1. Personal data
2. Purposes of personal data processing. Legal basis
Allowing access to the building responsibly, by taking all appropriate technical and organizational measures to ensure occupational health and safety and reducing the spread of COVID-19 virus, to detect potential infected persons and to avoid their access within the company and their contact with other persons, being an indirect defense of a public or community interest.
Because the personal data are part of the special categories, the basis of the processing is represented by art. 9, para.2, let. b (fulfillment of the specific obligations and rights of the Operator), letter g (major public interest) and let. i (reasons of public interest in the field of public health) from GDPR, corroborated with art.6, paragraph 1, letter c) of the GDPR and the fulfillment of a legal obligation (legal provisions regulating aspects such as epidemiological triage, preliminary measurement of body temperature, contained in acts such as Law 55/2020 art. 13 and point 2 letter a) and point 3 letter, b) from GD no. 24/2020). The data processing is done in compliance with the principles of processing, according to GDPR, respectively legality, fairness, transparency, minimization of data, accuracy, limitations related to storage, integrity and confidentiality.
The provision of personal data is necessary for access to the building, being an appropriate measure in the category of those necessary to ensure health and safety at work and reduce the spread of COVID-19 virus. If the data subject refuses to measure body temperature, access to the building will not be allowed; if the data subject is an employee of the Operator, he can address a competent medical staff or can continue teleworking, according to the internal regulations and the relevant legislation. If the data subject is not an employee of the Operator, he can address a competent medical staff.
3. Retention period
- Data is not stored (the measurement is performed with a non-contact thermometer that does not store data and if the measured values are in normal parameters)
- 30 days, in case there is a refusal of access to the premises, which can be extended if in these 30 days there is a dispute / conflict / administrative complaint, in which case those data elements can be stored until to extinguish that situation.
4. Controllers/ Processors and Recipients of data
- to the competent authorities, at their request, for the verification of the degree of fulfillment of the legal obligations
- to the DSP, occupational medicine, external doctor and other competent authorities if there is an employee with these symptoms and, according to the internal procedure, the authorities must be notified or if an employee is confirmed with coronavirus and the authorities request additional data
5. Data subject rights
To exercise these rights, you can address a written request, dated and signed to the person responsible for processing personal data within the company. The application can be submitted at the headquarters of EOS KSI ROMANIA S.R.L. - Romania, Bucharest, Blvd Dimitrie Pompeiu, no. 10A, Conect Business Park, Building C3, floor 7, Sector 2 or can be sent by e-mail to protectiadatelor@eos-ksi.ro.
We inform you that, by virtue of Regulation 2016/679, you can contact the National Authority for the Supervision of Personal Data Processing, at the address: Bd. G-ral Gheorghe Magheru 28-30, sector 1, postal code 010336, Bucharest, Romania , phone: +40318059211, e-mail: anspdcp@dataprotection.ro , if you consider that your rights provided in Regulation 2016/679 have been violated.