EYECLOUD ROMANIA – DATA PROTECTION & IMAGE GOVERNANCE FRAMEWORK
Last Updated: March 01, 2026

1. LEGAL ARCHITECTURE & ROLES
‍
1.1. Eyecloud as Technical Intermediary (Processor): Regarding the video streams, drone captures, and time-lapse photography from your sites, our platform acts as a digital custodian. You (the Client) define the purpose and legal grounds for recording, acting as the Data Controller.
1.2. Eyecloud as Administrative Entity (Controller): We are the Controller only for your business account data, billing information, and support logs.

2. OPERATIONAL COMPLIANCE & CORE PRINCIPLES
‍
As a specialized technical provider, Eyecloud Romania enforces the following rigorous standards for all video and image processing:
Openness and Visibility: To ensure individuals are aware of digital recording, the Client is mandated to install high-visibility physical notices at all site perimeters. This ensures that the capture of visual data is never clandestine and meets transparency standards.
Defined Utility: Image data is processed strictly for the specialized goals of modern construction: site security, occupational health and safety (HSE), anti-fraud measures, and high-level project documentation.
Spatial Precision (Data Minimization): Our technology is configured to prioritize the construction footprint. We use digital masking tools when installing the cameras  ("Privacy Zones") to cover the areas outside the project’s scope, ensuring that neighboring private properties or irrelevant public spaces are not recorded.
Temporal Governance (Retention): Due to the long-term liability nature of construction projects (statute of limitations for structural defects), visual assets are typically archived for a period of 1-2 years. However, as a Processor, Eyecloud will modify this duration according to the Client's specific written instructions or internal compliance policies.
Secure Access & Confidentiality: Access to the platform’s live feeds and archives is strictly governed by Role-Based Access Control (RBAC). Eyecloud personnel never access Client footage unless explicitly requested for technical support or as defined in the Service Agreement.
Auditability & Mapping: We maintain comprehensive data mapping and logs, documenting exactly where your project information is stored and how it flows through our encrypted infrastructure.

3. CLIENT COMPLIANCE OBLIGATION
‍
3.1. Since you control the physical camera hardware, you are legally mandated to:
Inform your workforce and subcontractors about the active monitoring.
Perform a Data Protection Impact Assessment (DPIA) if required by the scale of the project.

4. INDEMNIFICATION
‍
4.1. The Client agrees to shield and hold Eyecloud Romania harmless from any administrative penalties (e.g., ANSPDCP fines), legal costs, or damages arising from improper hardware placement, lack of site signage, or failure to justify the legal basis for monitoring on their specific site.

5. DATA SUBJECT RIGHTS
‍
Any individual captured within the visual data (e.g., a worker or visitor) may exercise their rights (access, deletion, objection) by contacting the Client. Eyecloud will provide the necessary technical interface to help the Client fulfill these requests. Inquiries must be sent to dataprotection@eyecloud.ro.

8. SECURITY MEASURES
We implement AES-256 encryption, TLS for data in transit, and strict multi-factor authentication (MFA) for platform access.