Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelWorkplace access control with person over template control

By: Ludwig Karneth
Human resourcesPrivate
This processing model is related to access control at the entrance and in the restrictively identified premises, as well as to access control to professional IT devices and applications

Purposes (2)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Access control at the entrance and in restricted premises
Those subject to traffic restrictions, excluding any control of employee schedules
Legitimate interest
2
Controlling access to professional IT devices and applications
Those restrictively identified by the organization, excluding any control of the user's working time.
Legitimate interest

Data categories (3)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Data on employees' working lives

Data details


Name of employerrequired
Graderequired
corps d'appartenancerequired
Internal personnel numberrequired

Data conservation rules

Active base:

Duration of employment contract

Elements relating to the movement of people

Data details


Door number usedrequired
Time in and time outrequired

Data conservation rules

Active base:

3 months

Employee identification data

Data details


Employee detailsrequired
Individual authentication or support numberrequired
Biometric Keyrequired
Biometrics template

Definition

- Type 1 : templates under the control of the persons concerned are those whose only durable storage medium is held by the person him/herself, e.g. in the form of a badge or smart card ;- Type 2 : Templates under shared control are those whose durable storage medium is controlled by the employer or his employees, but which are kept in a form that makes them unusable without the use of a secret held by the person concerned;Type 3: templates not controlled by the persons concerned are those whose permanent storage medium is controlled by the employer or his agents in an exploitable form requiring neither a badge containing the template nor the use of a secret controlled by the person concerned.

requiredsensitive data
Photography

Definition

Photograph including the person's face

required
Employee's first and last namerequired

Data conservation rules

Active base:

The biometric template may only be kept for the duration of the person's access authorization, and must be deleted when the person leaves.The categories of data relating to identity, professional life and parking management may, at most, be kept for five years after the departure of the person with long-term access authorization, and 3 months after the departure of persons with one-off access authorization.

Data subject (1)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Employees

Author:
Ludwig Karneth
Ludwig Karneth

Created at:07/08/2023

Updated on:00/01/1970

License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale

Nb using:6


Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.