Privacy Policy Video Surveillance
The controller has installed video surveillance in certain areas of properties that are subject to its domiciliary rights ("properties"). A list of the addresses concerned and the monitored areas can be found at "List of Data Controllers" (hereinafter "monitored area").
As part of this video surveillance, personal data of persons in the monitored area is recorded. Below you will find detailed information on this data processing.
Please link to the list of responsible persons. It can also be attached as an annex instead of on a separate page. Please ensure that this list is always up to date.
This data protection information describes video surveillance in a large number of properties operated by different companies of the CA Immo Group. The person responsible therefore differs from property to property.
The person responsible for monitoring the respective property and the associated processing of personal data can be found in the "List of Data Controllers" (hereinafter referred to as the "controller").
You can reach us at dsb@caimmo.com.
The controller collects the following personal data by recording images using video cameras. The following generally applies with regard to the scope:
In principle video surveillance can cover access routes, common rooms and areas as well as car parks. Doorbell cameras can also be affected. Areas assigned to our tenants or public areas (from about 0.5 metres from the outside of the property) are generally not affected. Areas relating to privacy or highly personal circumstances, such as changing rooms or toilets, are not monitored.
If cameras unavoidably record the workplace of employees, they are not analysed for the purpose of monitoring these employees. In such cases, we take additional protective measures on a case-by-case basis. If you have any questions about the protective measures in your property, please contact dsb@caimmo.com.
We do not analyse the images technically; in particular, we do not use them for automated facial recognition. We do not use your data for automated decision-making including profiling within the meaning of Art. 22 para. 1 GDPR.
- In principle, you are not obliged to provide us with your data. However, you may not be able to enter our premises without providing this data. We collect the data directly from you.
Unless explicitly stated in this privacy policy or otherwise described on site, we do not record any sound.
Please note that there is separate data protection information for the respective properties, which may contain further local particularities. If you have any questions, please contact dsb@caimmo.com
As a matter of principle, we do not transfer video surveillance data to third countries outside the European Economic Area. Should a transfer nevertheless occur, we take appropriate protective measures, such as the conclusion of standard contractual clauses. In such cases, we will inform you separately.
The purposes pursued with the specific video surveillance can be found at the List of Data Controllers. Below you will find further information on the various purposes, the data processed, the respective legal basis, storage duration and any data transfers.
2.1. Property security
Processed data | Purposes | Legal basis | Storage duration |
|---|---|---|---|
|
| The overriding legitimate interest in achieving this purpose (Art. 6 para. 1 lit. f GDPR); or the need for processing for the assertion, exercise or defence of legal claims (Art. 6 para. 1 lit. f, Art. 9 para. 2 lit. f GDPR). | The image recordings are generally stored for a maximum period of 72 hours and then deleted. In individual cases, the images may be stored for longer if they are required for the prosecution of legal violations, the assertion, exercise or prosecution of legal claims or for protection or evidence preservation purposes (see below under "Evaluation in the event of an incident") The image data is not saved permanently during real-time monitoring. For technical reasons, the data may be temporarily stored for a few seconds. You can check whether real-time monitoring is taking place in the List of Data Controllers.
|
Transmission to third parties
- In some properties, we have commissioned service providers to monitor the video recording data or use them to provide the video surveillance systems. These can be, for example, security services to which the cameras are connected or IT service providers.
- Facility manager: In some properties, the respective property manager / facility manager is responsible for analysing and monitoring the video surveillance data. They may act as a joint controller with us. You can find out where this is the case in the specific property data protection information.
- The data may be passed on to other third parties if necessary, as described below under "Evaluation in the event of an incident".
The specific third parties can be found in the property data protection information or the List of Data Controllers.
Third country transfers
There is no transfer to third countries.
2.2. Access control
Processed data | Purposes | Legal basis | Storage duration |
|
| The overriding legitimate interest in achieving the stated purposes (Art. 6 para. 1 lit. f GDPR or Art. 9 para. 2 lit. f GDPR). | The image recordings are generally stored for a maximum period of 72 hours and then deleted. In individual cases, the images may be stored for longer if they are required for the prosecution of legal violations, the assertion, exercise or prosecution of legal claims or for protection or evidence preservation purposes (see below under "Evaluation in the event of an incident") The image data is not saved permanently during real-time monitoring. For technical reasons, the data may be temporarily stored for a few seconds. You can check whether real-time monitoring is taking place in the List of Data Controllers. |
Transmission to third parties
- In some properties, we have commissioned service providers to monitor the video recording data or use them to provide the systems. These can be security services, for example, where the cameras are connected, or IT service providers.
- Facility manager: In some properties, the respective property manager / facility manager is responsible for analysing and monitoring the video surveillance data. They may act as a joint controller with us. You can find out where this is the case in the specific property data protection information.
- The data may be passed on to other third parties if necessary, as described below under "Evaluation in the event of an incident".
The specific third parties can be found in the property data protection information or the List of Data Controllers.
Third country transfers
There is no transfer to third countries.
2.3. Doorbell camera
The property has a doorbell camera that is only activated when the doorbell is pressed and switches off automatically after a short period of time. There is no connection to the Internet, nor is the image material stored for longer than is technically necessary. The camera is only focussed on the area close to the entrance. The image material transmitted via the camera is only seen by the reception staff and the tenant whose doorbell you have rung.
Please note: In some properties, a doorbell camera is not operated by us, but by the tenants themselves. These tenants are then independently responsible. Please contact the tenants directly for the relevant data processing. This declaration applies in each case in which you are referred to in the property data protection information.
Processed data | Purposes | Legal basis | Storage duration |
|
| The overriding legitimate interest in achieving the stated purposes (Art. 6 para. 1 lit. f GDPR or Art. 9 para. 2 lit. f GDPR). | There is no permanent storage of the video-supported door opener function. A short intermediate storage of a few seconds is possible for technical reasons. |
Transmission to third parties
The image material transmitted via the camera is only viewed by the reception staff of third-party service providers. Neither the CA Immo Group company operating the property, nor the property manager or facility manager will be aware of this. The reception desk is not manned by the tenant, so the tenant does not see the material either. The doorbell camera is provided by the CA Immo Group company operating the property. The installation of the doorbell camera serves to identify the visitor and grant access to the building.
Third country transfers
There is no transfer to third countries.
2.4. Vehicle licence plate recognition for parking space management
In some of our properties, we have a number plate recognition system in our car park management system. This uses image recognition to record vehicle licence plates on entry and exit. You can find out in which properties this is the case in the property data protection information or the List of Data Controllers.
The number plate recognition system only creates individual image sequences (no videos), which automatically capture the number plates and match them to a stored access authorisation on the system side.
There are two procedures for licence plate recognition:
- Car park allocation with licence plate recognition: In some cases, we or our contractual partners (such as the facility manager), manage the licence plates. Each tenant has a certain number of parking spaces. They can provide us with the authorised number plates for these. These are then stored in the system by us.
- Allocation: In other cases, tenants have a certain quota of parking spaces. They then have independent access to the system and can enter and manage the licence plates themselves. We, or our contractual partners (such as the facility manager), then only provide and maintain the system or the app. In this case, we act as a processor for our respective tenant. The processing of personal data is then the responsibility of the tenant. Please contact the respective tenant directly for information on data processing.
We generally do not access the data, but merely operate the systems. We only analyse the data in the event of an incident, such as a break-in, as described below under "Evaluation in the event of an incident".
Processed data | Purposes | Legal basis | Storage duration |
|
| The overriding legitimate interest in achieving the stated purpose (Art. 6 para. 1 lit. f GDPR or Art. 9 para. 2 lit. f GDPR). | The access data stored in the system will remain stored until our tenant instructs us to delete them or, alternatively, the tenancy agreement ends and a period of 4 years has expired (limitation period) The images of the respective entry or exit are stored for a maximum period of 72 hours. |
Origin of the data
We receive personal data from our tenants in connection with car park management, such as vehicle registration numbers for access authorisation.
Transmission to third parties
- In some properties, we use service providers who provide the licence plate recognition systems. These can be IT services, for example.
- In organisational terms, the commercial property manager is only involved in contract processing. As a rule, they do not have access to the system itself, but they initially enter the data in our systems. We are jointly responsible with the property manager.
- In some properties, the respective property manager / facility manager takes over the administration. They may act as a joint controller with us. You can find out where this is the case in the specific property data protection information.
- The data may be passed on to other third parties if necessary, as described below under "Evaluation in the event of an incident".
The specific third parties can be found in the property data protection information or the List of Data Controllers.
Third country transfers
There is no transfer to third countries.
2.5. Evaluation in the event of an incident
In the event of cause (e.g. suspicion of criminal offences, prosecution of legal violations, assertion, exercise or prosecution of legal claims or for protection or evidence preservation purposes), the image recordings made are evaluated.
When the recordings are first viewed, it is checked whether there are any indications that a relevant offence has been recorded. If this is the case, an excerpt of the relevant sequence is created and saved, and any indications of a criminal offence, for example, are followed up. Depending on the result of the analysis, the case is closed or any necessary measures are initiated. If the image material does not show any relevant facts, it is deleted.
The video material is stored on a CD/DVD/a comparable storage medium for as long as necessary and then deleted. The recordings to be retained are labelled so that they are not used for other purposes. The storage and evaluation are logged.
In the case of real-time monitoring, there is generally neither an evaluation in the event of an incident nor a disclosure of image data to third parties.
In cases of cause, other persons (groups) are included in the processing in accordance with predefined criteria and at the discretion of the parties involved, if this appears useful for the appropriate handling or escalation of the respective incident.
Processed data | Purposes | Legal basis | Storage duration |
|
| The overriding legitimate interest in the need for processing for the assertion, exercise of our domiciliary rights (Art. 6 para. 1 lit. f, Art. 9 para. 2 lit. f GDPR). | If the person responsible determines that the recordings are unsuitable for a more detailed assessment of the recorded situation, they will be deleted. They will be deleted as soon as possible, but no later than 72 hours after it has been established that the recordings are no longer required. In other cases, the recordings are stored until the legally binding conclusion of the proceedings, including any enforcement proceedings. Alternatively, until the limitation period is reached. For claims that trigger the standard limitation period, this is usually 4 years. If claims for damages based on intentional injury to life, limb, health, freedom or sexual self-determination come into consideration, the limitation period is 10 years.
|
Origin of the data
We may receive information, such as the identity of individuals, from third parties such as our tenants.
Transmission to third parties
- Tenants/leaseholders or visitors to the building or car park affected by an incident (such as damage).
- Legal representatives and other service providers who are consulted in the course of clarification or prosecution.
- In some properties, we have commissioned service providers to monitor the video recording data. These can be security services, for example, to which the cameras are connected.
- The facility manager is often responsible for the initial analysis of the video surveillance data. We are jointly responsible with the facility manager.
- The commercial property administrator / property manager if escalation to them appears necessary. We are jointly responsible with the property manager.
Third country transfers
There is no transfer to third countries.
In addition to the third parties mentioned above under the respective processing activities, we may also pass on the data to the following recipients in individual cases, should this become necessary:
- competent authorities or competent courts and other parties to proceedings, such as experts or legal counsels (to secure evidence in criminal cases)
- Courts and other parties to proceedings, such as experts or legal counsels (to secure evidence in civil law cases)
- Insurance companies and other parties involved in proceedings, such as experts or legal advisors (exclusively for the settlement of insurance claims)
If the video surveillance is technically carried out by a processor on behalf of the controller, this is indicated in the List of Data Controllers.
In the case of real-time monitoring, the image data is neither analysed in the event of an incident nor disclosed to third parties. If a security company is used to monitor the monitors on our behalf, this will be disclosed in the List of Data Controllers.
As a data subject, you have the following rights in relation to the processing of your data:
Right to withdraw consent
If we process your data on the basis of your consent, you are entitled to withdraw your consent at any time. After receiving your cancellation, we will no longer process this data unless the processing is required and permitted for other legal reasons. Withdrawal of consent does not affect the lawfulness of the processing carried out up to the time of withdrawal.
Right to information
You can request information about the personal data processed about you, in particular about the origin and categories of data processed, the storage period, the recipients to whom your data has been disclosed, the purpose and type of processing. On request, we will provide you with a copy of the data that we process about you.
We would like to point out that no information is to be provided if this would jeopardise the business or trade secrets of the controller or third parties.
Right to rectification
If we process data about you that is incorrect or incomplete, you can request that it be corrected or completed – also by means of a supplementary declaration.
Right to cancellation
You have the right to demand that we erase the data concerning you.
We would like to point out that the right to erasure does not exist in particular if we process the data in order to fulfil a legal obligation or to assert, exercise or defend legal claims.
Right to restriction of processing
You have the right to request that we restrict the processing of your data, for example if you dispute the accuracy of the data, for a period of time that enables us to verify the accuracy of this data.
Right to data portability
If we process data about you that you have provided to us, you may, under certain circumstances, request that this data be transmitted to you in a machine-readable format. You can also instruct us to transmit this data directly to a third party of your choice, provided this is technically feasible.
Right to lodge a complaint
Although we endeavour to ensure the protection and integrity of your data to the best of our ability, disagreements about the way in which we use your data cannot be ruled out. You therefore have the right to lodge a complaint with a data protection authority. This could include the data protection authority at your place of residence or at our location.
The data protection authority responsible for CA Immobilien Anlagen AG is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at. For other responsible companies (see List of Data Controllers), you can find the data protection authorities in the list at this link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de.
However, we would appreciate it if you would contact us first if you have any questions or concerns about our processing of your data, so that we can find a solution together.
RIGHT TO OBJECT
Even if your personal data is correct and complete and is processed by us lawfully, you can object to the processing of this data at any time if there are special reasons relating to your person. You can also object at any time if you receive direct advertising from us and no longer wish to receive this in future.
If you have any questions or wish to exercise any of your rights, please contact dsb@caimmo.com.
We reserve the right to amend this data protection information from time to time at our own discretion. We will notify you of any material changes in the way we handle data by providing you with a prominent notice on our website or through other appropriate communication channels. Please check this data protection information at regular intervals. All changes will take effect from the date of publication, unless otherwise stated.