Office visitors notice
Last revised: January 18, 2023
Privacy Mission and Vision
5CA Privacy Team is a division of 5CA Legal & Privacy department. The Privacy Team’s mission and vision is to embed Privacy and Data Protection principles in 5CA core principles to ensure the proper data governance processes within the company.
Concerning the cookies we use, check our Cookie Policy.
Introduction
This Visitors’ privacy notice (“Visitors’ Notice”) applies to anyone visiting 5CA B.V.’s premises (“Guests”) located at Stationsstraat 154, 3511 EK Utrecht (“Office”). This Visitors’ Notice also applies to persons who perform contractual activities for 5CA and its subsidiaries and affiliates (such as Cocoroco B.V.) and use the access control app-system (“Access App”) to enter the Office premises (“Office Colleagues”). The Guests and Office Colleagues are collectively referred to as “Visitors, you, your, yours”.
In this regard, 5CA B.V. (“5CA”, “we”, “us”, “our”) is your data controller as provided in General Data Protection Regulation (“GDPR”).
5CA places foremost importance on any operation or set of operations performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (“Processing”) and protection of all types of personal data. “Personal data” means any information relating to an identified or identifiable natural person (“Data subject”).
This Visitors’ notice provides a general overview on how 5CA processes personal data of the Visitors in accordance with the GDPR and other applicable data protection and privacy legislation (“Privacy law”) via CCTV cameras placed at Utrecht’s office, 5CA’s reception desk (applies to Guests only) and Access App (applies to Office Colleagues only).
This Visitors’ Notice is an integral part of 5CA’s General Privacy Policy (Click here). Your data protection rights of access, deletion, rectification, data portability, restriction, objection, as a Data Subject can be found in this Privacy Policy under ‘Your privacy rights’ (Click here). You can exercise your rights by submitting a request to privacy@5ca.com.
Subject to legal and other permissible considerations, we will make every reasonable effort to handle your request promptly in accordance with the applicable law or inform you if we require further information to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes before processing and/or honoring your request.
Which information we may collect and why
We process your CCTV images (24/7 recording) and your office entry information (such as first and last name, signature, entry logs such as date of arrival, duration of visit) collected via the reception desk’s log-book list (applies only to Guests) and Access App (applies only to Office Colleagues) for the purposes of safety, emergency, security including:
- Real and serious threats to individual health and safety or the protection of property,
- Investigation of the illegal activities (such as theft or burglary) and to protect you and your property from such activities, in particular:
- to prevent and detect incidents,
- to catch perpetrators in the act,
- to collect evidence for such incidents, as well as to investigate the circumstances of incidents that may occur.
If you are a Guest, you will be verified with a relevant identification document such as ID or Passport at the reception desk for the purpose of identity verification. We do not store any of such documents.
Legal grounds
Legitimate interest
Based on Article 6(1)(f) of the GDPR, we may process your personal data for the legitimate interests of 5CA. Your data is needed to ensure yours and the Office premises safety, emergency and security as described in Section 3 of this Notice. The CCTV data contains no audio information (no voice-recording) and is limited only to the certain key-areas of the Office. Failure to process this data constitutes the impossibility to provide you with a secure environment to perform your contractual or visiting activities; thus it will not be possible for you to enter our Office. You have the right to object under Article 21 of the GDPR.
Retention Periods
5CA gives utmost importance on not keeping your personal data longer than necessary. To ensure that personal data is kept for no longer than necessary, we have strict retention periods concerning the category, sensitivity and the purpose of personal data processed. We set automated retention periods for the CCTV images, so after two weeks your personal data will be deleted.
The established retention periods are reviewed and updated regularly. You can also request your personal data to be deleted based on Article 17 of the GDPR. Upon the expiration of the retention period, or when data is not needed anymore, your personal data is deleted from 5CA’s records
Categories of data recipients
Your personal data will only be provided to third parties if you have given permission yourself or if this is permitted under the GDPR, Privacy Law, or other applicable Dutch Law. Your personal data is only visible for the limited number of persons and may not be accessed unless there is any safety, emergency or security reason. If, however, there is any such reason, we may share your personal data internally on a need-to-know basis (for example with Legal, HR, Information Security departments), Office security provider or with public authorities (such as police), courts and other applicable legal bodies.
All these parties are located in the European Economic Area (“EEA”), in particular – in the Netherlands. We do not transfer this data outside the EEA.
Security & data breaches
5CA takes adequate technical and organizational measures to ensure that personal data is stored securely. Appropriate security measures have been implemented to avoid unauthorised sharing of personal data. You can find more information of how your personal data is protected under our General Privacy Policy (Click here).
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, 5CA shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the relevant stakeholders or the competent authority.
Changes to this Notice
5CA may make changes to this Visitors’ Notice. 5CA therefore recommends that you regularly check for updates by scanning the QR code or keeping the link of this Visitors’ Notice.
Contact Information
You are welcome to contact the Privacy Team (privacy@5ca.com) for any questions, comments, and requests regarding this Notice or if you have any other requests or questions about your personal data and its processing by 5CA.