With technical surveillance, we ensure a safe environment for our customers and employees, as well as protect our assets. Technical surveillance refers to CCTV, access control, key management and burglar alarm systems installed at the S Group’s outlets.
The S Group company on behalf of which the technical surveillance is being performed handles the processing of personal data. You can find contact details of S Group’s data controllers from here.
Purposes for which personal data is used
We use technical surveillance to be able to provide services, to ensure the safety of our employees, to prevent crime and to handle claims in connection with legal proceedings. In addition, technical surveillance ensures the legal protection of all parties involved.
Technical surveillance also allows us to prevent access by unauthorised persons and to protect the data controller’s data and other assets. The protection is realised by means of real-time CCTV monitoring or by reviewing recordings or other usage/log data of the technical surveillance systems.
Whenever necessary, we use the log data of access control, key management and burglar alarm systems to investigate the movements of the people using the system or the cause of an alarm.
In surveillance, we use as an aid security companies that can, based on an assignment, perform active CCTV monitoring or CCTV monitoring in arrears by reviewing recordings on site or remotely from an alarm control centre or other service centre. The security company may also investigate the access control or burglar alarm systems. If necessary, a security contractor can assist us in technical implementation and maintenance of the systems.
Data we collect about you and sources from which we obtain the data
We receive personal data from the technical surveillance systems. CCTV systems save video or still images, as necessary. Entry into the controlled area is denoted with appropriate markings, such as “Recording CCTV system” signs.
Key management and access control systems save names, company information and contact details, information about keys or access control credentials, as well as information about when the keys or access control credentials are used.
Burglar alarm systems save users’ name and credentials, as well as the system’s operating events.
Basis for processing personal data
We use technical surveillance based on a legitimate interest. By improving security to proactively prevent wastage and theft, we can provide our co-op members with better benefits and services. CCTV monitoring also allows us to correct errors and ensure legal protection of the customer or employee. Furthermore, we may save data and use it to prepare, present and defend claims during legal proceedings.
Who processes personal data
The personal data collected by the technical surveillance systems is processed by security companies, system suppliers and system administrators.
We may disclose personal data saved in a technical surveillance system to insurance and loss surveyor companies used by the S Group to allow for investigation and implement legal protection in cases where a claim involving the data controller or an S Group company has been lodged. Personal data is also processed in cooperation by the S Group’s technical surveillance data controllers to prevent and investigate crimes involving several S Group companies.
S-Bank Ltd has the right to process images related to the bank’s commissions to investigate abuses and present claims during legal proceedings.
We may also submit information to the authorities to the extent allowed and required by valid legislation, such as in reply to an information request by an authority or to assist authorities in their investigations.
Your rights and effects of personal data processing to you
You have the right to access your own data. The easiest way to do this is to submit an information request to the data controller whose outlet you visited and from whom you want to obtain a copy of your data. We must identify you before we can submit the copy to you. For this reason, you may have to visit one of our outlets so that we can verify that the data was requested by the appropriate person. In the case of CCTV systems, we will implement your right to obtain copies of still images. You also have the right to request the correction of any erroneous or defective personal data, or request that your data be deleted by contacting the data controller. You can find contact details of S Group’s data controllers from here.
You have the right to be informed if a data security breach may have involved your personal data. We will notify you without delay if we are faced with a data security breach that could have serious consequences to your private life. We will inform the relevant authorities and you of any data security breaches in accordance with legislative requirements. We carefully protect your personal data, maintaining good data processing practices. For more information on information security in the S Group, please click here.
You may also contact the supervisory authority if you are of the opinion that applicable data protection regulations have not been followed in the processing of your personal data.
Personal data retention periods
Depending on the outlet or camera, CCTV data is retained for a maximum of six months. For a special reason, such as a pending or investigated criminal offence, recordings may be saved to defend claims during legal proceedings for the time required by the legal proceedings (2–10 years). The CCTV recordings will be destroyed after the expiration of the period for filing suit (if any) or after the end of the legal proceedings.
Depending on the outlet, we retain key management, access control and burglar alarm system data for a maximum of twelve months. For a special reason, such as a pending or investigated criminal offence, the data may be saved to defend claims during legal proceedings for the time required by the legal proceedings (2–10 years).
Contact information of the Data Protection Officer
You can reach the S Group Data Protection Officer at firstname.lastname@example.org if you have any questions about the processing of personal data.