INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA – VIDEO SURVEILLANCE ARTICLE 13 OF REGULATION (EU) 2016/679 (“GDPR”)

DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)

Dot Beyond S.R.L. (hereinafter, the "Controller" or the "Company"). Registered office: Ravenna, Via Teodorico, 15. The Controller can be contacted by phone at 06-457753.1, by email at segreteriagenerale@dotbeyond, or via certified email (PEC) at dotbeyond@legalmail.it.

PURPOSE OF DATA PROCESSING AND TECHNICAL FEATURES OF THE SYSTEM

Images and/or videos recorded by the video surveillance system are collected and processed based on the Controller's legitimate interest, in order to ensure the safety and protection of individuals accessing the premises and company property. The video surveillance system consists of a network of closed-circuit cameras installed outside the company headquarters, properly signposted before entering the monitored area. The system enables continuous image collection, real-time viewing, and frame storage. The cameras allow video recording even in low-light conditions at night. Cameras are installed at the two entrances of the company headquarters. Image management, viewing, and downloading of recorded images are carried out through local and centralized surveillance systems. Recorded images can be viewed in real-time via monitors located at the reception desk in the secretarial offices and by the Internal Manager for video surveillance processing. In compliance with the principles of data relevance and minimization, cameras are installed to limit the field of view, avoiding unnecessary collection of detailed images unless strictly necessary. They are positioned to prevent capturing facial features or any other details that could lead to personal identification.

DATA RETENTION AND DATA DISCLOSURE

Recorded images are stored for a maximum period of 48 hours, after which they are automatically deleted in accordance with technical deletion and backup procedures, except for extended retention due to holidays, office closures, or specific investigative requests by judicial or law enforcement authorities. The collected and processed data may be disclosed exclusively for the above-mentioned purposes to judicial or law enforcement authorities upon request. Personal data will not be disseminated in any way. Recorded footage may be viewed in real-time by the video surveillance system provider, appointed as Data Processor under Article 28 of the GDPR, for system maintenance purposes. Additionally, access is granted to expressly authorized and trained personnel, as well as authorities conducting investigations in case of crimes or offenses. The Internal Manager for video surveillance processing may record images that contain evidence of criminal activity or risks to public safety and company assets. When necessary, images may be magnified strictly within the scope of the specific purpose and recorded on magnetic storage devices. Such information will only be accessible by law enforcement authorities and the judiciary and may be used in relation to investigations.

MANDATORY PROVISION OF PERSONAL DATA

Providing personal data is mandatory for accessing the company premises. Refusal to provide data will result in the inability to allow access to the Controller’s premises, as entering the monitored areas inevitably leads to the collection, recording, storage, and general use of the images of the data subjects.

DATA SUBJECTS’ RIGHTS

Data subjects may exercise their right of access under Article 15 of the GDPR by submitting a written and motivated request to the Company to identify relevant footage. Requests for copies of images must include the date and time of the recording, the location where they were captured, and identifying information of the individual. Data subjects may only access images that directly concern them. If necessary, third-party images will be masked (even manually). Access may include third-party data only when the separation or removal of certain elements would render the data subject’s information incomprehensible. Regarding video surveillance, the right to data portability does not apply, as the processing is based on the Company's legitimate interest. Moreover, due to the nature of the collected data, it is not possible to exercise the right to update, rectify, or integrate the images. If the right to object is exercised, the Controller reserves the right to deny the request and continue processing if compelling legitimate grounds prevail over the interests, rights, and freedoms of the data subject.

Finally, data subjects have the right to file a complaint with the competent supervisory authority under Article 77 of the GDPR.