With technical surveillance, we ensure a safe environment for our customers and employees, as well as protect our assets. Technical surveillance refers to CCTV, access control, key management and burglar alarm systems installed at the S Group’s outlets.
The S Group company on behalf of which the technical surveillance is being performed handles the processing of personal data. You can find contact details of S Group’s data controllers from here.
Purposes for which personal data is used
We use technical surveillance to secure the service situation and the safety of personnel, to protect property and prevent any criminal activities, to monitor the appropriate functioning of production processes, to investigate situations compromising safety, property or production processes, and to present, review or defend any necessary legal claims. In addition, technical surveillance is used to ensure the legal protection of all parties involved.
Technical surveillance also allows us to prevent access by unauthorised persons to our premises and to protect the data controller’s data and other assets. The protection is realised by means of real-time CCTV monitoring or by reviewing recordings or other usage/log data of the technical surveillance systems.
Whenever necessary, we use the log data of access control, key management and burglar alarm systems to investigate the movements of the people using the system or the cause of an alarm.
In surveillance, we use as an aid security companies that can, based on an assignment, perform active CCTV monitoring or CCTV monitoring in arrears by reviewing recordings on site or remotely from an alarm control centre or other service centre. The security company may also investigate the access control or burglar alarm systems. If necessary, a security contractor can assist us in technical implementation and maintenance of the systems.
Data we collect about you and sources from which we obtain the data
We receive the personal data from technical surveillance systems. For example, personal data is collected by the CCTV system when people enter the surveillance area in our premises, mobile service points and yard areas.
The CCTV system produces real-time image, records video and still pictures when required, and stores the information of the time of recording. Entry into the surveillance area is marked with appropriate signs indicating that recording CCTV system is in use in the area.
We can combine information produced by the CCTV system with cash receipt information to verify purchase transactions.
Key management and access control systems save names, company information and contact details, information about keys or access control credentials, as well as information about when the keys or access control credentials are used.
Burglar alarm systems save users’ name and credentials, as well as the system’s operating events.
Basis for processing personal data
We use technical surveillance based on a legitimate interest. By improving security to proactively prevent wastage and theft, we can provide our co-op members with better benefits and services. CCTV monitoring also allows us to correct errors and ensure legal protection of the customer or employee. Furthermore, we may save data and use it to prepare, present and defend claims during legal proceedings.
Who processes personal data
Personal data collected through technical surveillance is processed by S Group employees based on their work assignments and by security companies, system suppliers and system administrators assisting S Group companies.
We may disclose personal data saved in a technical surveillance system to insurance and loss surveyor companies used by the S Group to allow for investigation and implement legal protection in cases where a claim involving the data controller or an S Group company has been lodged.
S-Bank Ltd has the right to process images related to the bank’s commissions to investigate abuses and present claims during legal proceedings.
We may also submit information to the authorities to the extent allowed and required by valid legislation, such as in reply to an information request by an authority or to assist authorities in their investigations.
Your rights and effects of personal data processing to you
You have the right to access your own data. The easiest way to do this is to submit an information request to the data controller whose outlet you visited and from whom you want to obtain a copy of your data. You can find the contact details of our controllers on this page. We must identify you before we can carry out your request. For this reason, you may have to visit one of our outlets so that we can verify that the data was requested by the appropriate person.
We carefully protect your personal data in accordance with the relevant legislation and good data processing practice. More information on data security in the S Group can be found on this page.
Despite all our safeguards, if a data security breach concerning the personal data we process takes place, you have the right to be informed of the matter if the data security breach we have detected concerns your personal data, and the breach can cause a significant risk to you. In this case, we will inform you of the data security breach as required by the legislation.
You may also contact the supervisory authority if you find that the applicable legislation has been violated in the processing of your personal data.
You can find more information on you rights as a data subject on the Your Rights page.
Personal data retention periods
As a rule, the CCTV data for each outlet or camera is retained for 30 days. For a special reason, such as a pending or investigated criminal case, the recordings may be retained for a longer time. The CCTV recordings will be destroyed after the expiration of the period for filing suit (if any) or after the end of the legal proceedings.
As a rule, we retain the key management, access control and burglar alarm system data for each outlet for a maximum of twelve months. For a special reason, such as a pending or investigated criminal case, the data may be retained to defend a claim for the time required by the legal proceedings.
Contact information of the Data Protection Officer
You can reach the S Group Data Protection Officer at firstname.lastname@example.org if you have any questions about the processing of personal data.