CCTV Systems Privacy Policy

Controller – Data Protection Officer (DPO)

Controller is the company

VANPE A.E.

Headquarters: 44 Kifissias Ave., PC 15125, Maroussi, Attica

VAT Number: 801223140 – Tax Authority: FAE Athens

Branch: Porto Plomari Hotel

5th km Mytilene-Skopelos, Plomari 812 00, tel. 2252 031000

The company as duly represented, informs that, for the purposes of its business activities, processes the personal data of its clients & associates in accordance with applicable national law and European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”), as such is in force.

For any matter relating to the processing of personal data, contact directly the person in charge of Personal Data Protection Ms. Eftychia Soupourtzi email: gm@portoplomari.gr , phone: +30 694 4590092

Purpose of processing

The surveillance of the premises of the hotel unit aims at the protection of the facilities and the equipment contained therein (protection of property) as well as the protection of the individuals living or working within the premises thereof or just occasionally use some of the services offered within such facilities by the Controller (protection of individuals).

Legal basis for the processing

The personal data processing through the video surveillance system is necessary for the purposes of legal interests pursued by the Controller (article 6 par. 1 point f of the General Data Protection Regulation 2016/679/EU).

Legal interests of Controller

The legal interest of the Controller consists in the need to protect the premises of the hotel unit, managed by them, including the property located therein, against any unlawful acts, such as theft, non-authorized entry and vandalism, as well as against natural phenomena that are capable of causing damages, such as fire. Also, the Controller seeks to ensure through video surveillance the security, physical integrity, health and property of individuals who are within the premises of the hotel unit (employees, customers, associates, visitors).

The installation of a video surveillance system in entrances is a necessary means for the protection of the customers and premises of the hotel unit as the individuals and vehicles entering the hotel premises are recorded and checked. Based on the foregoing, in case of a suspicious or harmful event, the recourse to the recorded visual material is deemed necessary in order to prevent the occurrence of danger or find the persons who are liable.

The Controller collects image data exclusively from the premises, which are justifiably estimated to have an increased likelihood for commitment of illegal activities (data minimisation). Furthermore, the Controller declares that the data processing on their behalf through the video surveillance system does not extend to premises, where it may overly restrict the privacy of individuals, whose image is recorded.

Recipients

The material recorded by the video surveillance system is accessible only from the personnel of the Controller that is authorized for that purpose. The Controller shall take all appropriate measures to ensure the security of the place where the material is stored. The material kept is not disclosed, communicated or transferred to any third party, except in the following exhaustive list of cases:

(a) to the competent judicial, prosecuting and police authorities where it includes data that is necessary for the investigation of an offence,

(b) to the competent judicial, prosecuting and police authorities where they lawfully request the data in performing their duties and

(c) to the victim or the perpetrator of an offence, where the data may constitute evidence of such offence.

Period of storage

The Controller shall retain the personal data collected only for the time required to achieve the purpose of the processing (storage limitation). The video recordings shall be stored for a seven-day (7) period from the moment of the capture. Upon expiry of the above period, the video recordings shall be automatically deleted.

In the event that during the retention of personal data recorded (seven days from the moment of capture) an incident is identified or disclosed, the Controller shall isolate the part of the video, during which the incident in question takes place, and shall keep it (a) for thirty (30) business days, if the incident affects the legal interests of the Controller and (b) three (3) months, if the incident concerns the legal interests of a third-party.

Rights of data subjects

The Controller ensures and enables the exercise of rights of the data subjects. In particular, as data subjects you have the right:

(a) to receive a notification from the Controller on whether your personal data is processed and, if so, access it (right of access);

(b) to request the deletion of personal data concerning you (right to erasure);

(c) to oppose at any time to the processing of the personal data concerning you (right to object);

(d) to request from the Controller to restrict the processing of the personal data concerning you (for example, you may request the erasure of all your data, except for the data you consider necessary to give rise or enforce your legal claims) (right to restriction).

As data subjects, you are entitled to exercise the above rights, by sending an e-mail to the address gm@portoplomari.gr or a letter to our postal address indicated above.

In order to examine your requests effectively, you are asked to specify how long you have been in the range of the video surveillance system and to provide an image of yourself, to enable the detection of your own data and the concealment of the data of third parties shown in the videos. Alternatively, the Controller provides you the opportunity to visit their site, where the latter will show you images (photos or videos) in which you appear.

The Controller undertakes to satisfy the requests submitted according to the foregoing without any delay and, in any case, within a thirty-day (30) period from their submission. The Controller may extend the above period in order to satisfy the requests by sixty (60) more days, if the latter takes into account the complexity and number of requests to be processed. In any case, the Controller undertakes, within thirty (30) days from the receipt of the requests, to notify the data subjects of any given extension, as well as the specific reasons for the delay in the satisfaction of the respective rights.

Right to file a complaint to a supervisory authority

In the event that you find that the processing of the personal data concerning you infringes the provisions of the General Data Protection Regulation (EU) 2016/679 of Law 4624/2019 and the implementing legislation thereof, you have the right to file a complaint to the competent Greek supervisory authority: Hellenic Data Protection Authority (1-3, Kifissias Ave. PC: 115 23, Athens, www.dpa.gr).

To read more information about our company Privacy Policy click here

To download the pdf of the Data Protection Policy regarding the processing through video surveillance systems click here