CCTV DATA PROCESSING NOTICE

Data Controller

The Company ” NEUROPUBLIC S.A. – Information Technologies” and distinctive title “NEUROPUBLIC S.A.”, with registered office in Piraeus, Spiliotopoulou & Methonis Street no. 6, P.C. 18545, lawfully represented, acts as the Data Controller.

Purpose of Processing and Legal basis

A surveillance system with fixed video cameras, without rotation or zoom capability, operates on the premises of NEUROPUBLIC and at the GaiaSense Hub, solely for the purpose of protecting individuals and property.

The legal basis for the processing is the legitimate interests pursued by the Company as Data Controller (Article 6 par. 1. f GDPR).

Analysis of Legitimate Interests

The legal basis for processing video data collected through the CCTV system derives from the Company’s obligation to ensure the safety of individuals present on its premises (employees, customers, partners) and its legitimate interest in safeguarding the integrity of its assets.

The collection and retention of such data is carried out for the purpose of protecting individuals, premises, systems and the Company’s infrastructure and property.
The recorded image data is limited to what is strictly necessary and proportionate for these purposes.

Cameras located indoors may capture images of individuals working at or visiting the Company’s premises under any capacity.

Cameras do not capture images of workstations unless absolutely necessary due to the nature of the work, for the safety of employees, third parties, or the protection of the Company’s or third-party property.

The collection and retention of image data is performed in a way that respects the privacy, personality and dignity of employees and all individuals whose image is captured.

Recipients

Access to the recorded material is strictly limited to the authorized personnel responsible for site security.

Image data is not disclosed, communicated, or transferred to third parties, except where required by law or a court order.

Data is not transferred to third countries.

Retention period

Image data is retained for no more than fifteen (15) calendar days, after which it is automatically deleted, unless an incident relevant to the surveillance purpose is detected.

In case of a criminal or security incident involving people or property that has been recorded, the retention period may be extended by decision of the Company and/or following an order from law enforcement or other competent Authorities.

Data Subjects’ Rights

You have the right to be informed about and access your personal data held by NEUROPUBLIC.
You also have the right to request the rectification, update or deletion of your personal data, as well as the right to restriction of processing and objection.
In addition, under the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority.

To exercise your rights or request further information, you may contact the Company’s Data Protection Officer at: [email protected]

To assess a request concerning your recorded image, you must indicate the approximate time you were within the camera range and provide a recent photograph of yourself, so that we can identify your data and mask the data of other individuals who may appear in the footage.
Alternatively, you may visit our premises so that we may show you the footage in which you appear.

Please note that exercising your right to object or delete does not necessarily mean that immediate deletion of the data will follow. You will always receive a detailed response as soon as possible and within the deadlines set by the GDPR.

Right to Lodge a Complaint

If you believe that the processing of your personal data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority. The competent supervisory authority for Greece is the Data Protection Authority, 1-3 Kifissias Street, 115 23, Athens, https://www.dpa.gr/, tel. +302106475600.