GDPR Information Notice (Article 13) – Visitors
1. Data collected
Identity; company; persons visited; date and time of entry and exit; video surveillance images in covered areas.
2. Purposes and legal basis
The data are processed for the purposes of securing the premises and ensuring access traceability, as well as for the prevention and management of incidents.
Legal basis: legitimate interest (Article 6(1)(f) GDPR).
3. Recipients / access
The data are accessible to authorized departments (security, human resources).
They may also be disclosed to competent authorities in the event of an offence or a legal request.
4. Transfers outside the European Union
No transfers outside the European Union are planned for the visitor register.
5. Data retention periods
Visitor register: 5 days.
Video surveillance images: 30 days, unless extracted in the event of an incident or legal proceedings.
6. Mandatory nature of data and consequences
The provision of an identity document and the recording of information are required to access the premises.
Failure to provide this information may result in refusal of access.
7. Automated decision-making
No automated decision-making producing legal or similarly significant effects is implemented.
8. Your GDPR rights and how to exercise them
You have the following rights:
right of access to your data (Article 15);
right to rectification (Article 16);
right to erasure (Article 17);
right to restriction of processing (Article 18);
right to object (Article 21), including to direct marketing;
right to data portability (Article 20, where applicable);
right to withdraw your consent at any time (without retroactive effect).
To exercise your rights, you may contact the Data Protection Officer (DPO) or the data controller.
The response time is one month, which may be extended by two months in case of complexity.