PRIVACY NOTICES FOR VIDEO SURVEILLANCE

The controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of the member states as well as other data protection regulations is  

EDAG Engineering GmbH  
Kreuzberger Ring 40  
65205 Wiesbaden  
Tel.: +49 611 7375-0  
Fax: +49 611 7375-265  
E-Mail: info(at)edag.com

The data protection officer of the controller can be contacted via 
 
E-mail: datenschutz(at)edag.com 

1. Description and scope of data processing  

1.1 The EDAG company and factory premises are not freely accessible. Access controls are installed in the form of intercom systems, among other things, which provide for the transmission of the current image after the doorbells are pressed. The relevant locations are labelled with the words "Attention video surveillance" and a camera symbol.  

1.2 In certain customer projects, video recording or live streaming of the assigned project rooms or project objects is a prerequisite for the requirements in the customer project. The focus of the recording is not on the persons concerned. These locations are also labelled with a sign.  

2. Legal basis for the processing of personal data 

2.1 The legal basis for the processing of personal data when using the above-mentioned intercom systems with image transmission is EDAG's overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in ensuring general security on the company and plant premises, safeguarding domiciliary rights, protecting property and prosecuting criminal offences, administrative offences, vandalism and other disturbances.  

2.2 The legal basis for the processing of personal data in video recordings or live transmissions of persons on occasion in internal projects is the legitimate interest (Art. 6 para. 1 lit. f GDPR) of EDAG in the fulfilment of customer requirements for information security, the protection of customer property and the traceability of project content.  

3. Purpose of data processing 

3.1 Data processing within the intercom systems serves the purpose of restrictive access control and thus the security of employees working on the company and factory premises, but above all also compliance with and safeguarding of domiciliary rights. Access by unauthorised persons is also penalised. This in turn serves, among other things, to protect the confidentiality of EDAG's business secrets, which external parties could come into contact with when accessing the company and plant premises. Access is therefore only to be granted to authorised persons.  

3.2 The purpose of using the system is to fulfil the client's information security requirements, to protect the client's property and to ensure the traceability of project content.  

4. Data erasure and storage duration 

4.1 When video data is collected as part of the intercom system, only the current image is transmitted after the doorbell is pressed. No further storage takes place. 

4.2 The deletion period for the client's video recording or live transmission is determined by the client's contractual regulations. The recorded data is deleted once the appropriation has expired. Live streaming can only be accessed in real time via a secure connection and are not stored. 

5. Recipient of the data 

Within our company, those departments that require your data to fulfil our contractual and legal obligations or the above-mentioned purposes will have access to it. Service providers and vicarious agents employed by us may also receive data for this purpose. 

EDAG transmits personal data to courts, security authorities or law firms, for example in the event of a violation of the house rules, suspicion of a criminal offence or if required by law, insofar as there is a legal obligation to do so pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR or if this is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.  

EDAG works together with service providers (so-called processors), such as service providers for IT maintenance services. These service providers only act on the instructions of EDAG and are contractually obliged to comply with the applicable data protection requirements. To this end, we conclude corresponding written data processing agreements with these service providers. 

6. Data transfer to third countries 

EDAG may transfer personal data to other EDAG Group companies for the above-mentioned purposes, but only if and insofar as this is necessary to fulfil the above-mentioned purposes.  

If we transfer personal data to service providers, clients or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate data protection regulations or EU standard contractual clauses) are in place. 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 

1. right to information 

You have the right to request information about your personal data that we process at any time within the scope of Art. 15 GDPR. 

2. right to rectification and completion 

If your personal data is incorrect or incomplete, you have the right to rectification and completion within the scope of Art. 16 GDPR. 

3. right to restriction of processing 

If the legal requirements are met, you can request a restriction on the processing of your personal data within the scope of Art. 18 GDPR. 

4. right to cancellation 

You can request the deletion of your personal data at any time within the scope of Art. 17 GDPR, unless we are legally obliged or authorised to continue processing your data. 

5. right to data portability 

If processing is carried out on the basis of your consent and using automated procedures, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. 

6. right of objection 

You have the right to object to processing within the scope of Art. 21 GDPR if the data processing is carried out for the purpose of direct marketing or profiling. You can object to processing on the basis of a balancing of interests by stating reasons arising from your particular situation. 

7. right to revoke the declaration of consent under data protection law 

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. 

8. right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.  

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. The competent supervisory authority here is in Hesse.