VIDEO SURVEILLANCE NOTICE
Pursuant to Article 13 of EU Regulation No. 2016/679
Cutlite Penta S.R.L., headquartered at Via Baldanzese No. 17, 50041 – Calenzano (FI), as the Data Controller, hereby informs data subjects about the purposes and methods of processing personal data collected through video surveillance systems installed at the company’s premises and facilities, duly indicated by appropriate signage.
1. DATA CONTROLLER AND DPO
(This section specifies our contact information)
Holder | Cutlite Penta s.r.l. with registered office in Calenzano (50041 – FI), Via Baldanzese n. 17, represented by the Chairman of the Board of Directors in charge, to be contacted at privacy@cutlitepenta.com |
Data Controller
Cutlite Penta S.R.L., headquartered at Via Baldanzese No. 17, 50041 – Calenzano (FI), represented by the current Chairman of the Board, contactable at privacy@cutlitepenta.com
2. TYPES OF DATA PROCESSED
(This section describes the types of data we process)
Type of Data | Details |
Common personal data related to video surveillance | The video surveillance systems temporarily record video footage that, depending on the camera locations, may capture individuals and vehicles passing through the monitored area. |
These data are processed electronically to ensure appropriate security and confidentiality measures. |
3. PURPOSE OF PROCESSING
(This section explains the purpose of data processing)
Purpose | Nature of Data Provision | Legal Basis |
Protection and safeguarding of company assets | Mandatory | Legitimate interest |
Protection and safety of personnel and visitors | Mandatory | Legitimate interest |
Organizational and production needs | Mandatory | Legitimate interest |
Providing the data necessary to achieve these purposes is mandatory, and any refusal may result in the individual being unable to access the monitored area.
The video surveillance system only collects data strictly necessary to achieve the stated purposes, limiting the camera’s field of view to avoid capturing irrelevant, enlarged, or unnecessary details.
4. DATA RECIPIENTS
(This section specifies who will process the data and to whom it may be disclosed)
Data Recipients Within the Company | External Data Recipients |
Employees and personnel expressly designated and authorized to access the data | Judicial authorities |
System maintenance company | Law enforcement agencies |
Security service providers | Local entities Insurance companies |
Trade unions (only for employee-related processing) |
The processed data will not be disseminated or shared with third parties outside of companies that act as external data processors on behalf of the Data Controller. These companies have signed a specific agreement that regulates their processing activities. The updated list of these entities is available upon request from the Data Controller or the DPO.
5. DATA RETENTION PERIOD AND STORAGE METHODS
(This section specifies how long the data will be stored and how it will be managed)
Purpose with Mandatory Data Provision | 72 h |
Except in cases requiring extended retention for judicial investigations |
The surveillance system is programmed to automatically delete footage by overwriting it, rendering the overwritten/deleted data unusable.
6. DATA SUBJECTS’ RIGHTS
(This section describes the rights that data subjects may exercise)
EU Regulation 2016/679 (Articles 15-23) grants data subjects specific rights regarding the processing of their personal data. In particular, regarding the data processing described in this notice, data subjects have the right to request access to their personal data from the Data Controller (considering the nature of the data, this right must be balanced with the privacy rights of third parties and the Data Controller) and request restriction or deletion of data if processing violates applicable regulations.
Due to the nature of the processed data, rectification or modification cannot be requested, as it consists of recorded footage objectively capturing events. Similarly, data portability cannot be requested, nor objection to processing, as the processing is based on legitimate interest rather than consent or a contract.
Data subjects may file a complaint with the supervisory authority, which in Italy is the Garante per la Protezione dei Dati Personali.
7. ACCESS TO DATA
(This section explains how to request access to the data)
To access recorded footage, data subjects must submit a written and duly justified request to the Video Surveillance Manager, appointed by the Data Controller, who can be contacted at l.conti@cutlitepenta.it.
The request must specify the video surveillance system in question and the date and time when the individual may have been recorded.
If the requested footage exists, and after a positive outcome of a legitimate interest assessment conducted at the Data Controller’s discretion, the requester will be notified with details about when and where they can view the relevant footage.
