Notification – Visibility of private reoutes, document management and drivers’ data in WebEye system
Dear WebEye Customer,
As we informed you earlier, pursuant to the General Data Protection Regulation of the EU (GDPR) applicable from 25 May 2018, during use of the WebEye Service, you become the Controllers of the personal data entered into the WebEye system.
We consider it important that during your use of the WebEye Service your risk as the Controller should not exceed the necessary levels. To this end, on 10 July 2018 we shall perform the changes listed below in the WebEye system centrally, i. e. in respect of all WebEye Subscribers:
1 HANDLING OF OFFICIAL (Work-related) AND PRIVATE ROUTES
On 10 July 2018 for main group users that can be used for accessing the WebEye system we shall centrally disable the visibility of data recorded in private status (“private routes”). As a result of the change, the sub-users created under the main groups will not be able to see private routes either. (Naturally the collection of data will not be discontinued in this case either, merely private routes, as personal data falling under the scope of the GDPR, will not be visible to users belonging to your organisation.)
- If you do not have a Offical/Private switch installed in vehicles and you do not use a virtual schedule of the WebEye system either for differentiating work-related and private routes, you need not do anything in this respect.
- If you do have a Official/Private switch installed in vehicles or use a virtual schedule for differentiating work-related and private routes and you wish to continue the visibility of private routes after 10 July 2018, then on the basis of your written request our staff will carry out the required settings. Please click HERE for the request-form or ask your WebEye representative to provide it to you.
Please send the request by e-mail to your current WebEye representative. Please note that in your interest only completely and properly filled out requests will be accepted and processed. We will notify you by e-mail when the access has been set.
- If you also have WebEye Monitor (AVLG), then it needs to be set locally, which you have to perform yourself. Please click HERE for the description and information required for performing the settings or ask your WebEye representative to provide them to you.
2 DOCUMENT MANAGEMENT IN WEBEYE
IF during use of the WebEye Service you use the possibility of Document Management, then as of 10 July 2018 you will experience the following changes:
- possibilities for management of documents containing personal data will disappear from the drop down menu, and
- as of 10 July 2018 you will only be able to choose from among documents related to the vehicle.
As the Controller, please be reminded that the personal data entered into the WebEye system include the names and other data of drivers, and POIs containing personal data (e.g. driver’s home address) may also be recorded.
In this respect we recommend the following solutions to mitigate/decrease your data processing risk:
- The driver’s name should only be recorded in the WebEye system in the field specified for this purpose, if you consider it – and pursuant to your internal data processing policies and guidelines it is – necessary. (Please bear in mind the principle of data minimisation.)
- If drivers’ names (or other personal data) have been recorded in fields other than the field specified for indicating the driver’s name, we highly recommend deletion of such data therefrom.You, as the Controller must be able to provide exact information to Data Subjects as to where their data is recorded. Inclusion of personal data in fields used otherwise than their original purpose may increase the risk of your ability to be able to provide satisfactory information to Data Subjects, but it may be a factor increasing risk when satisfying other rights of the Data Subject if you do not know exactly e.g. where, in how many places you need to carry out a rectification, restriction or erasure of data.
- We also recommend that you consider whether it is truly necessary to indicate drivers of vehicles with their full name in the WebEye system or can it be sufficient to use e.g. pseudonyms? (A pseudonym could be an employee ID that only appears in the employee’s personnel file.) This is also true for existing POIs that currently contain personal data.
- We recommend that you regularly review the personal data entered into the WebEye system, and that you erase those personal data the processing purpose of which no longer exists.
- If the Data Subject wishes to exercise his or her right to the restriction of processing in respect of their personal data entered into the WebEye system, you can easily comply with such request (naturally properly documented and in line with other applicable rules), e.g. by substituting the personal data requested to be restricted by a designation of the restriction.
- The rectification of personal data can also easily be performed by you if you receive such a request from the Data Subject. You can carry out the rectification by entering the WebEye surface (properly documented and in line with other applicable rules).
We believe that with the changes indicated in Part I of this letter which will be implemented as of 10 July 2018, and the recommendations described in Part II, we can greatly assist your compliance with your obligations, and mitigate your risks as Controllers of personal data.
WebEye Telamatics Group and your WebEye Service Provider