Skip Navigation

Select Language

CCTV PRIVACY NOTICE

This privacy notice has been written to inform you about how and why we process Personal Data in relation to CCTV. The business entity that determines the purposes for which, and the manner in which, your Personal Data is processed is known as the Data Controller. Please see Annex A for information on the Data Controller.

The Data Controller (“the Company”, “we”, “us”) is part of the DRiV Incorporated Group (DRiV). 

This notice is reviewed annually by the Chief Privacy Officer. We also review the ongoing use of existing CCTV cameras on a periodic basis to ensure that the use remains necessary and appropriate, and that any surveillance system continues to address the needs that justified its introduction. The Company is responsible for the audit and approval of any updates to this notice. 

This CCTV privacy notice forms part of a suite of documents which explain how the Company processes personal data. If you are an employee, an additional privacy notice is available on the intranet and if you’re a supplier, customer or visitor to the Company then an additional privacy notice is available on our website at www.driv.com. 

Why do we have this notice?

We use video surveillance, also known as closed circuit television (“CCTV”) across our site. This is to monitor the effectiveness of machinery and maintain safe manufacturing areas. We also use CCTV to monitor security. CCTV captures images of employees and visitors.

This notice will be updated and amended from time to time. This notice does not form part of any contract of employment or any other contract to provide services.

For more information about our use of CCTV please contact our Privacy Officer for our CCTV Policy and Data Protection Policy. 

Who does this notice apply to?

This notice applies to all employees, officers, consultants, self-employed contractors, casual workers, agency workers, volunteers, and interns. It also applies to anyone visiting our premises or using our sites. See Annex A for a list of entities (Data Controllers) that are covered by this notice. 

What Personal Data do we collect using CCTV? 

When you visit our premises, we collect and process the following personal data relating to CCTV:

- Your activities, your face, clothing, possessions, car registration, colour, make and model details and other visual information about you which is recorded on our CCTV system.

- Any communications between ourselves and you relating to our CCTV system.

- Details of any claims or disputes relating to you and our CCTV system.

- Any other Personal Data provided by you.

We will not usually process Special Category Personal Data about you using CCTV. Although if the CCTV captures any injuries or health concerns, this would constitute Special Category Personal Data. If the CCTV captures criminal activity, then this will be processed in line with the legal requirements for criminal records data. 

What are our reasons using CCTV and what are the Company’s lawful bases?

We currently use CCTV at our sites as outlined below. We believe that such use is necessary for the business’ legitimate interests and those interests are:

(a) to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime. 2

(b) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime.

(c) to support law enforcement bodies in the prevention, detection and prosecution of crime.

(d) to ensure the health and safety of staff and others.

(e) to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings.

(f) to assist in the defence of any civil litigation, including employment tribunal proceedings.

Legal obligation – we also use CCTV to support us with our legal obligations under Health and Safety Law to ensure that where machinery is in place it is kept in good working order.

If we process health information, we are doing so under the special category condition of employment, social security and social protection (if authorised by law).

If we process criminal records information, then we are doing so under the condition of reasons of substantial public interest (with a basis in law) and that substantial public interest is preventing or detecting unlawful acts or fraud. This type of data processing is only carried out if it is authorised by law.

We only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your Personal Data without your consent where this is required or permitted by law.

In some cases, more than one legal basis may apply to our use of your Personal Data. For example, it may be in our legitimate interests to use CCTV and it may also be to comply with legal obligations, for example health and safety obligations to keep our premises and staff safe.

How is CCTV operated?

Signs are displayed at the entrance of areas where CCTV is in operation.

Recorded images are only viewed by approved members of staff whose role requires them to have access to such data.

For more details on how our CCTV system is operated, please consult our CCTV Policy.

We do not place CCTV in areas where there is an expectation of privacy (for example, in changing rooms).

We do not use covert monitoring or surveillance (that is, where individuals are unaware that the monitoring or surveillance is taking place).

We do not use wholly automated decision making or profiling in relation to CCTV systems.

How do we use CCTV data? 

Data from CCTV cameras is stored in a way that maintains its integrity and security. We use appropriate technical and security measures to keep the data safe.

We engage third parties to process data on our behalf. We have put in place contractual safeguards to protect the security and integrity of the data.

With whom do we share CCTV data?

We share CCTV data within the DRiV Group where other members of the group provide shared services. We also use service or product providers to our business, for example information technology services suppliers. In the event of a reorganisation of the business we may share CCTV data with potential purchasers, investors, funders, and their advisers.

We also use professional advisers (such as insurers, legal advisers, accountants etc) and we will share CCTV data with them when we are seeking advice or guidance.

The nature of CCTV means that it is occasionally requested by police or insurance companies. CCTV Data will only be disclosed to a third party where there is a lawful reason or where required by law, with your express permission. For example, we allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.

We will maintain a record of all disclosures of CCTV footage. 

Retention and Erasure of Data Gathered by CCTV

Recorded images will be kept for no longer than what is required by applicable laws, usually between 30-90 days, unless they are required for a specific investigation (such as criminal damage or employee relations when they will be retained for the duration of that investigation).

Recordings are then deleted permanently and securely

We are committed to keeping your Personal Data safe and secure and so we have security measures in place to protect the data. For detail about our security measures please contact the Privacy Office at: privacyoffice@driv.com. 

Your rights

  • You have the right to ask us for copies of your Personal Data. While this right always applies, we may have to apply some exemptions to what we provide to you, which means you may not always receive all the information we process, for example where your data is intermingled with that of other data subjects.
  • You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
  • You have the right to ask us to erase your Personal Data in certain circumstances.
  • You have the right to ask us to restrict the processing of Personal Data in certain circumstances.
  • You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.
  • You have the right to define post-mortem directives concerning the conservation, deletion and communication of your Personal Data. You may change or revoke these instructions at any time.
  • If we are processing your information for criminal law enforcement purposes, your rights are slightly different. 

You are not required to pay any charge for exercising your rights. We have one month to respond to you or as required by applicable laws. 

If you would like to exercise any of your rights, please contact privacyoffice@driv.com. 

In some cases, especially where there is a reasonable doubt about your identity, it may be appropriate to carry out identity verification checks and / or request further information before being able to process your request and we will let you know where this applies.

In order for us to locate relevant footage, please ensure any requests for copies of recorded CCTV images include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.

We will obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so and technically feasible. 

You also have the right to complain to the data protection authorities within your country. Please see Annex B for a list of data protection authorities.

International Transfers

If we transfer your Personal Data outside of the country it was collected, we ensure that the transfer is compliant with data protection laws. 

If you would like any more details about how we protect your Personal Data in relation to international transfers, then please contact our Chief Privacy Officer.

Contacts 

Data Protection Officer Chief Privacy Officer
Email privacyoffice@driv.com
   

 

ANNEXURE A

List of DRiV Entities (Data Controllers)

Federal Mogul Argentina S.A. FM Motorparts (India) Limited
Monroe Australia Pty. Limited Federal-Mogul Italy S.R.L.
Monroe Springs Australia Pty DRiV Korea Ltd
FM EMEA Distrib Services, BVBA Tenn Mexico, S de RL de CV
FM Global Aftermarket EMEA FM de Matamoros, Sde RL de CV
Tenneco Automotive Europe BVBA Serv Administrativo Industrial
Tenneco Automotive Brasil Ltda Raimsa, S. de R.L. de C.V.
Federal-Mogul Canada Limited Tenn Auto Eastern Eur sp z oo
FM MP (Zhejiang) Co., Ltd. FM Motorparts Poland Sp.z.o.o.
FM MP (Pinghu) Trading Limited Federal-Mogul VCS OOO
Shanghai DRiV Auto Industry Ltd FM MP (Singapore) Pte. Ltd.
FM Shanghai Auto Parts Co, Ltd FM of South Africa (Pty) Ltd.
FM Friction Products Co., Ltd Federal-Mogul Iberica S.L.
FM Friction Products a.s. Taiwan FM Motorparts Co. Ltd.
Walker Danmark ApS Tenneco Auto (Thailand) Ltd
FM Aftermarket Egypt Ltd. Monroe Amortisor Imalat ve Tic
Monroe RP Sweden AB F-M Motorparts Ltd
FM Aftermarket France SAS Federal-Mogul Motorparts LLC
Ateliers Juliette Adam SAS F-M Motorparts TSC LLC
Motocare India Private Limited DRiV Automotive Inc.
FM Goetze (India) Ltd. FM TSC Real Estate Holding LLC
Beck Arnley Holdings LLC  

 

ANNEXURE B

List of Data Protection Authorities

Country Name of Authority
Argentina Direccion Nacional de Proteccion de Datos Personales (PDP)
Australia Office of Australian Information Commissioner
Brazil Autoridade Nacional de Protecao de Dados
Canada Office of the Privacy Commissioner of Canada
China Cyberspace Administration of China (CAC)
Colombia Superintendencia de Industria y Comercio
Costa Rica Agencia de Protección de Datos de los Habitantes (PRODHAB)
European Union European Data Protection Board (EDPB)
Hong Kong Office of the Privacy Commissioner for Personal Data
India Data Protection Borad of India
Jamaica Office of the Information Commissioner
Japan Personal Information Protection Commission
Mexico INAI - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
Morocco Commission Nationale de contrôle de la protection des Donneés à caractère Personnel (C.N.D.P.);
Philippines National Privacy Commission
Singapore Personal Data Protection Commission
South Africa The Information Regulator (South Africa)
Taiwan The Ministry of Justice
Thailand Authority for the protection of Personal Data Information Commission
USA Attorney General's Office
Vietnam Ministry of Information and Communications