Update on the processing of personal data through video surveillance (Level B Update)
- Data Controller
The Data Controller is the limited liability company under the name "ALMYROS PHILOXENEIA SINGLE-PERSON LIMITED LIABILITY COMPANY", which is located in Corfu, 47 Iasonos and Sosipatrou Street, with GEMI no. 164763933000 and VAT no. 801863038, telephone: 2661028947 and email: [email protected].
- Data Protection Officer
The Data Protection Officer is appointed Maria Bouziou of Spyridon, Attorney at Law (Athens Bar Association Number 39902), e-mail address: [email protected].
- Purpose of processing
The monitoring of the hotel's exterior and reception area aims to protect its premises and the equipment contained therein (protection of goods), as well as the natural persons working or entering the premises for any reason (protection of persons).
- Lawful basis of processing
The processing of personal data through the video surveillance system is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6. par. 1 (f) of the General Data Protection Regulation 2016/679/EU).
- Legitimate interests of the Data Controller
The legitimate interest of the Data Controller consists of the need to protect the premises of its hotel, including the goods located therein, from unlawful acts, such as theft, unauthorized entry and vandalism, as well as from natural phenomena capable of causing damage, such as fire. Furthermore, the Data Controller seeks to ensure, through video surveillance, the safety, physical integrity, health and property of the natural persons within the the hotel premises (employees, guests or any third party).
The installation of a closed-circuit video surveillance system in entrance areas (namely: main entrance, entrance from a side plot to the side of the hotel unit's storage and kitchen, entrance from a side plot on the beach side, reception area) and in certain external areas of the hotel unit is a necessary means of protecting the hotel unit's facilities, since persons and vehicles entering them are recorded and monitored. In view of the above, in the event of a suspicious or damaging incident, recourse to the recorded visual material is considered necessary to prevent the occurrence of a risk or to find those responsible.
The Data Controller shall collect image data exclusively from those areas, which he reasonably considers to have an increased likelihood of illegal activities (data minimisation). In addition, the Controller declares that his processing of data through the video surveillance system does not extend to places where it may unduly restrict the privacy of the persons whose image is taken.
The material recorded by the video surveillance system is accessible only by authorized personnel of the Controller. The Controller shall take all appropriate and reasonable measures to ensure the security of the place where the material recorded is kept. The retained material shall not be disclosed, communicated or transmitted to any third party, except in the following limited cases:
(a) to the competent judicial, prosecutorial and police authorities when it contains data necessary for the investigation of a criminal offence,
(b) to the competent judicial, prosecutorial and police authorities when they lawfully request data in the exercise of their duties and
(c) to the victim or the perpetrator of a criminal offence when it concerns to data which may constitute evidence of a criminal offence.
- Storage period
The Data Controller retains the personal data collected only for the period necessary to achieve the purposes of the processing (limitation of the storage period). Downloads are stored for a period of fifteen (15) days from the time of their recording. After this period, the downloads are automatically deleted.
In the event that during the retention period of the recorded personal data (fifteen days from the time of recording), an incident is detected or reported, the Data Controller shall isolate the video segment, during which the incident in question takes place, and shall keep it (a) for thirty (30) working days if the incident affects the legitimate interests of the Controller himself and (b) three (3) months if the incident affects the legitimate interests of a third party.
- Rights of data subjects
The Data Controller shall ensure and facilitate the exercise of the rights of data subjects. In particular, as a data subject you have the right to:
(a) to obtain from the Controller information as to whether your personal data are being processed and, if so, to obtain access to them (right of access).
(b) to request the erasure of your personal data (right to erasure).
(c) to object at any time to the processing of your personal data (right to object).
(d) to request the Controller to restrict the processing of your personal data (for example, you may request the erasure of all your data, except those that you consider necessary for the establishment or exercise of your legal claims) (right of restriction).
As data subjects, you are entitled to exercise the above rights by sending an e-mail to [email protected] or a letter to the above postal address.
In order to effectively process of your requests, you are requested, on the one hand, to specify the period of time during which you were within the range of the video surveillance system and, on the other hand, to provide an image of yourself, in order to facilitate the identification of your own data and the concealment of the data third parties depicted. Alternatively, we offer you the possibility to come to our premises (47 Iasonos and Sosipatrou Street, Corfu) to show you the images in which you appear.
The Data Controller undertakes to comply with the requests submitted in accordance with the above without delay and, in any case, within thirty (30) days of their submission. The Controller may extend the above deadline for the execution of requests by a further of sixty (60) days, taking into account the complexity and number of requests to be processed. In any case, the Data Controller undertakes, within thirty (30) days of receipt of the requests, to inform the data subjects of any extension granted, as well as of the specific reasons for the delay in satisfaction of the right in question.
- Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data concerning you violates the provisions of the General Data Protection Regulation (EU) 2016/679, Law 4624/2019 and its implementing legislation, you have the right to lodge a complaint with the competent Greek supervisory authority: Personal Data Protection Authority (Leoforos Kifisias no. 1-3, PO Box: 115 23, Athens, www.dpa.gr.).