Information clause – video surveillance

To fulfill the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter: “GDPR” – we inform you that:

1. The Data Controller related to video surveillance is Rebel Wolves sp. z o.o. with registered office in Warsaw at Dereniowa 60 lok. U4 Street, (02-776) Warsaw, KRS: 0000933935, NIP: 9512529961 (hereinafter: “Rebel Wolves”). You can contact Rebel Wolves via email at office@rebel-wolves.com or at the above-mentioned registered address.

2. Personal data obtained through the video surveillance system, particularly images and the date and time of the recorded footage, are processed to ensure the protection of property and the safety of individuals on the monitored premises, as well as to keep confidential information whose disclosure could harm Rebel Wolves. Personal data obtained through the video surveillance system may also be processed by Rebel Wolves in the event of disputes between the data subject and Rebel Wolves/third parties.

3. The legal basis for processing personal data is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of Rebel Wolves in ensuring the safety of personnel and property, protecting confidential information, and establishing, exercising, or defending claims in court proceedings, administrative proceedings, or other non-judicial proceedings.

4. Data will be stored until overwritten, but for no longer than 3 months. If the recorded footage constitutes evidence in proceedings conducted under the law, or if Rebel Wolves becomes aware that it may constitute evidence in such proceedings, the storage period for the monitoring data is extended until the final conclusion of the proceedings.

5. Only images (without sound) are recorded and saved on the medium. The monitoring covers the studio, excluding sanitary facilities, the cafeteria, and the smoking area.

6. The recipients of your personal data may include entities supporting Rebel Wolves, particularly entities managing the monitoring system, law firms, IT service providers, and security companies. Additionally, personal data may also be shared with entities or authorities authorized to receive data under the law.

7. Providing your data is voluntary but necessary to enter and remain on the monitored premises. Failure to provide the data will result in the inability to enter and remain on the monitored premises.

8. Personal data may exceptionally be transferred to partners processing them outside the European Economic Area (EEA), but only to the extent necessary for the provision of services to the Controller. In such cases, the Controller ensures the protection of personal data, particularly through the use of standard data protection clauses adopted by the European Commission or transfer to countries for which the European Commission has issued a decision on the adequate level of protection. In such cases, you have the right to obtain a copy of the applied safeguards.

9. Your personal data will not be subject to automated decision-making, including profiling.

10. You have the following rights: (i) the right to access personal data, including obtaining a copy of the data, (ii) the right to request the rectification, deletion, or restriction of the processing of personal data, (iii) the right to object to the processing of personal data – to the extent that the processing is based on the legitimate interest of the controller or a third party, and (iv) the right to lodge a complaint with the supervisory authority (President of the Office for Personal Data Protection). The scope of each of these rights and the situations in which they can be exercised are determined by law. To exercise your rights, please contact Rebel Wolves in the manner specified in point 1 above.