For the safety and security of its buildings, assets, staff and visitors, our company operates a video-surveillance system. This Video-surveillance Policy, along with its attachments, describes the company's video-surveillance system and the safeguards that the company takes to protect personal data, privacy and other fundamental rights and legitimate interests of those caught on the cameras.

How do we ensure that our video-surveillance system is designed with privacy and data protection concerns in mind and is compliant with data protection law?

Revision of the existing system.

A video-surveillance system had already been operating in our company before the EU General Data Protection Regulation (“GDPR”) came into effect on May 25, 2018. Our procedures, however, have since then been revised to comply with the GDPR.

Compliance status.

The company processes the images in accordance with the GDPR and national law. We based our procedures on the Video-Surveillance Guidelines by the European Data Protection Supervisor ("Guidelines").

Self-audit.

The system was subject to a self-audit. The audit report is available for authorized staff.

Contacts with the relevant data protection authority in the Member State.

The competent data protection authority in the Netherlands was informed and its concerns and recommendations were taken into account. In particular, this Video-surveillance Policy is also available in Dutch.

Director's decision and consultation.

The decision to use the current video-surveillance system and to adopt the safeguards as described in this Video-surveillance Policy was made by the Managing Director of the company after consulting:

​· the company's Privacy Officer,

​· and the Staff Committee / Workers Council.

During this decision-making process, the company

​· demonstrated and documented the need for a video-surveillance system as proposed in this policy,

​· discussed alternatives and concluded that the maintenance of the current video-surveillance system, after the adoption of the data protection safeguards proposed in this policy, ​is necessary and proportionate for the purposes described in Section 1 (see Guidelines, Section 5), and

​· addressed the concerns of the Privacy Officer and the Staff Committee / Workers Council (see Guidelines, Section 4).

Transparency.

The Video-surveillance Policy has two versions, a version for restricted use and this public version available and posted on our internet site at https://stcorp.nl/privacy. This public version of the Video- surveillance Policy may contain summary information with respect to particular topics or attachments. When this is the case, it is always clearly stated. Information is only omitted from the public version when the preservation of confidentiality is absolutely necessary for compelling reasons (e.g. for security reasons or to preserve the confidentiality of commercially sensitive information or to protect the privacy of individuals).

Periodic reviews.

A periodic data protection review will be undertaken by the security unit every two years, the first by 31 May 2020. During the periodic reviews we will re-assess that:

​· there continues to be a need for the video-surveillance system,

​· the system continues to serve its declared purpose, and

​· that adequate alternatives remain unavailable.

The periodic reviews will also cover all other issues addressed in the first report, in particular, whether our Video-Surveillance Policy continues to comply with the GDPR, with national law, and the Guidelines (adequacy audit), and whether it is followed in practice (compliance audit).

Privacy-friendly technological solutions.

We also implemented the following privacy-friendly technological solutions.

What areas are under surveillance?

The video-surveillance system consists of a number of fixed cameras. Cameras are located at all entry and exit points of our building, including the main entrance, emergency and fire exits and the entrance to the parking lot.

We also do not monitor any areas under heightened expectations of privacy such as individual offices, leisure areas, toilet facilities and others (see Guidelines, Section 6.8). The location of the cameras was carefully reviewed to ensure that they minimise the monitoring of areas that are not relevant for the intended purposes (Guidelines, Section 6.1).

Monitoring outside our building in public spaces is limited to an absolute minimum, as recommended in Section 6.5 of the Guidelines.

What personal information do we collect and for what purpose?

Summary description and detailed technical specifications for the system.

The video-surveillance system is a conventional static system. It records digital images and is equipped with motion detection. It records any movement detected by the cameras in the area under surveillance, together with time, date and location. All cameras operate 24 hours a day, seven days a week. The image quality in most cases allows identification of those in the camera's area of coverage (see Guidelines, Section 6.4).

We do not use high-tech or intelligent video-surveillance technology (see Section 6.9 of the Guidelines), do not interconnect our system with other systems (Section 6.10), and we do not use covert surveillance (Section 6.11), sound recording, or "talking CCTV" (Section 6.12).

Purpose of the surveillance.

The company uses its video-surveillance system for the sole purposes of security and access control. The video-surveillance system helps control access to our building and helps ensure the security of our building, the safety of our staff and visitors, as well as property and information located or stored on the premises. It complements other physical security systems such as access control systems and physical intrusion control systems. It forms part of the measures to support our broader security policies and helps prevent, deter, and if necessary, investigate unauthorised physical access, including unauthorised access to secure premises and protected rooms, IT infrastructure, or operational information. In addition, video-surveillance helps prevent, detect and investigate theft of equipment or assets owned by the company, visitors or staff, and threats to the safety of visitors or personnel working at the office (e.g. fire, physical assault).

Purpose limitation.

The system is not used for any other purpose, for example, it is not used to monitor the work of employees or to monitor attendance. Neither is the system used as an investigative tool (other than investigating physical security incidents such as thefts or unauthorised access). It is only in exceptional circumstances that the images may be transferred to investigatory bodies in the framework of a formal disciplinary or criminal investigation as described in Section 6.5 below (see Sections 5.7, 5.8 and 10.3 of the Guidelines).

No ad hoc surveillance foreseen.

We foresee no ad hoc surveillance operations for which we would need to plan at this time (see Guidelines, Section 3.5).

Webcams.

We have no webcams (see Section 5.10 of the Guidelines).

No special categories of data collected.

We collect no special categories of data (Section 6.7 of the Guidelines).

What is the lawful ground and legal basis of the video-surveillance?

The use of our video-surveillance system is necessary for the management and functioning of our company (for the security and access control purpose described in Section 4.2 above). Therefore, we have a lawful ground for the video-surveillance (see Section 5.2 of the Guidelines). A more detailed and specific legal basis for the video-surveillance is provided in this Video-surveillance Policy. This policy, in turn, forms part of the broader security policies adopted by our company.

Who has access to the information and to whom is it disclosed?

In-house security staff and outsourced security-guards.

Both recorded video and live video is accessible to our in-house security staff only.

Access rights.

The company's Security Policy for Video-surveillance (see Section 7 below) clearly specifies and documents who has access to the video-surveillance footage and/or the technical architecture of the video-surveillance system, for what purpose and what those access rights consist of. In particular, the document specifies who has the right to:

​· view the footage real-time,

​· view the recorded footage, or

​· copy,

​· download,

​· delete, or

​· alter any footage.

Data protection training.

All personnel with access rights were given their first data protection training. Training is provided for each new member of the staff and periodic workshops on data protection compliance issues are carried out at least once every two years for all staff with access rights (see Section 8.2 of the Guidelines).

Confidentiality undertakings.

After the training, each staff member with access rights also signed a confidentiality undertaking.

Transfers and disclosures.

All transfers and disclosures outside the security unit are documented and subject to a rigorous assessment of the necessity of such transfer and the compatibility of the purposes of the transfer with the initial security and access control purpose of the processing (see Section 10 of the Guidelines). The Privacy Officer of the company is consulted in each case.

No access is given to management or human resources.

Local police may be given access if needed to investigate or prosecute criminal offenses. On no occasion was access given to the police for the past five years for which we hold records of transfers.

Under exceptional circumstances, access may also be given to those carrying out a formal internal investigation or disciplinary procedure within the company, provided that it can be reasonably expected that the transfers may help investigation or prosecution of a sufficiently serious disciplinary offense or a criminal offense. No requests for data mining are accommodated. For the past five years for which we hold records of transfers, we have not authorised a transfer under any of the above grounds.

How do we protect and safeguard the information?

In order to protect the security of the video-surveillance system, including personal data, a number of technical and organisational measures have been put in place. These are detailed in a processing-specific security policy ("Security Policy for Video-surveillance"), which is available only on our access-restricted intranet for security reasons. The company's Security Policy for Video-surveillance was established in accordance with Section 9 of the EDPS Video-surveillance Guidelines.

Among others, the following measures are taken:

​· Any recorded images are stored on servers hosted on secure premises, protected by physical security measures; network firewalls protect the logic perimeter of the IT ​ ​infrastructure; and the main computer systems holding the data are security hardened.

​· Administrative measures include the obligation of all outsourced personnel having access to the system (including those maintaining the equipment and the systems) to be individually security cleared.

​· All staff (external and internal) signed non-disclosure and confidentiality agreements when accepting their (employment) contract.

​· Access rights to users are granted to only those resources which are strictly necessary to carry out their jobs.

​· Only the system administrator specifically appointed by the controller for this purpose is able to grant, alter or annul any access rights of any persons. Any provision, alteration or annulment of access rights is made pursuant to the criteria established in the Security Policy for Video-surveillance.

​· The Security Policy for Video-surveillance contains an up-to-date list of all persons having access to the system at all times and describes their access rights in detail.

How long do we keep the data?

Images are stored for a maximum of 48 hours. Thereafter, all images are deleted. If any image needs to be stored to further investigate or evidence a security incident, they may be retained as necessary. Their retention is rigorously documented and the need for retention is periodically reviewed.

The system is also monitored live by security personnel either upon an alarm or other notification of a security incident, or at random moments outside of regular office hours. The system is not monitored live in any other situation.

How do we provide information to the public?

Multi-layer approach.

We provide information to the public about the video- surveillance in an effective and comprehensive manner (see Guidelines, Section 11). To this end, we follow a multi-layer approach, which consists of a combination of the following two methods:

​· on-the-spot notices to alert the public to the fact that monitoring takes place and provide them with essential information about the processing, and

​· we post this Video-surveillance Policy on our intranet and also on our internet sites for those wishing to know more about the video-surveillance practices of our company.

Print-outs of this Video-surveillance Policy are also available at our building reception staff and from our security unit upon request. A phone number and an email address are provided for further inquiries. We also provide on-the-spot notice adjacent to the areas monitored, indicated by a pictogram similar to the one above. We placed a notice near all entrances to the building.

Specific individual notice.

In addition, individuals must also be given individual notice if they were identified on camera (for example, by security staff in a security investigation) provided that one or more of the following conditions also apply:

​· their identity is noted in any files/records,

​· the video recording is used against the individual,

​· kept beyond the regular retention period,

​· transferred outside the security unit, or

​· if the identity of the individual is disclosed to anyone outside the security unit.

Provision of notice may sometimes be delayed temporarily, for example, if it is necessary for the prevention, investigation, detection and prosecution of criminal offenses. The company’s Privacy Officer is consulted in all such cases to ensure that the individual’s rights are respected.

How can members of the public verify, modify or delete their information?

Members of the public have the right to access the personal data we hold on them and to correct and complete such data. Any request for access, rectification, blocking and/or erasing of personal data should be directed to the Privacy Officer, currently Marc Perquin, privacy@stcorp.nl, +31(0)15 2629889. He may also be contacted in case of any other questions relating to the processing of personal data.

The company’s policy regarding data access rights can be found on the intranet and our website (https://stcorp.nl/privacy). Data access rights can also be executed from this webpage directly.

Right of recourse

Every individual has the right of recourse to the Data Protection Authority - the Autoriteit Persoonsgegevens in the Netherlands for our company - if they consider that their rights under Regulation 45/2001 have been infringed as a result of the processing of their personal data by the company. Before doing so, we kindly request that individuals first try to obtain recourse by contacting the Privacy Officer of the company: 

Marc Perquin, privacy@stcorp.nl, +31(0)15 2629889

How do we reference this privacy statement?

This privacy statement is known as "S[&]T CCTV Privacy Statement" v1.0, in use since 2 December 2019.