INFORMATION ABOUT VIDEO SURVEILLANCE

Information on the processing of personal data through a video surveillance system

In accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”) and the relevant provisions of Greek legislation on the protection of personal data, as applicable, on the type of personal data collected, the source of their collection, the reason for their collection and processing, any recipients thereof, the time of their retention, their possible transfer outside the EU and your rights in relation to your data and how you can exercise them.

 

 

Data Controller details:

The company bearing the name « ANONYMOS XENODOCHEIAKI KAI TOURISTIKI ETAIREIA ATEX» established in Athens Greece [16 Karageorgi Servias Str., 105 62 Athens, Greece, T: +30 210 33 51 000 E: reservations@astorhotel.gr] (hereinafter referred to as "Company" or "Astor Hotel"), hereby informs you, as the Data Controller, in accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”) and the relevant provisions of Greek legislation on the protection of personal data, as applicable, on the type of personal data collected, the source of their collection, the reason for their collection and processing, any recipients thereof, the time of their retention, their possible transfer outside the EU and your rights in relation to your data and how you can exercise them.

 

Data Processor:

The company bearing the name «ANONYMOS ETAIREIA XENODOCHEIAKON KAI TOURISTIKON EPICHEIRISEON GEKE» established in Athens Greece [Kifisias street, no. 43, zip code 11523, tel. (+30) 2106989000 e-mail: president@president.gr], which provides IT support services. The Data Processor is bound by a written contract that ensures the privacy and security of the processing. The employees of both the Controller and the Processor are bound by clauses of confidentiality.

 

Purpose of processing and legal basis:

We use a surveillance system for the purpose of protecting persons and property. Processing is necessary for the purposes of legitimate interests we pursue as a controller (Article 6(1) in the General Regulation (EU) 2016/679, hereinafter referred to as GDPR).

Our legitimate interest is the need to protect our premises and property from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health, and property of our staff and third parties legally present in the supervised area. We limit reception in places we assessed that there is an increased likelihood of unlawful acts e.g., theft, such as in our cashiers and entrances, without focusing on places where the privacy of the persons monitored may be excessively restricted, including their right to respect for personal data.

 

 

Type of data and categories of data subjects

We collect only image data of our employees and third parties, customers and visitors who are legally present in the supervised area. We do not process audio data or biometric data.

 

Recipients

The material held is accessible only to our responsible/authorized personnel in charge of the safety of the site. It is noted that regarding the management of the material and the special access to it, the IT Department of the Company under the name “ANONYMOS ETAIREIA XENODOCHEIAKON KAI TOURISTIKON EPICHEIRISEON GEKE” is responsible, which in each case undertakes the role of the Data Processor for the Astor Hotel, committed to the confidentiality and the security of processing. Such material shall not be transferred to third parties, except in the following cases: a) to the competent judicial, prosecutor and police authorities when it contains information necessary for the investigation of a criminal offence concerning persons or property of the controller; (b) to the competent judicial, prosecutor and police authorities when requesting data lawfully in the course of their duties; and (c) to the victim or perpetrator of a criminal offence, in the case of data which may constitute evidence of the offence.

 

Data retention time

We keep the data for a period of fifteen (15) days, after which they are automatically deleted. If during this time we find an incident, we isolate part of the video and keep it up to one (1) month, with a view to investigating the incident and initiating legal proceedings to defend our legitimate interests, while if the incident concerns a third party, we will keep the video for up to three (3) months.

 

Data security

President Hotel implements appropriate technical and organizational measures for the security of the personal data of natural persons that it processes in the context of its activities on a case-by-case basis and in particular the data collected through the video surveillance system it has implemented in its facilities. In particular:

a. security and network protection policies and procedures are applied [e.g., network firewall], distinct subnet (VLAN) as part of the internal network during the transmission of image information data,

b. techniques are applied to increase network security, central management of logical access and graded access, continuous security monitoring, safeguarding the availability of information, safeguarding the physical security of the infrastructure, which contribute to maintain the confidentiality, availability and integrity of personal data of the natural persons it processes,

c. graded access policies (physical and logical) are applied to both the recording infrastructure and the recording information,

d. a Video Surveillance System Officer and Data Protection Officer (DPO) has been appointed,

e. secure data transmission procedures are applied in the event of a request. Storage takes place in a specially configured infrastructure with graded and controlled access.

 

Rights of data subjects

Data subjects shall have the following rights:

  • Right of access: you have the right to know if we are processing your image and, if so, to obtain a copy of it.

  • Right to restriction: you have the right to ask us to restrict the processing, for example not to delete data that you consider necessary to establish, exercise or support legal claims.

  • Right to object: you have the right to object to processing.

  • Right to erasure: you have the right to request that we delete your data.

You can exercise your rights by sending an e-mail to the address dpo@president.gr or a letter to our postal address or by submitting the request in person to our Company's address [Kifisias Avenue 43, Athens, Greece, Postal Code: 11523]. Our Company also provides a Data Subject Request Form which is available on our website or in physical form at the reception of our hotel. It is noted that in case there are reasonable doubts concerning the identity of the data subject, we might request the provision of additional information necessary to confirm the identity. The table below lists your rights based on the purpose of the processing and a corresponding legal basis. In this table you will find detailed information (concept, method, and time limits) and form for the exercise of each right.


 

 


 

In order to consider a request related to your image, you will need to determine when you were about in the range of the cameras and give us a picture of you, so as to make it easier for us to locate your own data and hide the data of third-party persons. Alternatively, we give you the opportunity to come to our premises to show you the images in which you appear. We also note that the exercise of the right to object or erasure does not entail the immediate deletion of data or modification of the processing. In any case we will reply in detail as soon as possible within the deadlines set by the GDPR. You can be informed in detail about your rights, as they derive from the current legal framework here.

Right to file a complaint

In case you consider that the processing of your data is in breach of the GDPR, you have the right to file a complaint with a supervisory authority. The competent supervisory authority for Greece is the Data Protection Authority, Kifissias 1-3, 115 23, Athens, https://www.dpa.gr/ tel. 2106475600.

 

 

 

 

Update/revision of this Policy

President Hotel reserves the right to update this information at any time. The security measures taken by the Company are dynamic and relate to individual case-by-case decisions of compliance with the principles of processing as defined by the GDPR, Law 4624/2019, and the guidelines of the competent supervisory authorities. Please check this update regularly to be informed of any changes that have been made

Astor Hotel • 16 Karageorgi Servias Str. • 105 62 Athens • Greece T +30 210 33 51 000 • F +210 32 55115 • reservations@astorhotel.gr
MHTE: 0206Κ010Α0006100 | ΓΕ.ΜΗ : 122037301000
© 2024 Astor Hotel . All rights reserved.