Home / Privacy Policy – Video Surveillance System

Privacy notice on the processing of personal data through a video surveillance system

Last updated: October 1, 2022


This Privacy Notice applies to the processing of your personal data through the Video Surveillance system (hereinafter “Personal Data”), as a customer of the hotel or as a visitor or as an employee (hereinafter “Customer” or “Visitor” or “Employee” or “you” ), which is made by the company “ATLAS SA” (hereinafter “Company” or “Hotel” or “Hotel Porto Angeli ” or “we”).

For the safety and protection of its customers, staff, visitors, office premises, assets and information, as well as for logistical reasons, the Company protects its facilities with a video surveillance system through closed circuit television (CCTV). The video surveillance system records images of people and therefore processes personal data.

As a customer of the hotel or as a guest or as an employee you have the right to the protection of your Personal Data. The Hotel respects your privacy and your personal data and always acts in compliance with the Personal Data Protection Legislation. The hotel is also committed to acting transparently regarding how data is collected and used in the context of fulfilling its obligations.

By the term “Legislation on Personal Data Protection” (hereinafter “Legislation”) we mean all laws, regulations, directives, etc., Greek or European, concerning the processing of Personal Data, their privacy and security. For example, we mention the General Data Protection Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Directive 1/2011 “Use of video surveillance systems for the protection of persons and goods” of the Greek Personal Data Protection Authority (PDPA), as well also the Directives of the European Data Protection Board (EDPB) Guidelines 3/2019 regarding the processing of personal data through video devices.

It is important that you read carefully this notice which clearly explains to you how and why we collect your Personal Data through the Video Surveillance system, what we do with them, how long we keep them, with whom we share them, how we protect them, and the choices you may have about them. In this way you will always be fully aware of the ways and reasons for which we use these data as well as your rights under the Legislation.

Data Controller

The Hotel according to the General Data Protection Regulation acts as “Data Processor”. This means that the Hotel is responsible to decide on the ways with which and the purposes for which it collects and uses (“processes”) your personal data.

Our contact details are:


Porto Angeli Beach Resort
Stegna Beach, Archangelos
Rhodes, 85102, Greece
Tel:  +30 22440 24000
Fax: +30 22440 22121

Processing Principles

In the context of complying with our Privacy Policy, we make every effort and in particular:

  • We process your personal Data with fair, legal, legitimate, clear, objective and transparent way.
  • We collect your data only for specific, explicit and legal purposes that we deem appropriate and are sufficiently explained to you. Moreover, we assure you that they will not be used in any other way but only exclusively for those purposes.
  • We collect and preserve the minimum possible data, which are appropriate, coherent and absolutely necessary for the processing purposes.
  • We assure you that the data are correct and will be preserved updated and with accuracy.
  • We will preserve your data only for the time period required for the completion of each processing purpose.
  • We will make sure they are saved with the appropriate safety.
  • We process them in a way that assures that they will not be used with an illegal or contrary way from your will.

Types of personal data collected

The hotel only collects image data and no voice is recorded.

Legal Base for the Processing of Personal Data

We use a surveillance system for the purpose of protecting people and property. The processing is necessary for the purposes of legitimate interests pursued by us as the controller (Article 6 p. 1. f GDPR).

For example:

  • To control access to the premises and ensure the security of the buildings, the safety of its staff and visitors, and the assets and information located or stored on the premises.
  • To prevent, deter and, if necessary, investigate unauthorized physical access, including unauthorized access to secure and protected areas, IT infrastructure or business information.
  • To prevent, detect and investigate theft of equipment or property belonging to the Hotel, customers, visitors to staff or threats to the safety of customers, staff or third parties (eg fire, physical assault).

The data collected through the system is not used to monitor the work of employees or to evaluate their behavior and efficiency.

The system is also not used as an investigation tool or to gather evidence in internal investigations or disciplinary procedures, unless it is a security incident.V

Analysis of legitimate interests

Our legitimate interest consists in the need to protect our site and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our customers, our staff and third parties who are legally present in the monitored area.

We limit the monitoring to places where we have assessed that there is an increased need without focusing on places where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.


The guarded material is only accessible by our competent / authorized personnel who are in charge of site security. This material is not passed on to third parties, with the exception of the following cases:

  • to the competent judicial, prosecutorial and police authorities when it includes information necessary for the investigation of a criminal act, which concerns persons or goods of the data controller,
  • to the competent judicial, prosecutorial and police authorities when they request data, legally, in the exercise of their duties, and
  • to the victim or perpetrator of a criminal act, when it comes to data that may constitute evidence of the act.

Data retention time

We process and use your personal data for one or more of the following purposes:

We keep the data for fifteen (15) days, after which they are automatically deleted. In the event that we detect an incident during this period, we isolate part of the video and keep it for up to one (1) month, with the aim of investigating the incident and initiating legal proceedings to defend our legal interests, while if the incident concerns third we will keep the video for up to three (3) more months.

Protection of your personal data

The Hotel is committed to protecting the security of your personal data. Therefore, we have put in place a number of technical and organizational security measures to prevent the use or access of your personal data in an unauthorized or illegal manner, the accidental loss or damage of its integrity, its alteration or disclosure. We keep your data on computer systems with limited access and only in controlled facilities.

In addition, we limit access to your personal information to only those who have a business need to know. Your personal information will only be processed in accordance with our instructions and subject to an obligation of confidentiality. Your Personal Data will only be processed by a third-party Processor if he agrees to comply with the specific technical and organizational data security measures.

Rights of data subjects

Data subjects have the following rights:

  • Right of access: you have the right to know whether we are processing your image and, if so, to receive a copy of it.
  • Right to restriction: you have the right to ask us to restrict the processing, such as not to delete data that you consider necessary to establish, exercise or support legal claims.
  • Right to object: you have the right to object to the processing.
  • Right to deletion: you have the right to request that we delete your data.

You can exercise your rights by sending an e-mail to or a letter to our postal address or by submitting the request to us in person at our address. In order to consider a request related to your image, you will need to tell us approximately when you came into range of the cameras and provide us with an image of you to help us identify your own data and mask the data of third parties depicted. Alternatively, we allow you to come to our premises to show you the images in which you appear. We also point out that the exercise of the right to object or delete does not imply the immediate deletion of data or modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.

Right to file a complaint

If you believe that the processing of your data violates Regulation (EU) 2016/679, you have the right to file a complaint with a supervisory authority.

The competent supervisory authority for Greece is the Data Protection Authority, Kifisias 1-3, 115 23, Athens,, tel. 2106475600.

Questions, Concerns or Complaints

If you have questions about this Privacy Notice, if you want to file a complaint about the way your personal data is processed by the Hotel or its partners, you have the right to contact us. Contact information can be found in the Data Controller section

Updates to this Privacy Notice

The Hotel reserves the right to modify this notice and its related practices at any time in order to respond to changes in the regulatory environment, business needs or to satisfy the needs of its subjects, properties, strategic partners and service providers without notice. Such changes, modifications, additions or deletions to this Privacy Notice will supersede previous releases and will be effective immediately upon posting.

Updated versions will be posted on the Hotel Website at the address below and will be dated.