Please note: this is the data processing notice for our services. To view the privacy notice for using this web site, please see: https://www.accessgreen.ie/website-privacy-policy/
Who are we?
We are accessgreen limited; our registered address is: Jigginstown Commercial Centre, Newbridge Road Naas Co. Kildare Ireland. Company No: 590334.
What is our role under the General Data Protection Regulation (GDPR)?
We consider ourselves to be the Data Processor acting on behalf of Owners Management Companies who are the Data Controllers for whom we act.
Both the Data Controllers and the Data Processors are subject to the: Office of the Data Protection Commissioner, the Supervisory Authority.
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
LoCall: 1890 25 22 31
Where did we get your data?
We received your data directly from you or through the data controller and/or their agents.
What is the purpose of processing your data?
accessgreen provides user validation, authentication and communication services in relation to the efficient running of common areas and shared facilities in multi-unit developments, like apartment blocks. We have been appointed by your Owners Management Company who is the data controller.
What is the lawful basis for this processing?
Processing is necessary for the performance of a contract to which the data subject is party [ Article 6 GDPR (1)b ].
Under the Multi-Unit Developments Act 2011(Mud Act) a unit owner is under an obligation to furnish the OMC with contact details of residents and owners that can reasonably be requested. For the smooth running of the shared facilities and common areas, the phone numbers, email addresses, registration plates are considered a reasonable request.
What type of data do we keep?
Name, address, email, phone, interested parties, key holder names, key holder email, key holder phone, tenant names, tenant email, tenant phone, car registration plates, other general contact information, general notes, email, transaction details.
accessgreen also acts as a CCTV data processor for some Owner Management Companies.
Who is this data shared with?
This data is shared only with similar Data Processors for the purpose described above. Accessgreen’s operational model is to limit the amount of data shared with 3rd parties to a minimum needed for enforcement and authorisation activities.
Where is the data stored?
The data is stored within the EU.
How long will the data be stored?
Your data will be maintained by us for as long as the contract between the Data Controller and us ( the Data Processor ) exists or for as long as required by legislation.
What if your tenancy ends?
There is still an obligation on the Data Controller to maintain adequate accounting records. See above.
Classes of Processors:
Access control specialists, CCTV Maintainers and Suppliers, Property Management Companies.
The CCTV Policy is in place to enable the “Service Provider” to run and operate the CCTV system which is integrated with the access control system and your personal data.
The CCTV policy is relevant to all users of the facilities. Moreover, it relates directly to the
location and use of CCTV, and the monitoring, recording and subsequent use of such recorded material.
Risk assessment & Legitimate Interest assessment
A risk assessment in relation to the use of CCTV in common areas of apartment blocks, and a Legitimate Interests Assessment, specifically to cover the security and health issues related to communal bin storage areas in order to prevent fly tipping, illegal dumping, and misuse of the facilities by residents in accordance with the house rules of the management company has been carried out.
It is an accessgreen policy not to use facial recognition technology.
The documents “accessgreen – CCTV Statement” and “accessgreen – Legitimate Interests Assessment” can be requested by writing to The Secretary of the Management Company and provide proof of identity and proof of address.
It is the Service provider’s view that the use of CCTV and data processing associated with it in these circumstances are beneficial to the development as a whole and the necessary steps to ensure the least impact on freedoms and rights of individuals have been taken. Therefore, accessgreen’s CCTV cameras will be used solely to monitor and enforce the house rules relating to disposal of waste in the bin store, to monitor disposal of waste by non-owners/non-occupiers of apartments, and to monitor and enforce the terms and conditions of using the access control system including the sharing footage with Litter Warden where accessgreen believe there to a breach of the The Litter Pollution Act 1997 (as amended in 2017), and for no other purpose, whilst complying with any legal obligations to provide footage to the Gardai.
Data Protection, Storage and Retention
The data captured from the CCTV cameras is securely stored locally as electronic data. Typically this data is recorded on a loop and overwritten automatically after a set period of time defined in the scope of services section. Data can also be accessed securely by a remote connection and stored for no longer than the same specified period of time. However, data may be retained for longer periods where the events captured give rise to possible legal proceedings or show an activity breaking the house rules. Footage may only be viewed by accessgreen staff and appointed third party contractors and people on the Authorised Viewers List.
Any person whose image has been captured has a right to be given a copy of the information recorded provided that such an image/recording exists (i.e. that it has not been deleted) and provided that an exemption /prohibition does not apply to the release. To exercise that right, a person must make an application in writing to The Secretary of the Management Company and provide proof of identity, proof of address and giving a reasonable indication of the time period sought and the reason why the image/recording is sought.
What are your rights?
You have a right to be informed.
You may request a copy of your data stored.
You may request corrections to any erroneous data.
You may request deletion of data, if not in violation of statutory or contractual requirements.
You may lodge a complaint to the controller or object to processing.
You may lodge a complaint to the Supervisory Authority.
You may withdraw consent if processing originally required consent.
What happens in the event of a Data Breach?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Changes to this Notice
This Policy may be subject to change the latest version will always be on our website.