2. Right to Rectification
    The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

    9.3. Right to Erasure ("Right to be Forgotten")
    The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; • the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; • the data subject objects to the processing and there are no overriding legitimate grounds for the processing; • the personal data have been unlawfully processed; • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation. Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

    9.4. Right to Restriction of Processing
    The data subject has the right to obtain from the controller restriction of processing where one of the following applies: • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; • the data subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.

    9.5. Right to Notification Regarding Rectification, Erasure, or Restriction of Processing
    The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

    9.6. Right to Lodge a Complaint with a Supervisory Authority
    Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the Regulation.

    In Romania, the contact details of the supervisory authority for data protection are as follows: • National Supervisory Authority for Personal Data Processing - 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania; Phone: +40.318.059.211 or +40.318.059.212; Email: anspdcp@dataprotection.ro

    1. Right of the Controller to Modify this Information Note
      The controller reserves the right to modify this information document at any time, for any reason, and without notice, unilaterally. Any modification to the privacy information will be available for consultation at the Information Desk and displayed on the website https://vivo-shopping.com/ro/cluj-napoca/. Without affecting your right to contact the supervisory authority at any time, you can contact us in advance at the email address: reception@vivo-shopping.com.
     
     
     
     
     
     
VIVO! IS AN IMMOFINANZ AG brand

Behind the VIVO! brand lies a successful real estate group with extensive shopping centre experience.

THE OWNER: IMMOFINANZ is a commercial real estate group whose activities are focused on the retail and office segments of seven core markets in Europe: Austria, Germany, Czech Republic, Slovakia, Hungary, Romania and Poland. The core business covers the management and development of properties, whereby the STOP SHOP (retail), VIVO! (retail) and myhive (office) brands represent strong focal points that stand for quality and service. The real estate portfolio has a value of approx. EUR 5.1 billion and covers more than 220 properties. IMMOFINANZ is listed on the stock exchanges in Vienna (leading ATX index) and Warsaw. Further information under:https://www.immofinanz.com

© 2024 IMMOFINANZ AG. All rights reserved.