Loyalty Club

ALIANTHOS GARDEN HOTEL CCTV

Notice on the Processing of Personal Data via a Video Surveillance System (CCTV)

1. Data Controller:

The Data Controller is Konstantinos Vardakis, son of Emmanouil and Maria, resident of Plakias, Postal Code 74060, with Tax Identification Number (TIN) 058661740.
The contact details of the Data Controller are as follows:
Plakias 74060, Rethymno, Crete
Telephone: (+30) 28320 31280 / (+30) 6976 880660
Email: kostas@alianthos.gr

2. Purpose of Processing and Legal Basis:

We use a video surveillance system for the purpose of protecting individuals and property. The processing is necessary for the purposes of the legitimate interests pursued by us as the data controller (Article 6 par.1 (f) of the GDPR)

3. Legitimate Interest Analysis

Our legitimate interest lies in the need to protect our premises and the assets located therein from unlawful acts, such as, indicatively, theft. The same applies to the safety of life, physical integrity, health, and property of our staff as well as third parties who are lawfully present in the monitored area.
We collect only image data and restrict recording to areas that we have assessed as having an increased likelihood of unlawful activity (e.g., theft), such as cash registers and entrances. We avoid surveillance in areas where individuals’ privacy may be unduly restricted, including their right to respect for personal data.

4. Recipients

The recorded material is accessible only by our designated and authorized personnel responsible for security. This material is not disclosed to third parties, except in the following cases:
a) To the competent judicial, prosecutorial, or police authorities when it contains information necessary for the investigation of a criminal offense involving persons or property under the responsibility of the data controller.
b) To the competent judicial, prosecutorial, or police authorities upon lawful request in the course of performing their official duties.
c) To the victim or perpetrator of a criminal act, when the data in question may serve as evidence of the act.

5. Retention Period

We retain the data for seven (7) days, after which it is automatically deleted. In the event that an incident is identified within this period, a portion of the footage is isolated and retained for up to one (1) additional month for the purpose of investigating the incident and initiating legal proceedings to protect our legitimate interests. If the incident concerns a third party, the footage may be retained for up to three (3) additional months.

6. Data subjects have the following rights:

  • Right of access: You have the right to know whether we are processing your image and, if so, to obtain a copy of it
  • Right to restriction of processing: You have the right to request that we restrict processing, for example, by not deleting data you consider necessary for the establishment, exercise, or defense of legal claims.
  • Right to object: You have the right to object to the processing of your data.
  • Right to erasure: You have the right to request the deletion of your data.

You may exercise your rights by sending an email to privacy@ypodeigma.gr, by sending a letter to our postal address, or by submitting your request in person at our premises. To process a request related to your image, you must indicate approximately when you were within the range of the cameras and provide us with a photograph of yourself. This will help us identify your data and obscure the data of any third parties appearing in the footage. Alternatively, you may visit our premises, where we can show you the images in which you appear. Please note that exercising the right to object or request erasure does not imply the immediate deletion of data or alteration of processing. In all cases, we will respond to your request in detail as soon as possible, and within the time limits set by the GDPR.

7. Right to Lodge a Complaint

If you believe that the processing of your personal data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority in Greece is the Hellenic Data Protection Authority, located at 1-3 Kifisias Avenue, 115 23 Athens, https://www.dpa.gr/, Tel. +30 210 6475600.