1. GENERAL PROVISIONS
2. DATA CONTROLLER AND CONTACT DETAILS
The controller of your personal data is the relevant entity from the CTP group (www.ctp.eu) managing the CTP building or park which you are visiting. Updated contact details and other information on the CTP group can be found at https://www.ctp.eu/contact/.
3. CCTV SYSTEM
3.1 CCTV description
Our CCTV systems usually consist of up to 20 cameras which may be located on the outside and inside of our buildings. The exact number and location of cameras depends on the particular building, park or other premises operated by the CTP group. The CCTV system may record external premises of the buildings owned by us, entry doors to the buildings, corridors and other publicly accessible spaces in the premises. The CCTV system monitors no private areas.
CCTV pictograms are placed at easily visible places by the entrances to our buildings, parks or other premises of the CTP Group.
3.2 Purposes of the processing and retention period
We process your personal data using a CCTV system with images monitored and recorded including visual images and your personal appearance.
We process these recordings to maintain the integrity and security of CTP managed buildings, their environs and of the assets contained within, including our property and the property of our tenants.
The legal basis for such processing is the protection of our legitimate interests (as defined by Art. 6(1)(f) GDPR) to protect the values and interests set out above.
Images captured by the system are coloured and recorded continuously. The recordings are retained as a continuous loop for 10 days, which is a period necessary for us to detect and investigate a potential incident. After this period, the recordings are deleted.
Certain parts of the recordings (including your personal data contained therein) may be selectively kept for a longer period in order to establish, exercise or defend our legal claims or due to other legitimate interest.
3.3 Tenants’ CCTV systems
All tenants are free to install their own CCTV systems and cameras (in accordance with our house rules) for which systems we bear no responsibility. We may also operate some cameras deployed by tenants (in their premises) in which case we act as a data processor for such tenant’s CCTV system and are not responsible for it.
For more information on processing carried out by such tenant, please contact them.
4 Identity of visitors and access AND parking system
4.1 Visitors of the buildings
For safeguarding purposes, we require all visitors of our buildings and premises (especially occasional visitors that are not permanently employed by our tenants) to identify themselves. We may process your personal in order to maintain accurate records of visitors of our premises and provide appropriate access arrangements.
For these purposes we may ask you to provide us with your name to allow us to check your ID. We may then store your name, date and time of your visit, host name, and information that your ID has been verified (we do not store details of your ID) and, potentially, information on your parking authorization.
The legal basis for processing your personal data is our legitimate interest, and the legitimate interests of our tenants, to ensure integrity and security of CTP managed buildings and of the assets contained, including our property the property of our tenants, and their environs.
Personal data relating to the verification of the identity of visitors are retained for one (1) month.
4.2 Access and parking system
We also operate access and parking system in our buildings that will allow you to park your car and access to the building without being checked as a visitor (see Section 4.1 above). For these reasons, the tenants may provide us with a certain data that will be linked to your parking and/or access card.
Please be informed that we are not responsible for the processing of your personal data related to these systems where we act as a mere data processor. For more information on processing of your personal data for these purposes, please contact the responsible tenant (be it your employer, vendor, contractor or business partner that has facilitated your access and/or parking card).
5 SHARING AND TRANSFER of PERSONAL DATA (RECIPIENTS OF PERSONAL DATA)
5.1 Recipients of Personal Data
CCTV system recordings as well as other personal data in our access or parking systems may be shared with certain third parties authorized to defend our legal claims or to ensure security of our tenants’ or our property, and also with certain public authorities. These recipients of personal data act as personal data processors or other controllers. Your personal data may be shared with:
- within the necessary scope, within the CTP Group for administrative purposes;
- security agencies in our buildings;
- IT providers of the CCTV, access and parking systems;
- external legal representatives bound by confidentiality obligation for the protection of our legitimate interests;
- public prosecution bodies, courts and administrative authorities in accordance with our legal duties.
6 DATA SECURITY
We have implemented and maintain appropriate technical and organizational measures, internal controls and information security processes in accordance with legal requirements and market standards corresponding to a possible threat to you as the data subject. We also take into consideration the state of technological development in order to protect your personal data from accidental loss, destruction, alterations, unauthorized disclosure or access. Such measures may, among other things, include taking reasonable steps to ensure the liability of relevant employees who have access to your data, training of employees, regular backups, procedures for data renewal and management of incidents, software protection for devices on which personal data are stored, etc.
7 YOUR RIGHTS AS A DATA SUBJECT
If you wish to exercise any of your rights according to this Article or according to applicable legislation, please contact us using the contact information listed in Article 2 above.
If you wish to exercise your rights towards personal data to which we have access only as a data processor (such as data stored in the access or parking systems), please contact the responsible tenant.
7.1 Access to your personal data
You have the right to request information whether and to what extent we process your personal data. You also have the right to receive personal data which you have provided to us and other personal data related to you.
The access to your data from the CCTV system, or a copy of this data, will be provided to you only in cases when such request does not adversely affect the rights and freedoms of third parties and where we are able to identify the part of the CCTV recording containing your personal data, based on the information you give us. Rights of third parties will be adversely affected particularly in situation when the requested part of the camera recording contains also personal data of these third parties.
7.2 Restriction of processing
If you request us to restrict the processing of your personal data, for example when you contest the accuracy, lawfulness or our need to process your personal data, we will limit processing of your personal data to a necessary minimum (storage), and if applicable we will only process this data to establish, exercise or defend legal claims or where necessary in order to protect the rights of other natural or legal person, or for other limited reasons required by the applicable law.. In case the restriction is lifted, and we continue processing your personal data, you will be informed accordingly without undue delay.
The request for restriction of processing can be made using the aforementioned contact information.
7.3 Objections to processing
You can object to data processing. If we do not demonstrate any compelling legitimate reasons for the processing which would override your interests or rights and freedoms, we will no longer process your personal data and will delete it without undue delay.
Objections to processing can be raised using the aforementioned contact details.
7.4 Complaint to a Data Protection Authority
You have the right to lodge a complaint pertaining to processing of data conducted by us with the competent data protection authority, i.e. in Czech Republic the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7; website: www.uoou.cz.