Information on the processing of personal data through a video surveillance system

1.Controller:

PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal, 103 Vas. Sofias avenue, Athens, Greece, PC. 11521, mail   info@gr.AndersenLegal.com , telephone +30 210 3626971, fax +30 210 3626974, website gr.AndersenLegal.com

 

2. Purpose of the processing and legal basis:

We use closed-circuit television (CCTV) in order to protect natural persons and premises. The processing is necessary for the purposes of the legitimate interests we pursue as a controller (article 6 para. 1. (f) GDPR).

 

3. Legal Interests

Our legal interest is the need to protect our premises and the materials in it from illegal actions, such as theft. We also need to ensure life safety, physical integrity, health as well as the property of our staff and of third parties legally located in the area under surveillance. We only collect image data and limit the surveillance to places where we have previously assessed that there is an increased possibility of perpetration of illegal actions e.g. theft, for instance, in the entrance, without focusing on places where privacy of the persons being photographed may be severely restricted, including their right to respect of their personal data.

 

4. Recipients

The material held is accessible only by our competent / authorized personnel who are in charge of security of the premises. This material shall not be disclosed to third parties without the consent of the data subject, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary to investigate a criminal offense involving persons or property of the controller; (b) to the competent judicial, prosecutorial and police authorities when lawfully requesting data in the performance of their duties, and (c) to the victim or perpetrator of a criminal offense, in the case of data which may constitute evidence of the offense.

 

5. Retention period

We keep the data for fifteen (15) days, after which they are automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns third parties, we will keep the video for up to three (3) more months.

 

6. Data subjectsrights

Data subjects have the following rights:

  • Right of access: you have the right to be aware whether we process your images and if so, to receive a copy of them.
  • Right to restriction of processing: you have the right to request us to restrict processing, for example, you may ask us not to delete data that you deem necessary to establish, exercise or support legal claims.
  • Right to object: you have the right to object to the processing.
  • Right to erasure: you have the right to request that we erase your personal data.

 

You may exercise your rights by sending an e-mail to yiannis.pavlitzoglou@gr.AndersenLegal.com  or a letter to our postal address Vas. Sofias 103, Athens 11521 or by submitting the request to us in person, at the address of the company. To examine a request related to your image, you should tell us when you were within the range of the cameras and give us a picture of you to make it easier for us to locate your data and hide the data of third parties pictured. Alternatively, we give you the opportunity to come to our facilities to show you the images in which you appear. Moreover, we would like you to note that exercising the right to object or the right to erasure does not imply the immediate erasure of data or the modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.

 

7. Right to lodge a complaint

In case you consider that the processing of your data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the competent supervisory authority.

The competent supervisory authority in Greece is the Hellenic Data Protection Authority, Kifisias Avenue 1-3, 11523, Athens, https://www.dpa.gr/, telephone number  +302106475600.