Privacy Statement on the Processing of Personal Data in Camera Surveillance
In this privacy statement, it is described how and what personal data Temet Group Oy and its companies (hereafter referred to as Temet) collect, manage, and protect in connection with camera surveillance when acting as the data controller. This privacy statement also describes to which parties personal data may be disclosed and how you, as a data subject, can influence the processing of your personal data. This privacy statement is intended for Temet's personnel and individuals working or visiting premises located in Finland.
Temet complies with data protection legislation when processing personal data. Data protection legislation refers to the applicable data protection laws, such as the General Data Protection Regulation (2016/679) of the European Union ("GDPR") and the national Data Protection Act (2018/1050). Terms related to data protection that are not defined in this privacy statement are interpreted in accordance with the data protection legislation.
1. Data controller
The entity responsible for the processing of personal data as referred to in this privacy notice is as follows:
Temet Group Oy (Business ID: 3108487-6)
Hannuksenpelto 3, 02270 Espoo
Tel: 0207 600 700
2. Register name
Temet Group Oy's Camera Surveillance Register
3. Contents of the Register and Purposes and Legal Bases for Processing Personal Data
The camera surveillance register collects and processes video footage of individuals moving in the surveillance areas of the properties. The purpose of the footage is to identify individuals in connection with crimes, thefts, or other security-related incidents. The purpose of the collected personal data is to prevent and detect unauthorized movement of external individuals in areas closed to outsiders, prevent and detect thefts of equipment, tools, and software owned by Temet when the financial damage is significant, prevent injury or harm to individuals caused by automatic machinery, monitor automated production, and ensure that the placement and operation of cameras is planned in such a way that employees or other persons in the area are not unnecessarily recorded.
Temet only processes personal data when there is a legal basis for doing so. The legal basis depends on the specific personal data and the circumstances, in which they are processed.
Temet processes personal data collected through camera surveillance based on the following grounds:
- Temet collects and processes personal data based on legitimate interest to prevent crimes. When processing is based on legitimate interest in accordance with Article 6 of the GDPR, we carefully assess with experts that such processing is in line with the rights of the data subject.
- Temet may process personal data of visitors based on consent.
- Temet processes personal data based on legal obligations when personal data is provided to authorities upon request for the investigation and resolution of crimes.
- Temet processes personal data of its personnel based on employment contracts between Temet and its employees.
4. Data sources of personal data
Personal data is collected through Temet's camera systems as individuals (employees and visitors) move or work within Temet's properties or their outdoor areas. The register collects video and image data of the data subjects. Additionally, the register records the location data of the filmed individual as well as possible vehicle information, such as license plate numbers, at the time when there is a need to identify the data subject from the video or image material.
5. Processing and disclosure of personal data
Personal data is stored securely in a database. Only individuals specifically designated by the data controller have the right to process personal data, and such data is only processed when a legal basis for processing is met.
Personal data may be disclosed within the limits allowed by the applicable laws. Data is disclosed only for the purposes outlined in this privacy statement. Personal data may be disclosed to third parties, such as authorities, upon their request (for example, in connection with an official investigation), when the law requires the data controller to do so, or to enforce the rights of the data controller, as allowed by law.
Personal data may also be disclosed to other authorities or equivalent parties who have the legal right to access such information, within the limits and obligations set by the applicable laws.
6. Transfer of Data Outside the EU or EEA
The personal data described in this privacy statement is not transferred outside the EU or EEA (European Economic Area)
7. Security of Processing Personal Data
Temet maintains appropriate and adequate technical and physical safeguards designed to protect the personal data collected by Temet from illegal or unauthorized destruction, alteration, use, disclosure, or loss. Only authorized individuals have access to the personal data described in the privacy policy, and their right to use the data is based on the need-to-know principle. Temet requires all employees who have access to any personal data to handle the data with absolute confidentiality.
8. Data Retention Period
Unless otherwise required by mandatory legislation, data is retained for as long as necessary to fulfill the purposes described in the privacy policy or to satisfy a legal claim.
Temet regularly assesses the necessity of video surveillance in its security operations, the need to retain personal data generated in connection with it, and the legal basis for processing, as part of risk assessments. Temet also takes all reasonable measures to ensure that inaccurate, incorrect, or outdated personal data, in relation to the purposes of processing, is promptly deleted or corrected.
9. Rights of the Data Subject
The data subject has the following rights:
- Access right. The data subject has the right to obtain confirmation from the data controller whether personal data concerning them are being processed and to access the personal data we have stored. Personal data can be accessed by requesting the information via email at tietosuoja@temet.com.
- Right to rectification. The data subject can request the correction of inaccurate or incomplete information concerning them.
- Right to restriction. The data subject can request us to restrict the processing of their personal data if they believe that their personal data have been processed unlawfully or if the data subject disputes the accuracy of their personal data.
- Right to object. The data subject has the right to object at any time to the use of their data for direct marketing purposes. We will process the data subject's request to object to the use of their personal data for purposes other than direct marketing, after which we will either cease processing the personal data or provide a justified reason for continuing the processing of the data.
- Right to erasure. The data subject has the right to request the deletion of data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a justified reason for not being able to delete the data.
- Right to data portability. The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller if the processing is based on consent or a contract between the data controller and the data subject, and the processing is carried out by automated means. We will process the request for transfer, after which we will either transfer the data or provide a justified reason for not being able to transfer the data.
- Right to lodge a complaint. The data subject has the right to lodge a complaint with a supervisory authority if he/she considers that the processing of personal data beaches his/her rights pursuant to applicable law. Office of the Data Protection Ombudsman https://tietosuoja.fi/en/contact-information
10. Changes to the privacy statement
Due to the development of services and systems, the privacy statement can be updated and changed. Changes can also be based on changes in legislation.