INFORMATION TO BE GIVEN

Similar documents
CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

SPECIFIC PRIVACY STATEMENT ERCEA ERC- Proposals Evaluation, Grants Management and Follow-up

I SBN Crown copyright Astron B31267

Processing. 2. Description

SPECIFIC PRIVACY STATEMENT IMI JU

Appendix 3 to AO/1-7094/12/NL/CO Page 1

Sidney Sussex College CCTV POLICY. Page 1 of 11

ALBUQUERQUE POLICE DEPARTMENT PROCEDURAL ORDERS. SOP 2-8 Effective:6/2/17 Review Due: 6/2/18 Replaces: 4/28/16

Enhanced service specification. Avoiding unplanned admissions: proactive case finding and patient review for vulnerable people 2016/17

Guidance on the use of Overt Closed Circuit Televisions (CCTV) for the Purpose of Surveillance in Regulated Establishments and Agencies

Brussels, 29 November 2007 (Case ) 1. Proceedings

SM-PGN 01- Security Management Practice Guidance Note Closed Circuit Television (CCTV)-V03

Data Integration and Big Data In Ontario Brian Beamish Information and Privacy Commissioner of Ontario

Automated License Plate Readers (ALPRs)

Checklist of requirements for licensing under Section 31 of the Trade Regulation Code (GewO)

NEW CASTLE COUNTY POLICE

MAKING AND USING VISUAL AND AUDIO RECORDINGS OF PATIENTS

NCRIC ALPR FAQs. Page: FAQ:

RISK MANAGEMENT BULLETIN

PRIVACY IMPACT ASSESSMENT (PIA) For the

GDPR readiness at efinancialcareers. Our Responsibilities and the General Data Protection Regulation

PRIVACY POLICY OF THE W & L SCHWAB CHARITABLE TRUST. (The I & F Westheimer Trust is a subsidiary of the W & L Schwab Charitable Trust)

DATA PROTECTION POLICY

In the entire Finland: Juha Tuominen, Chief Medical Officer Suomen Terveystalo Oy, Group Administration

GENERAL TENDER CONDITIONS

Services. This policy should be read in conjunction with the following statement:

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

43. Video Surveillance Policy

COMMISSION IMPLEMENTING REGULATION (EU)

Signature: Signed by GNT Date Signed: 1/21/2014

VIP Visitors Policy. Purpose of Agreement. Document Type. Policy SOP Guideline. Version Version 1. Operational Date July 2015

Personal Electronic Devices Acceptable Use Policy

Automatic Number Plate Recognition (ANPR) POLICY

Principles of Data Sharing for GPs and LMCs

Erasmus+ International Credit Mobility

STANDARD OPERATING PROCEDURE THE TRANSPORTATION OF PRESCRIBED CONTROLLED DRUGS AND OTHER URGENTLY REQUIRED MEDICATION BY COMMUNITY NURSES

Occupational Health Privacy Notice

REGARDING THE DEPARTMENTAL REGISTER OF WANTED PERSONS, UNIDENTIFIED BODIES AND UNKNOWN HELPLESS PERSONS. 20 June 2006 No.

Data Processing Agreement

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

The Impact of The HIPAA Privacy Rule on Research

Report of the Information & Privacy Commissioner/Ontario. Review of Cancer Care Ontario:

Education, Audiovisual and Culture Executive Agency GRANT DECISION FOR AN ACTION. Decision Nr

Facilities Strategy Award

BrooklY!I~ Park Police CRAIG EHEVOLDSEH POLICE CHIEF. August 15, To whom it may concern:

Processing. - The publication of the projects' coordinators' contact details (opt-out);

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):

Biennial Audit of the Shakopee Police Department Automated License Plate Reader System Conducted by LEADS Consulting

Application for Volunteer Work

Research Equipment Grants 2018 Scheme 2018 Guidelines for Applicants Open to members of Translational Cancer Research Centres

PRIVACY IMPACT ASSESSMENT (PIA) For the

Fair Processing Notice or Privacy Notice

Personal Identifiable Information Policy

RACQ Foundation. Guidelines and Application Form Natural Disasters. Funding Priorities Natural Disasters. Privacy. Eligibility Criteria

DATA PROTECTION POLICY

BIMO SITE AUDIT CHECKLIST

GCP INSPECTION CHECKLIST

Privacy Code for Consumer, Customer, Supplier and Business Partner Data

Corporate procedure Closed Circuit Television (CCTV) Code of Practice

BDIA Code of Practice for Dental CPD

Data Protection Privacy Notice

GDPR Records Management Policy

NHS RESEARCH PASSPORT POLICY AND PROCEDURE

Alcoa Police Department General Order Type/Action:

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

I. SUBJECT: PORTABLE VIDEO RECORDING SYSTEM

Privacy Policy - Australian Privacy Principles (APPs)

ERC Consolidator Grant 2016 Administrative forms (Part A) Research proposal (Part B1 and Part B2) Letter of Commitment of the Host Institute

1/5. > Accepted into the Sustainable Energy Management Program at BCIT. > Registered with the BCIT Aboriginal Services.

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

PRIVACY IMPACT ASSESSMENT (PIA) For the

Late-Breaking Science Submission Rules and Guidelines

RECORDS MANAGEMENT TRAINING

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

MEMORANDUM HONORABLE MAYOR AND CITY COUNCIL. ANTON DAHLERBRUCH, CITY MANAGER /s/

Brussels, 12 June 2014 COUNCIL OF THE EUROPEAN UNION 10855/14. Interinstitutional File: 2012/0266 (COD) 2012/0267 (COD)

The data subjects are officials and other staff, but also visitors who have had a medical incident during a visit to the EP.

Germany-Frankfurt-on-Main: ECB - Provision of travel services 2017/S Contract notice. Services

ST AGNES CATHOLIC PRIMARY SCHOOL HIGHETT STANDARD COLLECTION NOTICE

PRIVACY MANAGEMENT FRAMEWORK

Use and Management of Small Unmanned Aircraft Systems

System of Records Notice (SORN) Checklist

Guide to Incident Reporting for General Medical Devices and Active Implantable Medical Devices

Subsidy contract for the project. Click here to enter text.

Viewing the GDPR Through a De-Identification Lens: A Tool for Clarification and Compliance. Mike Hintze 1

HSQF Scheme HUMAN SERVICES SCHEME PART 2 ADDITIONAL REQUIREMENTS FOR BODIES CERTIFYING HUMAN SERVICES IN QUEENSLAND. Issue 6, 21 November 2017

Nations will be notified of the result of their applications by return by September 18 th.

The National Patient Experience Survey Programme. Statement of information practices

Casual Worker Agreement Form. This agreement is between: Casual Worker (name): The Royal Liverpool & Broadgreen University Hospitals NHS Trust

Office of the Australian Information Commissioner

NATO UNCLASSIFIED ARCHIVES COMMITTEE. Directive on the Public Disclosure of NATO Information

Annex VIIIA Guideline for correct preparation of a model patient information sheet and informed consent form (PIS/ICF)

PRIVACY POLICIES AND PROCEDURES

Guidance for MRC units on HTA licence applications for storage of human samples for research purposes

7. Self-Assessment for Healthcare Facilities

Medical devices briefing for patients: Patient safety in the new Regulation

HIPAA Training

Standard Operating Procedures (SOP) Research and Development Office

Transcription:

(To be filled out in the EDPS' office) REGISTER NUMBER: 1385 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 29/07/2016 CASE NUMBER: 2016-0695 INSTITUTION: ECB LEGAL BASIS: ARTICLE 27-5 OF THE REGULATION CE N 45/2001( 1 ) INFORMATION TO BE GIVEN 1/ NAME AND ADDRESS OF THE CONTROLLER European Central Bank Sonnemannstrasse 20 D-60314 Frankfurt am Main Germany 2/ ORGANISATIONAL PARTS OF THE INSTITUTION OR BODY ENTRUSTED WITH THE PROCESSING OF PERSONAL DATA Jean Marie Connes, Head of Division Security and Safety Directorate General Administration 3/ NAME OF THE PROCESSING Automated vehicle license plate recognition system 1 OJ L 8, 12.01.2001. 1

4/ PURPOSE OR PURPOSES OF THE PROCESSING The purpose of the processing of vehicle license plate data is to control the access of vehicles to the premises, as part of the security and safety concept of the ECB. To mitigate security threats to the ECB, it is necessary to prevent general access of unknown vehicles to the security perimeter of the ECB Main Building (e.g. by means of physical barriers). The (automated) vehicle license plate recognition system aims at ensuring that only registered vehicles of ECB staff members are granted access to the ECB Main Building premises where the ECB staff parking area is located. 5/ DESCRIPTION OF THE CATEGORY OR CATEGORIES OF DATA SUBJECTS The data subjects are ECB staff members who have registered for parking at the staff parking facilities on the grounds of the main premises. 6/ DESCRIPTION OF THE DATA OR CATEGORIES OF DATA (including, if applicable, special categories of data (Article 10) and/or origin of data). - Staff member identification data: name, picture of staff member, staff ID number - Identification data of the car of the staff member: license plate number, brand of the car, model of the car, colour of the car - Photographic image of the front image of vehicle licence plate as captured by a video camera for each access lane to the staff members garage (see Annex 1 regarding sample picture of access lanes). - Licence plate data string, combining data captured under the staff ID with car registration data (see Annex 2). 7/ INFORMATION TO BE GIVEN TO DATA SUBJECTS - Privacy statement A privacy statement (see Annex 3) is provided to staff members via the ECB Intranet. The privacy statement is presented on the dedicated information page on car registration in the Intranet. - Information on parking rules General information on parking rules is available in the Business Practice Handbook of the ECB, which is also published on the Intranet (see Annex 4) In addition, data subjects are informed about the fact that video surveillance is in place via a notice at the barrier directly before the entrance to the staff members garage. 2

8/ PROCEDURES TO GRANT RIGHTS OF DATA SUBJECTS (Rights of access, to rectify, to block, to erase, to object) Each individual staff member can add, delete or rectify the information both as regards staff identification data and car registration data by entering into the ECB s personnel management system with their login details (see Annex 5 for registration page). 9/ AUTOMATED / MANUAL PROCESSING OPERATION Automated: 1:n match of badge number against vehicle license plate The vehicle license plate recognition system complements the ECB s standard access control system, in which a personalised badge is used for identification. ECB staff members who wish to enter the Staff Members garage must register the details of their cars via the ECB s personnel management system (see Annex 5 for registration page). The vehicle license plate recognition system captures a picture of the front of a vehicle (see Annex 1 for sample pictures of both entry lanes). Via a dedicated technical algorithm the alphanumerical license plate characters are extracted and transferred to the access control system. The access control system compares the extracted license plate number with the license plate numbers assigned to the dedicated staff ID identified by the badge reader (a specific license plate number gets assigned to a staff member s ID, when the staff member submits the said license plate number via the Intranet form). If a data match is found, the barrier automatically rises, if not, a manual interaction by the security guard at the entry point is necessary. Manual processing following a mismatch: If a match is not available, the license plate is shown together with the staff ID, name, first name and picture of the staff at a dedicated access control client at the entry control point. The barrier can be opened via a manual interaction of the guard following clarification. 10/ STORAGE MEDIA OF DATA The data is centrally stored within the access control system located in a dedicated physical security network without connection to external networks. The vehicle registration database is centrally administered by the Security Service Centre following individual registration or deregistration by the individual staff member via the ECB s personnel management system. 3

11/ LEGAL BASIS AND LAWFULNESS OF THE PROCESSING OPERATION 1. Video Surveillance Policy: Article 11.6 of Protocol (no 4) on the Statute of the European System of Central Banks and of the European Central bank stipulates that the Executive Board of the ECB shall be responsible for the current business of the ECB which includes ensuring the security of the site. On 31 January 2012 the Executive Board approved the video-surveillance framework for the ECB site under construction. The current Video Surveillance Policy is an extension of the framework for the construction site (see Annex 6, in particular Section 3.2.13, page 15 as regards the automated vehicle license plate recognition system). The Executive Board will be asked for its approval of the entire Video Surveillance Policy for the ECB Main Building, following the receipt and implementation of the EDPS recommendation on the automated license plate recognition system. 2. Access to staff member parking: The Business Practice Handbook approved by the Executive Board refers to the need to register a car, in order to gain access to the staff member parking area (see Annex 4 excerpt of Business Practice Handbook). 3. The specific processing of personal data by the automated vehicle license plate recognition system is based on art. 5(d) of the Regulation, i.e. consent of the data subjects as they unambiguously give their explicit consent when registering the license plate(s) of the vehicle(s) which they wish to be authorised to enter the staff parking areas at the ECB`s premises. This consent is freely given as staff members do not need to use the ECB parking area but also have the option to park their cars outside the ECB premises. The consent form for the security badge already contains a reference to the use of the security badge to gain physical access to restricted areas at the ECB (see Annex 7 consent form badge). 12/ THE RECIPIENTS OR CATEGORIES OF RECIPIENT TO WHOM THE DATA MIGHT BE DISCLOSED - Within the ECB: The data may be disclosed to ECB security staff and security guards deployed by an external contractor of the ECB. 13/ RETENTION POLICY OF (CATEGORIES OF) PERSONAL DATA The personal data related to the security badge and the vehicle registration are stored for the duration of the employment of the staff member and for a period of one year after this relationship has been terminated. The personal data that are generated by using the ECB security badge in the access control system (audit-trail data) are stored for a limited period of time not exceeding three months. The personal data captured by the cameras of the vehicle license plate recognition system are not stored beyond the access process and are, as a rule, deleted immediately after the vehicle has been admitted to the Staff Members garage. 4

13 A/ TIME LIMIT TO BLOCK/ERASE ON JUSTIFIED LEGITIMATE REQUEST FROM THE DATA SUBJECTS N.A. (See Box 8). 14/ HISTORICAL, STATISTICAL OR SCIENTIFIC PURPOSES If you store data for longer periods than mentioned above, please specify, if applicable, why the data must be kept under a form which permits identification. N.A. 15/ PROPOSED TRANSFERS OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS No transfers to third countries or international organisations are foreseen. 16/ THE PROCESSING OPERATION PRESENTS SPECIFIC RISK WHICH JUSTIFIES PRIOR CHECKING (Please describe): This prior checking is based on the EDPS Video-Surveillance Guidelines of 17 March in 2010. Paragraph 6.9 of the Guidelines foresees that high-tech video-surveillance tools or systems are subject to prior checking, mentioning specifically car registration data for automatic number plate recognition. In this instance, the fact that the vehicle licence plate recognition system is based on a link with biometric data (photograph in the staff member s badge) fulfils the criteria mentioned. 17/ COMMENTS Ex-Post prior checking List of annexes: Annex 1: Sample pictures of entrance lanes captured by license plate recognition cameras Annex 2: Personal data captured by license plate recognition system Annex 3: Privacy statement on license plate recognition system in registration page Annex 4: Excerpt of ECB Business Practice Handbook on parking facilities Annex 5: Screenshot of registration page in personnel management system Annex 6: Video Surveillance Policy Annex 7: Consent form ECB security badge PLACE AND DATE: FRANKFURT, 29 JULY 2016 DATA PROTECTION OFFICER: BARBARA EGGL INSTITUTION OR BODY: EUROPEAN CENTRAL BANK 5

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback