Video Surveillance Notice

1.    General

Blueprint Genetics (“we”, “us”, “our”) is committed to respecting your privacy and protecting your personal data, which is any information that is capable of identifying you as an individual person. This Video Surveillance Privacy Notice describes how we handle and protect your personal data. We will keep this notice under regular review.

This Privacy Notice is for our customers, partners, employees, and the supervisory authority, and it contains information required by the EU General Data Protection Regulation, the data subjects’ national legislation, and Guidelines 3/2019 on the processing of personal data through video devices by the European Data Protection Board.

2.   Contact details of the data controller

Blueprint Genetics Oy (entity engaged in video surveillance)

Blueprint Genetics Privacy Team
Address: Keilaranta 16 A-B, 02150 Espoo

Email: privacy@blueprintgenetics.com

3.   Contact details of the Data Protection Officer

Blueprint Genetics’ Data Protection Officer

Blueprint Genetics Oy

Address: Keilaranta 16 A-B, 02150 Espoo, Finland
Email: privacy@blueprintgenetics.com

4.  Data Subjects

If you are moving about in our physical locations, including temporary ones, you are subject to video surveillance at the entrances and in server rooms.
Examples of data subjects relating to video surveillance are our customers, employees, and partners moving about in this particular area.

5. Purpose

In our operations, we process confidential information and special categories of data, such as health data. As we are responsible for our employees’ safety at work, video surveillance is primarily used for safety purposes.

List of purposes for which we use video surveillance:

  • Ensuring the personal safety of data subjects, such as our employees, partners, and customers
  • Supervising the appropriate and secure functioning of service processes
  • Protecting data, property, and data subjects, such as our employees
  • Preventing and investigating situations endangering safety, property, or the service process
  • Managing risks related to physical security
  • Fulfilling our insurance and audit-related requirementsThe data subject’s personal data may be used in the prevention, uncovering, and investigation of any criminal activity.

6. The legal basis of personal data processing

The processing measures and purposes are performed based on our legitimate interest as the controller. Video surveillance is necessary so that we are able to prevent events that endanger security, property, production processes, and in general, business continuity. We have taken into account the special legal requirements for video surveillance.

7. What personal data is being processed?

The personal data consists of visual recordings that contain recorded video images of the data subject in the video surveillance area and information on the time of recording.

8. Is my personal data shared with third parties?

Personal data may be disclosed to relevant authorities, such as the police in statutory cases.

9. Is my personal data transferred outside the European Economic Area?

No. We use an EU-based supplier for data processing, and all data will be processed inside the EU or EEA.

10. How long is my data retained?

Personal data will be retained for the period required to fulfill the purposes determined for the data processing in this notice. Data subjects’ data are erased automatically after approximately one (1) month of collection, with the exception of data required to clear up any offenses that may be needed for more than one (1) month, due to a pre-trial investigation performed by relevant authority/court proceedings.

11. How is my data collected and updated?

Personal data is collected when the data subject moves on the premises under the video surveillance system.

12. How can I exercise my rights as a data subject?

We are responsible for fulfilling the rights of the data subjects relating to the data processing described in this notice.

Data Subject Rights:

  • As a data subject, you have the right to receive our confirmation of whether your personal data will be processed or not, or whether it has already been processed
  • If we process your personal data, you have the right to receive the information and a copy of the personal data being processed or already processed (we may charge a reasonable administrative fee for any additional copies requested by you)
  • As a rule, all data subjects exercising their right to access data may view the footage or a summary of the footage at the business location. We will not disclose any part of the footage that contains other data subjects. As such, the data accessible is often a collection of still images
  • You have the right to request that we rectify or delete your personal data
  • If you would like to exercise these rights or understand if these rights apply to you, please contact us by sending an email to privacy@blueprintgenetics.com
  • If you consider that your personal data is not processed legally, you have the right to file a complaint with the supervisory authority

13. How is my privacy secured?

We implement appropriate technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures take into account the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for your rights. We are committed to processing personal data securely and in a manner that satisfies the requirements of applicable laws. We have carefully assessed the risks that may be associated with the processing and taken the necessary measures to manage these risks.

Such measures include, for example:

  • The pseudonymization and anonymization of personal data, when possible
  • Training our employees and other staff regularly
  • Using confidentiality undertakings with our employees and partners
  • Using backup systems, account privileges, user identity verification, restricted access, access control, and locking
  • Implementing function-specific data privacy and security practices
  • Physical safeguards
  • Arranging third-party audits
  • Regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing