1. Definitions, Purpose & Scope
Taking seriously the privacy of our visitors and employees and in accordance with Regulation (EU) 2016/679 on the Protection of Personal Data (GDPR), we have developed this Policy in order to inform you that within the premises of our physical facility, we use a surveillance system for the purpose of protecting persons and property. Processing is necessary for the purposes of legitimate interests pursued by us as the data controller (Article 6(1)(f) GDPR).
The Company’s video surveillance system captures images of natural persons and therefore processes personal data. This Policy describes the Company’s video surveillance system and defines the security measures taken to protect personal data, the right to privacy, and other fundamental rights and legitimate interests of individuals recorded by the Company’s surveillance cameras.
Please note that this Policy does not include:
Operation of teleconferencing systems, recording of audiovisual material of an event (e.g. conference, hearing, seminar, social event), video recording carried out for the production of material or broadcasting of an event as part of the Company’s communication policy with the media and the public.
Image and/or audio capture by handheld cameras, photographic devices, mobile phones, or other access control systems without recording, which are activated following a specific action by the user (e.g. intercom systems), as no continuous image recording takes place.
For reasons of transparency, this Policy is made available by the Company to any interested party.
2. Data Controller:
KLEIDIS G. IOSIF, 70 AMFITHEAS AVENUE, 17563, PALAIO FALIRO, Tax ID: 148730770, Tax Office: GLYFADA, Tel. 2109827300
As the designated data controller, the above-mentioned business bears all obligations arising from the data protection legal framework, including the obligation to satisfy data subjects’ rights of information, access, and objection, as well as the obligation to ensure confidentiality and processing security.
3. Legitimate Interest Assessment
Our legitimate interest lies in the need to protect our premises and the property located therein from unlawful acts, such as theft. The same applies to the protection of life, physical integrity, health, and property of our staff and third parties lawfully present in the monitored area. We collect only image data and limit recording to areas assessed as having an increased likelihood of unlawful acts (e.g. theft), such as cash registers and entrances, without focusing on areas where privacy could be excessively restricted, including the right to personal data protection.
In order to enhance privacy protection, the Data Controller has ensured the following:
The video surveillance system does not aim to capture (e.g. through zooming or targeted focus) or otherwise process images revealing “special categories of data”.
The surveillance cameras are fixed, do not allow real-time rotation or zoom, and record only upon motion detection to limit unnecessary data.
The retention period of recorded material is limited to fifteen (15) days.
Access to surveillance data is strictly limited to a small number of clearly defined and specially trained operators.
The cameras do not transmit data via the Internet (web cameras).
No audio data is recorded by the cameras.
4. Surveillance Areas & Purposes of Data Collection
Security cameras installed on the premises monitor the external and internal entrance areas as well as locations where financial transactions take place (e.g. cashier, accounting office). Camera placement has been carefully selected to ensure that monitoring is limited to what is strictly necessary for the intended surveillance purposes.
No images are captured in areas where video surveillance is prohibited due to increased expectations of privacy, such as restrooms and antechambers.
The Company’s surveillance system consists of cameras that record upon motion detection 24/7 for security purposes, in combination with date and time data. Live camera footage is available in real time at the Company’s management office.
The Company uses the surveillance system exclusively for security and protection of its professional premises, staff, visitors, assets, records, and information, as well as for monitoring compliance with hygiene rules.
The surveillance system aims at immediate response in case of injuries, prevention and suppression of malicious acts (e.g. unlawful behavior), prompt mobilization in the event of non-human threats (e.g. fire before it spreads), and other situations related to the protection of persons and property.
The surveillance system is not used for purposes other than those described above. Data collected are not used to monitor employee performance, behavior, or productivity.
5. Recipients
Recorded material is accessible only to authorized personnel responsible for site security. It is not transferred to third parties except in the following cases:
a) to competent judicial, prosecutorial, and police authorities when required for the investigation of a criminal offense involving persons or property of the data controller,
b) to competent judicial, prosecutorial, and police authorities upon lawful request in the exercise of their duties, and
c) to the victim or perpetrator of a criminal act when the data may constitute evidence.
The Company uses external partners on its behalf for:
Provision of technical support services for security systems – CCTV. Processing may include on-site visits, inspection of internal and external circuits, and creation of backup copies of control and recording software.
These external partners are bound by written agreements ensuring confidentiality and processing security. System operators are informed of the processing purpose and may not record areas where processing is prohibited.
6. Data Retention Period
Data are retained for fifteen (15) days, after which they are automatically deleted. In case an incident is identified during this period, a portion of the footage is isolated and retained for up to one (1) additional month for investigation and legal proceedings, or up to three (3) additional months if third parties are involved.
7. Information to Data Subjects
The Company informs the public about video surveillance through:
Clearly visible signage placed at interior areas and entrances, indicating that the premises are monitored by a closed-circuit system for the protection of persons and property. The signage states that recording is carried out on behalf of KLEIDIS G. IOSIF as the data controller and that further information is available via contact details and the published online Data Protection Policy.
8. Data Subject Rights
Data subjects have the following rights:
Right of access: You have the right to know whether your image is processed and, if so, to obtain a copy.
Right to restriction: You have the right to request restriction of processing.
Right to object: You have the right to object to processing.
Right to erasure: You have the right to request deletion of your data.
In case of an incident, the Data Controller is obliged to apply blurring or masking techniques to protect the personal data of unrelated individuals appearing in the footage.
Upon request, a presentation of relevant footage may be arranged. The requester must prove identity and specify the time, location, and circumstances of recording. Requests may be partially satisfied or denied when necessary to protect investigations or third-party rights.
Requests may be submitted via email to info@sifiskleidis.gr, by post, or in person at the facility. Responses will be provided within GDPR deadlines.
9. Right to Lodge a Complaint
If you believe that the processing of your personal data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority.
The competent supervisory authority for Greece is the Hellenic Data Protection Authority,
1–3 Kifisias Avenue, 115 23 Athens, www.dpa.gr, Tel. 2106475600.