1. Data Controller:
F. DIMITROV- I. VISHEV EΤΕRRΟRITHMI ETAIREIA, a company established in Ammolofous, Paggaio, Kavala, with Tax Identification Number 997153040, tel. 25940-22268, email: info@myrahotel.com,is the data controller.
2. Purpose of processing and legal basis:
We use CCTV System for the purpose of security of individuals, goods and premises. The processing is necessary for the achievement of our legitimate interests as Data Controller (art. 6 par. 1 (f) GDPR).
3. Legitimate Interests Analysis
Our legal interest consists in the need to protect our premises and the property assets and goods located within the premises from illegal activities, such as thefts. Also, the need to ensure the protection of the life, physical integrity, health, as well as the property of our personnel and third parties that are lawfully present in the supervised area. We only collect image data, and we limit the surveillance to areas that we have assessed as having an increased likelihood of illegal acts i.e. theft, such as the entrances/exits or where cash and other valuables are kept, without focusing in areas where the privacy of the person whose image is recorded may be excessively restricted, including their right to respect their personal data and in accordance to the applicable data protection legislation.
4. Recipients
The recorded material shall only be accessible by our competent/authorized personnel which is charge of the premises’ security. This material shall not be transmitted to third parties, with the following exceptions: a) the competent judicial, prosecutorial and police authorities when it includes information necessary for the investigation of a criminal act, which is relevant to the Controller’s personnel, goods or property assets, b) the competent judicial, prosecutorial and police authorities, when requesting data, lawfully, within the exercise of their duties, and c) upon the request of the alleged victim or the alleged perpetrator of a criminal act, when the requested data may be evidence of the act.
5. Retention Period
We retain the data for fifteen (15) days after the recording. After that period, the data is automatically deleted. In the event of becoming aware of any incident during this period, we will extract the relevant part of the video footage, and retain it for up to one (1) additional month, in order to investigate the incident and to initiate legal proceedings for the establishment, exercise or defense of legal claim. If the incident concerns a third party, we will retain the video footage for up to three (3) additional months.
6. Retention Period
The Data Subjects have the following rights:
- Right of access: you have the right to be informed if we process your image and, if yes, receive a copy of this processing
- Right to restriction: you have the right to request the restriction of the processing, i.e. request not to erase data, which you consider necessary for establishment, exercising and supporting your legal claims.
- Right to object: you have the right to object to the processing.
- Right to erasure: you have the right to request the erasure of your data.
You may exercise your rights by sending an email at info@myrahotel.gr. In order to process a request relevant to your image, you have to indicate the approximate time that you were within the monitored area and provide us with your image, in order to assist us tracking your personal data and mask the personal data of other depicted individuals. Alternatively, you can visit our premises to watch the footage, in which you are depicted. We also point out that the exercise of your right to object or erase will not result in the immediate erasure of your data or the modification of the processing. In any case, we will respond, as soon as possible, within the deadlines set by the GDPR.
7. Retention Period
For any further information regarding the processing of your personal data, you can find our Privacy Policy at www.myrahotel.gr and at the Hotel’s front desk. In any case, we inform you that you have the right to lodge a complaint with the Hellenic Data Protection Authority at their official website https://www.dpa.gr/el/polites/katagelia_stin_arxi. (an English version is available)