Information on the processing of personal data in connection with the operation of the CCTV system
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on informing data subjects (hereinafter referred to as "GDPR"), we hereby inform you how our company UNICA, spol. s r.o., 449 60 867, registered in the Commercial Register kept by the Regional Court in Brno, file number C 3990,, as the personal data controller (hereinafter referred to as "the controller" or also "we") processes your personal data and about the rights and obligations associated with it.
The premises in and around our medical facility in the Office Park Nové Butovice - Building C at Bucharova 2657/12, 158 00 Prague 13, are imaged by a camera system with a recording device with continuous operation, which captures video footage.
Personal data controller
The controller of your personal data is our company UNICA, spol. s r.o., with its registered office at Barvičova 833/53, Stránice, 602 00 Brno, ID No.: 449 60 867, registered in the Commercial Register maintained by the Regional Court in Brno, file number C 3990.
In connection with the processing of personal data, you can contact us through our Data Protection Officer, who has been appointed by LAWYA, s.r.o., with registered office at Březinova 746/29, Žabovřesky, 616 00 Brno, ID No.: 023 22 021, through the contact person Mgr. Ivana Šilhánková, silhankova@lawya.cz, +420 770 606 082, or via the following contact details: IVF-Brno@unica.cz.
Purpose of personal data processing
We operate the camera system in order to protect the life and health of persons on the company's premises and to protect our company's property as well as the property of third parties on the company's premises. The purpose of operating the CCTV systems is also to protect the information system containing mainly sensitive personal data of clients, patients and other subjects.
The processing of your personal data for purposes other than those mentioned above will only take place if such processing is compatible with the above purposes (for example, the use of recordings to defend legal claims or the transfer of recordings for the investigation of offences or crimes by public authorities).
Legal basis for the processing of personal data
The legal basis for the processing of your personal data is within the meaning of Article 6(1)(f) of the GDPR, to the extent necessary to protect the legitimate interests of the controller and persons present in the controller's premises. The legitimate interest of the controller is to protect the facilities, objects and assets of the company and the data processed by the company.
The processing of your data is permissible here unless the protection of your interests, fundamental rights and freedoms overrides the legitimate interests of the controller. The controller has taken the necessary technical and organisational measures to balance the interests of the controller and the data subjects and to ensure the protection of the privacy and personal data of the subjects. These measures include, in particular: setting up the camera system, automatic deletion of camera recordings after a set period of time, absence of automatic recognition functions, transparent information to the subjects about the operation of the camera system, restriction of access to camera recordings, etc.
Categories of personal data
Personal data are processed within the scope of the camera footage, i.e. the processing of video footage of the movement of persons in the vicinity of the installed cameras. The camera system is installed in the publicly accessible internal areas of the administrator, on the external shell of the administrator's building and also at the entrances and entrances to the administrator's buildings. The CCTV system does not record public traffic. CCTV systems are not installed in any private areas such as changing rooms or toilets.
Recipients of personal data and transfer of personal data to third countries
The data controller will only transfer your personal data to other entities (so-called recipients of personal data) if the event for which the personal data is collected occurs (e.g. damage to the controller's property or unauthorized entry into the controller's premises, etc.). For this purpose, the controller transmits personal data captured by the CCTV system to public authorities, in particular to law enforcement authorities or authorities dealing with offences. We do not transfer your personal data to third countries outside the European Union.
How long do we keep your personal data?
The footage captured by the CCTV system is automatically overwritten by a time loop, with a maximum retention period of 72 hours. In the event that an event occurs for which personal data is collected (e.g. damage to the controller's property or unauthorised entry to the controller's premises, etc.), the recordings will be retained for as long as necessary.
What are your rights when processing personal data?
Your data protection rights are governed by Chapter III (Articles 12 et seq.) of the European General Data Protection Regulation (GDPR). Under these provisions, you have the following rights:
The right of access to personal data with the controller under the conditions set out in Article 15 of the GDPR;
The right to rectification of personal data under the conditions set out in Article 16 of the GDPR;
The right to erasure of personal data ("right to be forgotten") under the conditions set out in Article 17 of the GDPR;
The right to restrict the processing of personal data under the conditions set out in Article 18 of the GDPR;
The right to object to the processing of personal data (specifically processing carried out in the public interest or on the basis of a legitimate interest of the controller) under the conditions set out in Article 21 of the GDPR;.
The right to lodge a complaint with a supervisory authority, where the competent supervisory authority for the protection of personal data in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, tel. +420 234 665 111, e-mail: posta@uoou.cz.
How can I exercise individual rights?
In all matters related to the processing of your personal data, whether it is an inquiry, exercising a right, filing a complaint or anything else, you can contact the Data Protection Officer, which is LAWYA, s.r.o., with registered office at Březinova 746/29, Žabovřesky, 616 00 Brno, ID No.: 023 22 021, through the contact person Mgr. Mgr. Ivana Šilhánková, silhankova@lawya.cz, +420 770 606 082, or at the contact details listed in the header of this document.
Your request will be processed without undue delay, but within one month at most. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any such extension and the reasons for it.