Personal Data Protection Principles – Surveillance Cameras

1. Personal Data Controller
1.1. Our company Rossum Cafe, s. r. o., with it registered address at: I. Olbrachta 7585/34, 911 01 Trenčín, Slovakia, Company ID No.: 52 592 812, registered in the Commercial register of Trenčín District Court, section Sro, file No. 140035/B, is a personal data controller under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”) and has an obligation to provide the data subject with information under Article 13 of the Regulation.

2. Personal Data
2.1. Our company is an operator of robotic café shops (Rossum cafe), which provide hot beverages based on the customer´s order. Each robotic café shop and its immediate surroundings are monitored by surveillance cameras operated by our company. During the operation of surveillance cameras, the appearance of a person may be recorded. The appearance of natural persons shall thus be regarded as a subject of personal data processing.

3. Data Subject
3.1. Any natural person who is entering the monitored area of a robotic café shop.

4. Purpose of the Personal Data Processing
4.1. Protection of the controller´s property
4.1.1. Legitimate interest of the controller lies in protection of its property located in the premises of the controller.
4.2. Compliance with Legal Obligations
4.2.1. The controller may be requested by court, crime investigation authorities or other public authorities to provide them with the controller´s assistance in solving of a criminal matter or in case of damage. In such case the controller shall provide the authorized claimant with the appropriate record. The controller shall do so only on the basis of an authorized request and in compliance with applicable law imposing such obligation upon the controller.

5. Legal Basis of the Personal Data Processing
5.1. Personal data are processed on the following basis:
a) our legitimate interests,
b) processing is necessary for compliance with a legal obligation to which the controller is subject.

6. Categories of Recipients of the Personal Data
6.1. Third parties to whom the personal data may be disclosed: persons mandated by our company, legal advisers, public authorities.

7. Period for Which the Personal Data Will Be Stored
7.1. The controller shall process records of appearance and activities of data subjects made by the surveillance cameras for no longer than 7 days. This period can be extended in case of performance of the controller´s duties under Section 4.2.1 of these Principles, such extension being for the period prescribed by or arising out of the request for assistance made by court, crime investigation authority or other public authoritiy.
7.2. After the expiration of the period for which the personal data can be stored, the records shall be destroyed.

8. Security of the Personal Data
8.1. We maintain reasonable security measures (including technical, electronical and administrative) for the protection of personal data against their loss, destruction, or damage, misuse and/or unauthorized access or disclosure. For example, we restrict the access to personal data only to the authorized personnel and contractors, who need the information for performance of their duties.

9. Your Rights
9.1. Right of access to the data
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to access the personal data.
9.2. Right to rectification
If you believe that your personal data processed by us are inaccurate, you have the right to request the rectification of inaccurate personal data concerning you without undue delay.

9.3. Right to erasure
9.3.1. You have the right to request the erasure of personal data concerning you. The erasure shall not affect the personal data, which have to be stored by us according to the applicable law. We may deny your request for erasure in case your personal data are necessary for the establishment, exercise or defence of our legal claims.
9.3.2. With the exception of situations mentioned above you have the right to erasure in these cases:
a) the personal data are no longer necessary in relation to the purposes for which they were processed;
b) you object to the processing and there are no overriding legitimate grounds for the processing;
c) the personal data are unlawfully processed;
d) the personal data have to be erased for compliance with applicable law;

9.4. Right to object to processing of personal data
9.4.1. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on our legitimate interest, including the objection against profiling.
9.4.2. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you as the data subject or for the establishment, exercise or defence of legal claims.

9.5. Right to restriction of processing
9.5.1. You have the right to obtain from us restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of your legal claims;
d) you have objected to processing pending the verification whether our legitimate grounds override yours.
9.5.2. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

9.5.3. If the processing of your personal data is restricted, we will inform you before the restriction of processing is lifted.

9.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller

9.7. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the Regulation. Supervisory authority in the territory of the Slovak republic is: Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27, Slovak republic, web: https://dataprotection.gov.sk/uoou/, email: statny.dozor@pdp.gov.sk.

These Personal Data Protection Principles – Surveillance Cameras, including all parts thereof shall be valid and effective as of 01 July 2021. They can be accessed electronically here: https://rossumcafe.com/zasady-ochrany-osobnych-udajov/ or directly in application as well.