ICEYE CCTV privacy notice

ICEYE is committed to ensuring the safety of our employees, visitors, property, and information stored on the premises. That is why we use a closed-circuit television system (“CCTV”) on our sites. The purpose of this Notice is to give you a better understanding of how ICEYE processes your Personal Data in connection to the CCTV monitoring.

This notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection legislation (“Data Protection Laws”).

ICEYE, as a controller of your data, will only process your Personal Data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the Personal Data that we collect about you is adequate, relevant, not excessive, and processed for explicit purposes.

Your Personal Data will be processed for the following purposes:

1. Controlling access to the premises and zones with special access restrictions,
2. Ensuring the security of the premises,
3. Ensuring the safety of ICEYE staff and visitors,
4. Ensuring the safety of ICEYE property and information located or stored on the premises,
5. To investigate unauthorized physical access, including unauthorized access to secure premises and zones with special access restrictions, IT infrastructure, or operational information,
6. To prevent, detect, and investigate theft of equipment or assets owned by ICEYE, visitors, or staff.

The CCTV system is not used for any other purpose, such as to monitor the work of employees or their attendance. It’s important to note that the location and positioning of the video cameras is not intended to cover the surrounding public space.

The cameras are aimed to give a general overview of what is happening in specific places, but the purpose is not to recognize people unless a security or data protection incident is involved.

The CCTV cameras are installed at:

1. Finland / Espoo office:
   1. All entrances
   2. Corridors
   3. Entrances to restricted zones
2. Poland
   1. All entrances
   2. Corridors
   3. Entrances to restricted Zones

In addition, where cameras are used, there is one plainly visible, on-the-spot sign with the contact information of the controller together with a QR code leading to this Privacy Notice.

We may share your Personal Data internally with our subsidiaries within and outside of EEA. However, we always make sure that anyone we share your Personal Data with upholds the same data protection standards as ICEYE and is bound by appropriate contractual provisions.

In exceptional circumstances and with appropriate legal bases the security footage may be shared with the security of investigatory public bodies.

ICEYE abides by good data management practices, a high duty of care, and strict data security measures to protect your Personal Data. We treat your Personal Data confidentially. It is not disclosed or sold to any third party other than our vendors and subsidiaries unless disclosure is required by the law, judicial body, or government agency. Your Personal Data will be stored in secured databases, which use both technical and organizational measures to ensure data security.

We do not regularly transfer your Personal Data outside of the European Economic Area. However, the collected data may be partially stored outside of the European Economic Area if our subsidiary is located, or stores the data outside of the European Economic Area. In such cases, we aim to ensure that your Personal Data is transferred to these territories based on a valid data transfer mechanism, such as European Commission Standard Contractual Clauses , and that our subsidiaries and vendors maintain at the minimum the security standards that we set for ourselves. Your Personal Data will always be processed in accordance with the Data Protection Laws, these data protection principles, and descriptions of our data registers.

ICEYE abides by good data management practices, a high duty of care, and strict data security measures to protect your Personal Data. We treat your Personal Data confidentially. It is not disclosed or sold to any third party other than our vendors and subsidiaries unless disclosure is required by the law, judicial body, or government agency. Your Personal Data will be stored in secured databases, which use both technical and organizational measures to ensure data security.

We do not regularly transfer your Personal Data outside of the European Economic Area. However, the collected data may be partially stored outside of the European Economic Area if our subsidiary is located, or stores the data outside of the European Economic Area. In such cases, we aim to ensure that your Personal Data is transferred to these territories based on a valid data transfer mechanism, such as European Commission Standard Contractual Clauses , and that our subsidiaries and vendors maintain at the minimum the security standards that we set for ourselves. Your Personal Data will always be processed in accordance with the Data Protection Laws, these data protection principles, and descriptions of our data registers.

As a data subject, you have certain rights with regard to your Personal Data and as a data controller, ICEYE is responsible for fulfilling these rights. We will respond to your requests in accordance with any applicable law, rule, or regulation relating to the processing of your Personal Data.

You have a right to:

Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

We reserve the right not to complete the request if the request is manifestly unfounded or vexatious. Should you request multiple copies or should you submit more than one request per year, we may charge you a reasonable fee based on administrative costs for the execution of the request.

Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:

• If you want us to establish the data's accuracy.
• Where our use of the data is unlawful but you do not want us to erase it.
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
• You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

This Privacy Notice was updated on the 22nd of January 2024.

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates.

Data controller:
ICEYE Oy
Maarintie 6,
02150 Espoo
Finland

In all questions concerning the processing of Personal Data and situations related to exercising your rights, you should contact the data controller. You may exercise your rights by contacting privacy@iceye.fi.