Information note on personal data protection - Video surveillance
0 results for «»
Personal data protection
Thus, the protection of your personal data naturally constitutes a priority for the CFL, or any entity of the CFL group who has to process your personal data.
This note provides you with the necessary information and explains to you how we collect, use, share, store and protect your personal details when implementing video surveillance.
It also informs you on your rights and on how to exercise them.
1. Who is the controller?
As such, we are liable for the way we collect, use, share, store and protect your personal data.
2. What categories of personal data are processed and for what purpose?
To fulfil these missions, we collect and process some of your personal data such as your image, in order to:
- secure access;
- ensure staff and user security;
- detect and identify potentially suspect or dangerous behaviours, which may cause an accident or an incident;
- accurately identify the origin of an incident;
- protect goods (buildings, vending machines, trains, elevators, stairs, entries and exits of parking facilities, mobile platforms, SOS booths, etc.);
- organise and supervise the fast evacuation of people in case of an incident;
- be able to alert emergency or fire services or the police, and facilitate their intervention;
- prevent, through dissuasion, any harm to property in form of thefts, burglaries or vandalism, as well as gather evidence relating to observed offences, and find and identify the authors;
3. How do we collect, process and use your data?
For each purpose described above, the collection and processing
- are performed in compliance with applicable laws and regulations regarding the protection of personal data, including the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the related guidelines as well as the national laws implementing the GDPR, as the case may be,
- are legally justified by our interest which is recognised as legitimate or by the necessity to carry out a mission of public interest we have been entrusted with.
4. How long do we keep your data?
- 15 days to 20 days for CFL buses depending on the used system;
- 72 hours for Alstom or Stadler trains;
- 5 to 10 days for Bombardier trains;
- 20 days for railway stations, platforms and P&R;
- 20 days for elevators and SOS booths,
- 20 days for the funicular.
5. Who can access your data?
- the Assistance Unit for Security and Quality (Cellule d'Assistance Sécurité et Qualité) of the Travel Activities Management (Direction Activités Voyageurs),
- the Division for Quality, Security and Environment (Division Qualité, Sécurité, Environnement) of the Department Infrastructure Operation (Service Exploitation Infrastructure),
- the Maintenance Center (Centre de Maintenance) of the Department Trains and Equipment (Service Trains et Matériel),
- the Operational Center (Centre Opérationnel) of the Department Trains and Equipment (Service Trains et Matériel),
- the Operational Unit and Coaching of the Department Travel Activities Trains (Service Activités Voyageurs Trains),
- the Video Surveillance Unit (Centrale de Télésurveillance).
These data will be or could be shared with some of our internal departments in strict compliance with the missions these departments have been entrusted with:
- the authorised managers,
- the Unit Legal affairs and Insurances (Division Juridique et Assurances) of the General Secretariat,
- the Central delegation,
- the Department Security, Safety and Environment (Service Sécurité, Sûreté et Environnement),
- the members of executive mangement.
We contractually impose on our service providers to safeguard the security and the confidentiality of your personal data by means of appropriate technical and organisational measures complying with laws and regulations.
6. Where do we process your data and where do we transfer them?
CFL may transfer your personal data outside the European Union. In this case, we contractually impose on service providers guarantees of security and confidentiality concerning your personal data by means of appropriate technical and organisational measures, such as standard contractual clauses, in accordance with European regulations, and we ensure that these guarantees are respected.
We acknowledge the invalidation of the privacy shield. We are taking the necessary steps to ensure that the level of protection of your personal data to the United States remains adequate.
7. What are your rights regarding your personal data?
- Access the recordings,
- File a complaint with the authority in charge of the protection of personal data in your country and/or in the Grand Duchy of Luxembourg (Commission Nationale pour la Protection des Données – CNPD, established in 1, avenue du Rock’n’roll, L‑4361 Esch-sur-Alzette – www.cnpd.public.lu).
8. How to contact us and how to exercise your rights?
- on our website www.cfl.lu or by clicking on the link gdpr.cfl.lu under the tab “data protection” at the bottom of the page,
- or by regular mail to the following address:
Société Nationale des Chemins de Fer Luxembourgeois (CFL)
Data Protection Officer (DPO)
9, place de la Gare
1, avenue du Rock’n’roll
9. How do we update this information note?
The last version in force is the one on the CFL’s website.