GDPR Data processing modelWorkplace access control with person over template control
By: Ludwig KarnethPurposes (2)
A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable
Data categories (3)
Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)
Data on employees' working lives
Data details
Data conservation rules
Active base:
Duration of employment contract
Elements relating to the movement of people
Data details
Data conservation rules
Active base:
3 months
Employee identification data
Data details
Definition
- Type 1 : templates under the control of the persons concerned are those whose only durable storage medium is held by the person him/herself, e.g. in the form of a badge or smart card ;- Type 2 : Templates under shared control are those whose durable storage medium is controlled by the employer or his employees, but which are kept in a form that makes them unusable without the use of a secret held by the person concerned;Type 3: templates not controlled by the persons concerned are those whose permanent storage medium is controlled by the employer or his agents in an exploitable form requiring neither a badge containing the template nor the use of a secret controlled by the person concerned.
Definition
Photograph including the person's face
Data conservation rules
Active base:
The biometric template may only be kept for the duration of the person's access authorization, and must be deleted when the person leaves.The categories of data relating to identity, professional life and parking management may, at most, be kept for five years after the departure of the person with long-term access authorization, and 3 months after the departure of persons with one-off access authorization.
Data subject (1)
A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process
- Employees
Attribution / Pas d'utilisation commerciale
CC-BY-NC