Evercam’s GDPR Commitment
At Evercam, we are committed to safeguarding the privacy and data protection rights of individuals, including those within the European Union (EU). The General Data Protection Regulation (GDPR) represents a significant advancement in data protection laws, and Evercam is dedicated to ensuring that our products and services are fully compliant with GDPR requirements.
Understanding data privacy requires familiarity with certain terms:
Data Subject: An individual whose personal data has been collected.
Data Processing: The operations performed on personal data, whether automated or manual.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.
In simple terms, Evercam is the Data Processor and our Clients are the Data Controllers
Compliance in Practice
As a Data Processor, Evercam diligently adheres to the key principles of the GDPR in the following ways:
- Lawfulness, Fairness, and Transparency: A clear signage is placed on site to inform about the video capturing system in place.
- Purpose Limitation: Data is captured for legitimate interests such as Health & Safety and Project Management/Fraud Detection.
- Data Minimisation: Field of view is focused on capturing the construction progress. Privacy Shields are applied to areas not related to construction activities.
- Storage Limitation: We store footage for typically 3 years due to construction liability periods. However, we follow our clients instructions on retention periods.
- Integrity and Confidentiality: Access rights are restricted. Evercam acts only on written instructions.
- Accountability: We keep records of what data we have and where it is stored.
GDPR FAQs
Do Clients have the right to capture the data?
GDPR permits data capture for legitimate purposes. Health & Safety and Project Management (including Fraud Detection) are generally considered legitimate purposes. However, it is the responsibility of the Data Controller (Client) to determine the legitimacy of these purposes.
Is individual consent required for data collection?
Obtaining individual consent is one lawful basis for data collection under GDPR, but it’s not always required. Data can also be processed based on legitimate interests, which can, in certain circumstances, override the need for explicit consent. However, even when relying on legitimate interests, Evercam recommends clear communication about data capture during the site induction process. This ensures transparency with individuals and reinforces good data protection practices.
Can a Client use the cameras for the performance management of an individual?
We advise against using Evercam’s reality capture for individual performance management. Our solutions are designed to support site safety, project visibility, and operational oversight instead of personal monitoring. Using cameras to assess individual performance can raise privacy concerns and may not align with data protection requirements.
Is Evercam GDPR compliant?
Yes, Evercam is fully GDPR compliant. We prioritize data protection through transparency, data minimization and responsible data handling practices. We ensure secure storage with restricted access and act strictly on Client instructions. Evercam also emphasizes the client’s responsibility as data controller to maintain full compliance.
Does local legislation affect GDPR compliance?
While the GDPR applies across the entire EU, individual countries may have additional local laws that apply in specific situations. For example, some jurisdictions may require Data Controllers to inform or consult with employee representative bodies before implementing camera systems. We recommend that Clients check any local obligations that may apply alongside GDPR and seek legal advice where necessary to ensure full compliance.
What about data privacy laws outside EU?
Data privacy laws are rapidly expanding worldwide, with over 140 countries now having some form of data protection legislation. While the GDPR in Europe sets a leading standard, clients operating globally must comply with local data privacy regulations in each country. We strongly advise reviewing applicable laws and seeking legal guidance to ensure full compliance and best practices.
How does Evercam ensure compliance with the GDPR's data minimization principle and prevent the capture of personal data?
Evercam positions cameras at elevated heights to focus solely on construction areas. Privacy shields are available to block non-relevant zones, and 360° cameras offer face-blurring features for additional privacy protection.
Is there a process to manage retention periods?
Yes, Evercam maintains a formal Data Retention Policy. Clients are advised to refer to: Evercam’s Retention Guidelines.
Does Evercam provide support for Data Subject Rights (DSR) requests such as downloads and erasure?
Yes. As a Data Processor, Evercam acts on the Data Controller’s (Client’s) written instructions to fulfill DSR requests.
Is there a means to access or delete recordings if requested by a Data Subject?
Yes. Evercam supports clients in processing such requests in accordance with applicable regulations.