The Data Controller responsible for monitoring the respective objects and the associated processing of personal data can be found at list of Data Controllers (hereinafter "the Data Controller(s)"). You can reach our data protection officer at dsb@caimmo.com.

The Data Controller collects the following personal data through video recording by means of video cameras:

• Video data of the subjects (appearance, behaviour), location where the video was taken (spatiality, location of the camera), license plate of the vehicle.
• If not exclusively real-time monitoring, the time of video recording (date, time, start/end of video recording) is also collected.

The data processing is carried out for one of the purposes listed below. The purpose of the video surveillance pursued with the specific video surveillance can be found under list of Data Controllers:

• Object security

Video surveillance is used to secure buildings, underground garages and other objects that can be assigned to the Data Controller in order to be able to document criminal acts or violations of the law. The legal basis for the data processing is the overriding legitimate interest in achieving this purpose (Art 6 para 1 lit f GDPR).

• Access control:

If video surveillance is carried out in the monitored area for the purpose of controlling the authorized access to buildings, properties and delimited areas by the owner or authorized user, then the legal basis for the data processing is the overriding legitimate interest in achieving this purpose (Art 6 para 1 lit f GDPR).

The video recordings are generally stored for a maximum period of 72 hours and then deleted. Longer storage may be necessary in individual cases if the recordings are required for the prosecution of legal violations, the assertion, exercise or prosecution of legal claims or for the purposes of protection or preservation of evidence.

In the case of real-time monitoring, the video data is not saved. You can check whether there is real-time monitoring under list of Data Controllers.

In the event of an incident (prosecution of legal violations, assertion, exercise or prosecution of legal claims or for the purpose of protection or preservation of evidence), the video recordings made for the purpose of securing the object will be evaluated and the following personal data will be collected in addition to the data specified in section 2: Identity of the subjects, as far as recognizable from the recording for the evaluator, and role of the subjects (e.g. perpetrator, victim, witness), as far as recognizable from the recording.

Furthermore, the aforementioned data may be transmitted to the following recipients in case of an incident (prosecution of legal violations, assertion, exercise or prosecution of legal claims or for protection or preservation of evidence purposes), provided that this is proportionate and necessary in the individual case:

• Competent authorities or competent courts (for securing evidence in criminal matters)
• Courts (for securing evidence in civil cases)
• Insurance companies (exclusively for the settlement of insurance cases)

Insofar as the data processing is technologically carried out by a data processor on behalf of the Data Controller, this is indicated under list of Data Controllers.

In the case of real-time monitoring, there is generally neither an evaluation in the event of an incident nor a disclosure of video data to third parties. If a security company is used to monitor the screens for us, this will be disclosed under list of Data Controllers.

You can request information in particular on the origin and categories of data processed by us about you and your business case, the storage period, the recipients to whom your personal data are or have been disclosed, the purpose and nature of this processing. We would like to point out that according to § 4 Abs 6 of the Austrian Data Protection Act (DSG), no information is to be provided if this would endanger the business or trade secrets of the Data Controllers or third parties.

If we process data about you that is incorrect or incomplete, you may request that it be corrected or completed. You can also request the deletion of unlawfully processed data. Please note, however, that this only applies to incorrect, incomplete or unlawfully processed data. If it is unclear whether the data processed about you is incorrect, incomplete or unlawfully processed, you may request the restriction of the processing of your data until this issue is resolved. We ask you to note that these rights are complementary, meaning you can only request either the correction or completion of your data or their deletion.

Even if the data relating to your person is correct and complete and is processed by us lawfully, you may object to the processing of this data in specific individual cases that you have substantiated.

If you have any questions or wish to exercise any of your rights, please contact our data protection officer at dsb@caimmo.com. Although we strive to protect the privacy and integrity of your data to the best of our ability, disagreements about how we use your data cannot be ruled out. If you believe that we are processing your data in an unlawful manner, you may, in addition to contacting our data protection officer, lodge a complaint with the competent data protection authority.