Dublin 2019: Facebook Visitor Privacy Statement

Introduction

This Visitor Privacy Statement (“Statement”) informs you of how Facebook Ireland Ltd. and Facebook Ireland Limited (collectively “we”/”our”/”us”) collect and use information when you visit or are being registered for a visit of our premises.

Facebook Ireland Ltd.and Facebook Ireland Limited respectively, act as independent data controllers for the purpose of processing information about visitors to these premises.

What kinds of information do we collect and process?

If you are visiting one of our premises or an employee registers you for a visit at our premises, the types of information we collect include:

  • your name and email address
  • the Facebook employee who hosts you;
  • information about your visit, such as time and location
  • the purpose of your visit (e.g. whether you are making a social visit or a visit for business purposes)
  • your company if you are visiting as a vendor or for a business meeting
  • your Facebook user ID (if the email address used for registration is associated with a Facebook user ID).

Note: Where video surveillance (“CCTV”) is in operation in our premises, it is governed by our CCTV Privacy Statement.

How do we use this information?

We process information (as set out in section II above),

  • to ensure the safety and security of our assets and workforce
  • to control access to our premises
  • to ensure an efficient registration, check-in and check-out experience.

How do the Facebook Companies work together?

Facebook Companies (for example WhatsApp, Oculus, and others), collectively “Facebook,” share security infrastructure, systems and technology. Facebook processes information about you (as set out in section II and III), to ensure the security of the assets and staff of all Facebook Companies, and to ensure an efficient check-in and check-out experience when you visit any Facebook premises.

How Do we work with vendors and service providers?

We may work with third-party partners who help us manage and improve the visitor process, including tools and systems we use for this purpose.

We require these third parties to protect the information they receive with appropriate security measures and prohibit them from using it for their own purposes.

How do we respond to legal requests or prevent harm?

We access, preserve and share your information with regulators, law enforcement or others:

  • in response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users or employees in that jurisdiction, and is consistent with internationally recognized standards
  • when we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of our systems or products, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), you or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm
  • when we are under a legal obligation to do so, we may provide your information to law enforcement.

Information we receive about you can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible violations of our terms or policies, or otherwise to prevent harm.

We may take these actions pursuant to our legal obligations, where necessary in our legitimate interests and the legitimate interests of others and where necessary to protect the vital interest of individuals.

Data retention

We retain information (as set out in section II above), for as long as is required in order to comply with our legal obligations, to resolve disputes and to enforce our contractual agreements, or as necessary for our legitimate interests, e.g. to ensure the safety and security of our assets, workforce, and others. We generally maintain the information described in section II above for 2 years, starting from your last visit, unless legal obligations, or our legitimate interests in ensuring the security of our assets, workforce, and others, require us to maintain the information longer.

What is our legal basis for processing data?

We process the data that we have in the ways described above:

  • as necessary to comply with our legal obligations;
  • to protect your vital interests, or those of others; and
  • as necessary for our (or others’) legitimate interests, including our interests in ensuring the security of our assets, workforce and others, unless those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

How can you exercise your rights provided under the GDPR?

Under the General Data Protection Regulation (the ‘GDPR’), you have the right to access, rectify, port and erase your data.

You also have the right to object to and restrict certain processing of your data. This includes the right to object to, and seek restriction of our processing of your data, where we are pursuing our legitimate interests or those of a third party.

To exercise your rights, Contact the Data Protection Officer.

How do we operate and transfer data as part of our global business?

We share information globally, both internally within the Facebook Companies, and externally with our partners. Information we collect and process will be transferred or transmitted to, or stored and processed in the United States or other countries outside of where you live for the purposes as described in this Statement. These data transfers are necessary for our visitor management operations. We utilise standard contractual clauses approved by the European Commission, and rely on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

How to contact Facebook with questions

Facebook Ireland Ltd. and Facebook Ireland Limited respectively, are responsible for your information as independent data controllers, and can be contacted online or by mail at:

4 Grand Canal Square Dublin 2 Co. Dublin or

Facebook Ireland Limited

4 Grand Canal Square

Grand Canal Harbour

Dublin 2 Ireland

You can also Contact the Data Protection Officer.

You also have the right to lodge a complaint with your local supervisory authority.