With technical surveillance, we ensure a safe environment for our customers and employees, as well as protect our assets. Technical surveillance refers to CCTV, access control, key management and burglar alarm systems installed at the S Group’s outlets.
Data controller
The S Group company on behalf of which the technical surveillance is being performed handles the processing of personal data. You can find contact details of S Group’s data controllers from here.
Purposes for which personal data is used
We use technical surveillance to secure the service situation and the safety of personnel, to protect property and prevent any criminal activities and offences, to monitor the appropriate functioning of production processes, to investigate situations compromising safety, property or production processes, and to present, review or defend any necessary legal claims such as compensation claims. In addition, technical surveillance is used to ensure the legal protection of all parties involved.
Technical surveillance also allows us to prevent access by unauthorised persons to our premises and to protect the data controller’s data and other assets. The protection is realised by means of real-time CCTV monitoring or by reviewing recordings or other usage/log data of the technical surveillance systems.
Whenever necessary, we use the log data of access control, key management and burglar alarm systems to investigate the movements of the people using the system or the cause of an alarm.
In surveillance, we use as an aid security companies that can, based on an assignment, perform active CCTV monitoring or CCTV monitoring in arrears by reviewing recordings on site or remotely from an alarm control centre or other service centre. The security company may also investigate the access control or burglar alarm systems. If necessary, a security contractor can assist us in technical implementation and maintenance of the systems.
Data we collect about you and sources from which we obtain the data
We receive the personal data from technical surveillance systems. For example, personal data is collected by the CCTV system when people enter the surveillance area in our premises, mobile service points and yard areas.
The CCTV system produces real-time image, records video and still pictures when required, and stores the information of the time of recording. Entry into the surveillance area is marked with appropriate signs indicating that recording CCTV system is in use in the area.
We can combine information produced by the CCTV system with cash receipt information to verify purchase transactions.
At certain HOK-Elanto outlets, body camera systems are in use that record video and sound when the employee wearing a body camera starts the recording. The use of body camera systems is announced at the entrance to the outlet. Employees start the recording on their body camera when they observe that a situation that is threatening, constitutes an offence or compromises safety may start, is starting or has already started. We primarily employ body cameras to ensure the safety of our customers and employees and to prevent crimes and dangerous situations. Body camera surveillance also enables us to ensure the legal protection of all parties involved. We may store the collected data and use it to prepare, present and defend claims during legal proceedings.
Key management and access control systems save names, company information and contact details, information about keys or access control credentials, as well as information about when the keys or access control credentials are used.
Burglar alarm systems save users’ name and credentials, as well as the system’s operating events.
Basis for processing personal data
We use technical surveillance based on a legitimate interest. By improving security to proactively prevent wastage and theft, we can provide our co-op members with better benefits and services. CCTV monitoring also allows us to correct errors and ensure legal protection of the customer or employee. Furthermore, we may save data and use it to prepare, present and defend legal claims such as compensation claims.
Who processes personal data
Personal data collected through technical surveillance is processed by S Group employees based on their work assignments and by security companies, system suppliers and system administrators assisting S Group companies.
We may disclose personal data saved in a technical surveillance system to insurance and loss surveyor companies used by the S Group to allow for investigation and implement legal protection in cases where a claim involving the data controller or an S Group company has been lodged. We may disclose information to insurance companies other than those used by S Group for the processing of compensation claims in cases where a company belonging to S Group has suffered a loss and is claiming compensation.
S-Bank Ltd has the right to process images related to the bank’s commissions to investigate abuses and present claims during legal proceedings.
We may also submit information to the authorities to the extent allowed and required by valid legislation, such as in reply to an information request by an authority or to assist authorities in their investigations.
Your rights and effects of personal data processing to you
You have the right to access your own data. The easiest way to do this is to submit an information request to the data controller whose outlet you visited and from whom you want to obtain a copy of your data. You can find the contact details of our controllers on this page. We must identify you before we can carry out your request. For this reason, you may have to visit one of our outlets so that we can verify that the data was requested by the appropriate person.
We carefully protect your personal data in accordance with the relevant legislation and good data processing practice. More information on data security in the S Group can be found on this page.
Despite all our safeguards, if a data security breach concerning the personal data we process takes place, you have the right to be informed of the matter if the data security breach we have detected concerns your personal data, and the breach can cause a significant risk to you. In this case, we will inform you of the data security breach as required by the legislation.
You may also contact the supervisory authority if you find that the applicable legislation has been violated in the processing of your personal data.
You can find more information on you rights as a data subject on the Your Rights page.
Personal data retention periods
As a rule, the CCTV data for each outlet or camera is retained for 30 days. As a rule, the data of body camera systems is stored for seven days. For a special reason, such as a pending or investigated criminal case, the recordings may be retained for a longer time. The CCTV recordings will be destroyed after the expiration of the period for filing suit (if any) or after the end of the legal proceedings.
As a rule, we retain the key management, access control and burglar alarm system data for each outlet for a maximum of thirteen months. For a special reason, such as a pending or investigated criminal case, the data may be retained to defend a claim for the time required by the legal proceedings.
Contact information of the Data Protection Officer
You can reach the S Group Data Protection Officer at tietosuojavastaava@sok.fi if you have any questions about the processing of personal data.