Camar S.p.A.

PRIVACY INFORMATION ON VIDEO SURVEILLANCE

This information on the processing of personal data refers to the processing carried out using video surveillance systems at the plants and premises of the company CAMAR SPA., at the headquarters of 22060 - FIGINO SERENZA (CO) Via G. Leopardi, 6-8-10

 

INTRODUCTION:

The video surveillance and video sensor system located at the headquarters of Via G. Leopardi, 6-8-10 is equipped with:

  1. n. 2 fixed-orientation cameras (n.1, n.2)
  2. n. 0 monitors for real-time viewing of images;
  3. n. 1 password-protected recording device.
  4. n. 6 video sensors

The video cameras and video sensors are placed, with specific notification through simplified information, in the perimeter areas of the plant, at the entrances, with minimization logic in relation to the field of filming, subjects authorized to access the images, duration of the recording.
The precise position of the cameras is indicated with the letter X in the plans available at the owner's offices and can be consulted upon request by the interested party.

The processing of data, in compliance with the provisions of the Workers' Statute (art. 4, law no. 300/1970) has been authorized following a Trade Union Agreement with the Trade Unions dated 05/06/2025.

 

1: WHO PROCESSES THE DATA

The data controller is the entity that takes decisions on how to process the data, therefore - among other things - on what precautions to take to protect them, on where to store them (whether on a server or cloud, whether in paper format, etc.), on what data to ask the Customer, on what to process and for what purpose, on what and to whom to transfer them, how to manage the relationships and rights of the Customers, on who to choose as a collaborator, manager or simply in charge of processing the data, on what instructions to give to the collaborators, etc... Therefore, given that the data controller is very important, the Customer should know that it is:

CAMAR SPA, with headquarters in FIGINO SERENZA (CO) Via G. Leopardi, 8
VAT number   00197640139    
TEL./FAX 031/72811 - 031/72812
Email: privacy@camar.it
PEC: Amministrazione@pec.camar.it

Then, with regard to any additional functions, the Data Controller uses third parties, as persons in charge (duly authorised and trained) or mostly as responsible or sometimes independent data controllers:

  • External parties to whom security management is delegated;
  • External or internal parties who perform IT system administrator functions;
  • External or internal parties who perform maintenance and repair functions of the video surveillance system;
  • External parties who perform Hosting services for the images.

 

2: WHAT DATA IS PROCESSED and WHO ARE THE INTERESTED PARTIES

The data that will be processed are the following:

  • Image of the person;
  • Additional secondary data: from viewing the image of the worker, information relating to his/her work activity can theoretically be indirectly deduced, such as the specific methods of carrying out the service, in times and ways, habits, etc. This information is not subject to control by video surveillance.
  • Additional secondary data of third parties: from viewing the image of third parties, other information can be deduced, such as the company or organization to which they belong, working hours, the means in use, if any, etc.

 
The data may concern:

  • Employees of the Data Controller;
  • Suppliers (or potential suppliers) of the Data Controller;
  • Collaborators of the Data Controller (agents, etc.);
  • Customers (or potential customers) of the Data Controller;
  • Third parties who access the office (Visitors, couriers, postal workers, etc.).

 

3: HOW THE DATA IS PROVIDED AND CONSEQUENCES OF REFUSING TO PROVIDE THEM

The images are filmed by video systems.
The provision of data is necessary as it is strictly instrumental to accessing the company premises. In the absence of this, the Data Controller will be unable to allow the interested party access to the premises. In any case, without prejudice to the possibility of viewing the sign warning of the presence of a video surveillance system, the interested party is left with the right to access and be filmed.

 

4: FOR WHAT PURPOSES ARE THE DATA PROCESSED

The data is processed for the following purposes:

  1. Protection of company assets: the dissuasive function of the cameras and the relative ability to document events acts as a deterrent and therefore has the purpose of protecting the company assets understood as both real estate and movable assets (including intangible assets - data and know-how).
    Legal basis: legitimate interest of the employer in the protection and conservation of assets.
    Interested parties: third parties, suppliers, collaborators, customers and, in the event of unlawful acts, also employees.
    Duration of storage: 24 hours, unless extended in the event of closure of the plant (in which case the images are stored for 24 hours from the reopening). In the event of attacks (theft, damage, unauthorized access, etc.) to company assets (even if only suspected), the images are stored for a further period and until the resulting dispute is resolved (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action);
  2. Organizational or production needs: the images are used to manage dangerous or in any case unattended or immediately visible access for personnel or to manage flows of materials, vehicles or objects.
    Legal basis: legitimate interest of the Data Controller to guarantee the safety of the people present at the company headquarters.
    Interested parties: third parties, suppliers, collaborators, customers and employees.
    Duration of storage: 24 hours, unless extended in the event of closure of the plant (in which case the images are stored for 24 hours from the reopening). In the event of anomalous events (theft, damage, unauthorized access, accidents, etc.) the images are stored for a further period of time and until the consequent dispute is resolved (i.e. until the end of the consequent civil, criminal, administrative or disciplinary action);
  3. Work safety: in the event of access to dangerous areas the images are monitored to manage such access.
    Legal basis: safeguarding the vital interests of people, legitimate interest of the employer in protecting the health and safety of employees and collaborators.
    Duration: 24 hours unless unauthorized access. In this case, the images are retained for a further period of time and until the resulting litigation is resolved (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action);
  4. Claims documentation (insurance): in the event of claims or other unlawful acts, the images will be used to document such events in the appropriate venues (judicial, mediation, extrajudicial, insurance).
    Legal basis: legitimate interest of the Data Controller.
    Duration of retention: until the resulting litigation is resolved (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action);

The use of images for other purposes is not foreseen and in particular the purpose of remote monitoring of work activity is excluded.

5: WHERE THE DATA ARE PROCESSED

The Customer's personal data are processed at the Data Controller's premises.
They are also processed externally in cases of remote access to the images at the premises of the External Manager, supplier and manager of the video sensors

 

6: HOW THE DATA WILL BE PROCESSED AND STORED

All the Customer's personal data will be stored on computer media at the Data Controller's premises and at the premises of the External Manager, supplier and manager of the video sensors.
The data are also processed via mobile devices with remote access to the images.

 

7: WHO CAN ACCESS THE DATA AND TO WHICH SUBJECTS IT CAN BE COMMUNICATED

The images may be accessed by:

  • Employees responsible for viewing, at the company
  • Subjects (including external ones) responsible for the management, maintenance, administration of the video surveillance system;
  • Any professionals who support the company with consultancy or legal activities;
  • Insurance companies;
  • Police forces and/or judicial authorities, in the event of a request.

 

8: HOW LONG WILL THE DATA BE KEPT

The images will be kept, by default, for 24 hours.
In the event of closure of the establishment, the images are stored for 2 days from the moment of reopening.
In the event of events (see point 4), the images will be further stored until the resulting litigation is exhausted (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action).

9: LEGAL BASIS OF THE PROCESSING

The legal basis of the processing is first and foremost the legitimate interest of the employer (see point 4).

 

10: RIGHTS OF THE INTERESTED PARTY

Customers are beneficiaries of a series of rights.
First of all, the customer has the right to be informed about:

  • Categories of data that are processed (see point no. 2);
  • Origin of the data, i.e. knowing where the Lawyer comes from has obtained your data (see point no. 3);
  • Purpose of data processing, i.e. for what purposes the data is processed (see point no. 4);
  • Methods of data processing (see point no. 6);
  • Details of the owner and any data processors (see point no. 1);
  • Subjects to whom the data is communicated (see point 7);
  • Data retention and processing period (see point 8);
  • Right to lodge a complaint with the privacy guarantor by accessing the following link: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-nostri-dati-personali
  • Existence or not of a profiling process by the Vincenzi Law Firm;
  • Legal basis of the processing (see point no. 9);
  • Right to withdraw consent;
  • Interests pursued by the owner through the processing: exclusively that of carrying out the task entrusted to him in the best possible way.

Then there are rights that are not simply informational but operational:

  • updating and rectification.
  • cancellation and anonymization: this right can be exercised if the data is no longer necessary for the purpose for which it was processed.
  • Copy.

 

11: PROCEDURE FOR EXERCISING YOUR RIGHTS

The rights listed in the previous point can be exercised by the Customer by sending an email to privacy@camar.it indicating in the text which right you wish to exercise.
The Data Controller must respond within thirty days (which can be extended by another two months, but in this case the Data Controller must give the user a reasoned notice of the delay).
The Data Controller can refuse, if he has reason, to follow up on the user's request (refusal that must be communicated to the user within one month) only in the case of manifestly unfounded or repetitive requests. In this case, a reasoned response must be given. In any case, the user can contact the "Privacy Guarantor" (see link below) or the Judge.
The Data Controller must respond using the same channel (email, telephone, etc.) used by the user for the request, unless the user requests a response by a different means. In the event of a request coming from an email address other than the one indicated in the account, the applicant must prove that he/she is the interested party.
The Data Controller, where he/she has doubts about the identity of the person making the request or exercising one of the rights listed below, may request further information to confirm the identity of the applicant. In the event of a request coming from an email address other than the one indicated in the account, the applicant must prove that he/she is the interested party.

Requests and responses are free unless they are repetitive. In the latter case, the Data Controller may charge the out-of-pocket costs incurred for the response (i.e. personnel costs, material costs, etc.).
In any case, the interested party may contact the Guarantor Authority (https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-nostri-dati-personali) or the competent Jurisdictional Authority for the exercise of their rights.

 

12: DATA BREACH HYPOTHESIS

In the event that one or more of the following events should occur with respect to the data: unauthorized access, theft, loss, destruction, disclosure, modification (so-called Data breach), the Data Controller, without prejudice to the remaining the urgent technical measures to be implemented to block (as far as possible) the event and to reduce its harmful effects, undertakes to:

  • restore the service as soon as possible in an efficient manner, recovering the available data from the last useful backup carried out;
  • inform the interested parties, directly if the circumstances allow it or generically (by means of a notice on the home page of the website or by means of a communication sent to all users, including those for whom there have been no data events) of the type of event, the time in which it occurred, the measures adopted (without going into detail in order not to facilitate any new attacks) to reduce the damage and to avoid new similar events, as well as the measures and precautions that the user should - for his part - implement to reduce the probability of new events and limit the consequences of those that have already occurred.

 Text in force from June 2025