The GD Gép és Daru Rakodástechnikai Gépgyártó és Kereskedelmi Kft. (registered office: 1119 Budapest, Kelenvölgyi Határsor 5. Company registration number: 01-09-693138) as an employer (Employer) and as a data controller (Data Controller) is subject to the provisions of the 2011. CXII of 2011 (Info Act), the following clear and detailed information is provided in connection with the camera system operated on the Employer’s premises and the following rules are established.
I. Data Controller’s Data:
Data Controller Company name: GD Gép és Daru Rakodástechnikai Gépgyártó és Kereskedelmi Kft.
Data Controller’s registered office: 1119 Budapest, Kelenvölgyi határsor 5.
Data Controller’s place of business: 6050 Lajosmizse, Gyártelep 2.
01-09-693138 Commercial Court of the Metropolitan Court of Budapest
E-mail address of the data controller: gd@gepesdaru.hu
Data Controller’s website address: www.gepesdaru.hu
Controller’s telephone number: +36-1-371-2800
Main data processing activities of the Data Controller: creation, use, storage, organisation and transmission of audio and video recordings.
II. Scope, types, source and legal basis of personal data processed:
Scope, type: image recording (video recording)
Source: collection, recording and storage of personal data relating to the employment-related conduct of the data subjects (Employer or Employees), with appropriate information (notification), directly by the persons concerned, through voluntary provision of data.
Legal basis for processing:
– Employer’s right to control the Employee’s (data subject’s) conduct directly related to the employment relationship (Section 11 (1) of the Labour Code Act I of 2012 (Labour Code Act I of 2012).
– consent (Info tv. Article 5(1)(a) of the Info Act).
III. Purpose of data processing and operation of the camera system:
On the basis of the principles of proportionality, fair processing and purpose limitation, and subject to respect for the privacy rights of Employees, the sole purposes for which the camera system is operated are:
– To protect the Employer’s assets properly, to prevent criminal offences against property and to ensure the security of persons and property;
– to monitor and avoid situations that endanger life and limb;
– the verifiability of compliance with the rules on occupational safety and health;
– investigating facts in order to establish possible liability.
IV. Method of data processing and rules for operating the camera system
The Data Controller uses the camera surveillance in a manner respectful of human dignity, and therefore does not monitor places (e.g. changing rooms, showers, toilets) where the use of the camera system could offend human dignity. The camera system operates on a closed-circuit network with a 7/24-hour continuous operation.
V. Location of data processing (storage of recordings) and areas monitored by cameras:
Place of data processing: 6050 Lajosmizse, Gyártelep 2.
The camera system is used to monitor access to and egress from the Employer’s premises: 6050 Lajosmizse, Gyártelep 2.
The location of the cameras is indicated by warning signs.
The Employer shall not operate a camera that exclusively monitors Employees.
VI. Data Security Measures:
The Data Controller has implemented appropriate technical and organisational measures to protect personal data in compliance with the provisions of the Info Law. The measures concern the following areas:
– unauthorized access and disclosure;
– Unauthorised disclosure and unauthorised alteration;
– data transmission between networks;
– deletion or accidental or unauthorised destruction of data;
– damage or potential loss.
The data are stored in paper and electronic archives, with full respect of basic security standards.
VII. Access to data:
Only the Employer’s manager or the Employer’s designated employees and persons authorised by law (e.g. the police) are entitled to handle and access the camera recordings.
Persons designated by the Employer as authorised to view the recordings are János Kutasi, Managing Director, Csaba Bakos, Deputy Managing Director.
The Employer shall inform the Employees of any changes to the persons authorised to view the recordings.
VIII. Data transmission
Data may only be transferred to the authorities and other organisations (e.g. police, labour protection authority, legal representative) for the purposes described above and only to the extent required by law. The Employer shall not transfer data to any other person or organisation.
IX. Duration of data processing (storage of recordings):
The maximum period of processing allowed by law is 72 hours. The personal data may not be processed for longer than the purpose for which they were collected and, in any case, may only be processed until the data subject objects to further processing or withdraws his or her consent.
X. Rights and remedies of the data subject:
You as an Employee have the following rights in relation to the personal data processed:
– Request information about the processing of your personal data;
– You may object to the processing of your personal data;
– request the rectification of your personal data; and
– request the erasure or blocking of your personal data.
At the request of the data subject, the Controller shall provide the information in accordance with the request for information, without delay, but not later than 25 days, in an intelligible form and in writing. In the event of an objection, the Data Controller shall, within the shortest possible period of time from the date of the request, but not later than 15 days, examine the grounds for the objection, decide whether the objection is justified and inform the applicant in writing of its decision.
In case of rectification, blocking, marking and erasure of data, the Data Controller shall notify the data subject (the notification may be waived if this does not prejudice the legitimate interests of the data subject having regard to the purposes of the processing).
Where the Controller refuses a request for rectification, blocking or erasure by the data subject, it shall, within 30 days of receipt of the request, communicate in writing or, with the consent of the data subject, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure. In case of refusal of a request for rectification, erasure or blocking, the person concerned shall have the right to judicial remedy and the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH). However, it is advisable to contact the Data Controller directly before resorting to judicial or administrative recourse.
The contact details of the Data Controller are set out in Section I.
The person concerned has the following means of redress:
– Contacting the NAIH (postal address: 1530 Budapest, Pf.5.; address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; email: ugyfelszolgalat@naih.hu.; website address: http://www.naih.hu);
Initiation of legal proceedings in the event of infringement of the rights of the data subject or in the event of disagreement with the decision of the Data Controller on an objection relating to the processing, or if the Data Controller fails to comply with the time limit of 15 days or less (within 30 days of the notification of the decision or the last day of the time limit). The legal proceedings may be brought before the competent district court; at the option of the data subject, the proceedings may also be brought before the district court of the place of residence or domicile of the data subject. The rights of the person concerned under the above may be restricted by law in the interests of the external and internal security of the State, such as defence, national security, the prevention or prosecution of criminal offences, the security of law enforcement, or in the economic or financial interests of the State or of a municipality, important economic or financial interests of the European Union, and for the purpose of preventing and detecting disciplinary or ethical offences, including in all cases of control and supervision, in connection with the exercise of professional activities, labour law offences and infringements of labour law and the protection of the rights of the data subject or of others.