Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelWorkplace Access & Attendance Management

PrivateHuman resourcesMost common processing activities
Processing of employee and visitor data through badge systems for time and attendance monitoring, workplace access control, visitor entry, and management of company canteen access and related payments.

Purposes (4)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Time and attendance management
Contract
Article 6(1)(b) UK GDPR – necessary for the employment contract (working time/payroll).
2
Employee building access
Legitimate interest
Article 6(1)(f) UK GDPR – legitimate interests in maintaining security of premises.
3
Visitor access control
Legitimate interest
Article 6(1)(f) UK GDPR – legitimate interests in protecting assets and staff.
4
Canteen access and meal payment
Contract
rticle 6(1)(b) UK GDPR – necessary for performance of contract (provision of subsidised meals/payroll deduction).

Data categories (3)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Meal payment data

Data details

Information about the date of the meal and the type of consumption

Definition

in the exclusive form: hors d'oeuvres, dish, dessert, drink

required

Data conservation rules

Active base:

Active: 3 months for transaction reconciliation.

Intermediate archiving:

Intermediate: 5 years if linked to payroll deduction

Companies Act 2006 – accounting records

Destruction

Visitor data

Data details

Company and name of the employee or public official welcoming the visitorrequired
Date / time of visitrequired
Name and surnamerequired

Data conservation rules

Active base:

Active: 3 months

ICO best practice: visitor logs should be kept no longer than necessary for security purposes.

Destruction

Employee movement logs

Data details

Door access usedrequired
Entry/exit timesrequired
Badge numberrequired

Data conservation rules

Active base:

Active: 3 months maximum (proportionality and necessity test).

Destruction

Data subject (2)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Employees
  • Visitors
Created at:07/08/2023
Updated on:08/01/2025
License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Nb using:12

Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.