Access Control Policy in INA, Plc.

IN GENERAL
INA, Plc. uses a system of controlled access to locations in Croatia, in order to protect its facilities and total assets, as well as to be able to retrace and investigate security incidents, potential hazards or unauthorised access to protected premises. The access control system may use IT-support or manual recording of access to INA, Plc. locations.
 
Control of access to INA, Plc. premises is a basic security measure, which must be enforced in order to keep other security measures effective. All locations must have established procedures for preventing unauthorised persons accessing any protected areas of INA, Plc. INA, Plc. is a personal data processing controller and processing of personal data from access control is based on a legitimate interest to protect facilities and total assets of INA, Plc.

RECORDS 
INA, Plc. keeps access control records for employees, visitors, contractors and other persons entering and passing through protected areas, as well as their vehicles, in a computer database and manually kept access control records in record log books.
 
The data in the access control records from paragraph (1) are kept for 3 years (2+1 year). In the electronic access control system the data are kept for 2 years in the active database, i.e. 2 years in the manual access control records, at the place the database was generated. For the final one year, they are kept in the Archives of INA, Plc.
 
Removal of data older than 2 years from the computer access control system for employees, visitors, contractors and other persons entering and passing through protected areas will be done on annual basis, in January each year, for any period of 2 years that expired at the latest two days before removal. Removal from the computer records is done by saving the data over 2 years old to an adequate external medium, which are then encrypted and locked with an electronic code and then delivered to the archives of INA, Plc., where the data will undergo a procedure pursuant to Ordinance on Protection of Archive and Registry Material at INA Plc. 
 
Record log books with manually recorded access control for employees, visitors, contractors and other persons entering and passing through protected areas are kept at the place they have been made for 2 years. After expiry of the current year, the logs are sealed with security labels. Manually recorded access control records in logs older than 2 years must be delivered on annual basis, for each period of 2 years expiring up to two days before removal, to an authorised Corporate Security employee, who will forward them to the archives of INA, Plc., where the logs will undergo a procedure pursuant to Ordinance on Protection of Archive and Registry Material at INA Plc. Each log book with access control records must be sealed with a security label, so it cannot be opened without destroying the seal or security label.

NOTIFICATION  
In a special written notification, INA, Plc. informs all employees, visitors, contractors and other persons entering and passing through protected areas on processing of their personal data and their rights.
 
The written personal data processing notification in Croatian and English contains the following information:
 
Na ovoj lokaciji provodi se kontrola pristupa, a podaci se obrađuju temeljem legitimnog interesa u svrhu zaštite objekata i imovine te poštivanja važećih propisa. Osobni podaci prikupljeni kontrolom pristupa na ovoj lokaciji poslovna su tajna i obrađuju se samo u gore naznačenu svrhu. Uvid u osobne podatke obrađene sustavom kontrole prolaza može biti omogućen tijelima državne uprave, sudu i /ili drugim nadležnim tijelima u svrhu obavljanja poslova iz njihove nadležnosti.
Svi predmeti koji se unose ili iznose i sva prometna sredstva kojima se ulazi na ili izlazi sa štićenih prostora INA, Plc. podložna su pregledu!
Podaci se čuvaju 3 godine, nakon čega se uništavaju.

Više informacija u svezi obrade osobnih podataka možete pronaći u Politici zaštite osobnih podataka koja je objavljena na stranici www.ina.hr,svoja prava u vezi obrade osobnih podataka sustavom kontrole prolaza možete ostvariti putem sljedećeg kontakta:
 
  • na email adresu: szop@ina.hr
  • na adresu: INA-INDUSTRIJA NAFTE, d.d., Av. V. Holjevca 10, 10 000 Zagreb, n/p Službenika za zaštitu osobnih podataka
 
The text in English language:

This is a location with access control, conducted for protection of people and assets and compliance with valid legislation. Personal data collected through the access control on this location are a business secret, processed for the above purpose only. Insight into personal data processed by the control access system can be provided to public administration bodies, courts and / or other competent bodies for the purpose of carrying out the tasks within their competence.
All items brought in or out, as well as any transportation means used for entering into or exiting the location of INA, Plc. are subject to inspection!
The data are kept for 3 years and afterwards are being destroyed.
Your rights regarding the personal data processed with access control are published on www.ina.hrand they may also be exercised through the contact below:
  • the e-mail address: szop@ina.hr
  • the address INA - INDUSTRIJA NAFTE, d. d., Av. V. Holjevca 10, 10 000 Zagreb, attn. Data Protection Officer
All employees, visitors, contractors and other persons entering and passing through protected areas shall be deemed informed on personal data processing by INA, Plc. in line with paragraph (2).

ACCESS RIGHT
Access, organisation and management of the access control in INA, Plc. is governed by employees of INA Corporate Security.
 
Personal data control and processing through the access control system is assigned by INA, Plc. to the contracted physical security provider, as the processor carrying out business activities pursuant to provisions of INA, Plc. Security Rulebook.

DATA PROTECTION
INA, Plc. has established manual and computer system for personal data processing through the access control system used to keep record/s of the processing activity and appointed an authorised local officer for protection of the said personal data.  
 
All access control records represent a business secret and are property of INA, Plc. and it is forbidden to disclose them or make them available to unauthorised persons in any way and in any form.
 
INA, Plc. has established user records for users of computer access control system, with a diagram of options and database access rights.
INA, Plc. has established a system of logs for recording access to computer access control system, which includes time and place of access, as well as a reference code of the person who accessed the data.

RIGHT TO INFORMATION AND DATABASE ACCESS 
Public authorities are entitled to access and receive the data within their scope of activities, established by valid regulations.
 
Subjects are entitled to information on processing of their personal data within the access control system. Upon elaborated written request, it is possible to search and access individual records in the database.

PROCEDURE IN CASE OF BREACH
In case of any observed potential breach of personal data, the authorised person/manager or the authorised local officer in charge for data protection in INA, Plc., i.e. in other INA Group companies the central officer of a company, shall notify the central officer of INA, Plc. about it without any unnecessary delay. Further processing is regulated in document SEC2_G1_I, Processing and Protection of Personal Data in INA Group Companies.
Choose language