Closed Circuit Television (CCTV) Policy

CHS Greece Video – Surveillance Policy

  1. Purpose and scope of the Video – Surveillance policy

    In order to provide a safe and secure environment for its staff, visitors, office spaces, assets and documents as well as for logistical reasons, CHS Greece (hereinafter: Center) protects its premises by operating a video – surveillance system and, in particular, by using a Close Circuit Television (“CCTV”).

    The Center’s CCTV surveillance system records images of individuals and hence processes personal data. As the relevant Data Controller, the Center carries all the obligations provided by the regulatory framework for the protection of personal data, such as the obligation to respect the right to information, of access, of objection of the Data Subjects, the obligation to safeguard the confidentiality and the safety of processing.

    This policy describes the video – surveillance policy used by the Center and the safeguards that the Center takes to protect the personal data, privacy and other fundamental rights and legitimate interests of those caught on the cameras.

    It is noted that this policy does not include:

    • The operation of teleconference systems, audiovisual recordings of an event (e.g. conference, seminar), video recordings for the production of material or retransmission of an event in the context of Center’s communication with the Press and the public
    • Capturing of image or/and sound via handheld cameras, photo cameras, cell phones or other systems of entrance control, without recording, that are activated following certain action of their user (e.g. entrance telephone systems – video entry phones) as continuous recording of image or/and sound does not take place.


    For the purposes of transparency, this policy is available in the Center’s site but also in written form at its premises.

  2. Compliance status of the CCTV policy with the regulatory framework regarding the protection of personal data

    This policy in regard with the Center’s operation of video surveillance systems applies the General Data Protection Regulation (EU) 2016/679 (GDPR), Law 4624/2019, the Directive 1/2011 “Use of surveillance systems for the protections of persons and assets” of the Hellenic Data Protection Authority (HDPA) as well European Data Protection Board’s Guidelines 3/2019 on processing of personal data through video devices.

    The Center’s CCTV system was installed for security reasons and was notified to the HDPA on 11/12/2012 according to the legislation in force at that time.

    The Center has formulated this policy following its conclusion that the current CCTV system remains absolutely necessary and the level of security and protection of persons and assets pursued by the Center cannot be attained with any other less restrictive means.

    In order to enhance the protection of privacy, the Center has provided the following:

    • The CCTV system does not pursue to collect (e.g. via zoom in or targeting individuals) or to process in any other way images which expose “special categories of personal data”.
    • The surveillance cameras are fixed, there are no pan-tilt-and-zoom cameras in real time.
    • The transmission of the image is realized via the close circuit of the Center in limited and qualified number of recipients, as described here. Under no other circumstances, data are transmitted via the internet.
    • The surveillance system does not have microphones and does not receive, transmit nor process sound data.
    • The records of the footage are retained for a limited period of time, up to 12 working days.
    • Access to the surveillance records is strictly limited to certain and small number of handlers, specially trained.
  3. Areas under surveillance

    One camera has been installed in the entrance/exit of the Center at the basement as well as in these areas: One camera in the Events Hall at the basement, one camera in the Digital Library on the first floor, one camera in the Seminars Hall/Reading room on the second floor, one camera at the attic of the third floor, i.e. at sites of importance for the purposes pursued by surveillance. Cameras have not been installed by the Center at outdoor areas and, thus, they do not record image from external public areas, such as road, pavement, etc.

    The surveillance in the Center’s premises is limited to an absolute minimum. Footage is not collected from the premises where the operation of surveillance systems is prohibited because of heightened privacy expectations, such as, for example, toilet rooms and facilities, etc. The system is not used for monitoring staff in their office spaces. As far as the cameras for monitoring entrance/exit are concerned, their coverage is limited to the surveillance of these uses. In addition to the areas of entrance and exit, image is captured only from specific sites where increased safety is required.

    Moreover, for security reasons, cameras operate 24hours a day, seven (7) days a week in order to secure increased protection of spaces.

  4. Personal information recorded and purpose of their collection and processing

    Center’s surveillance system records any movement detected by the cameras in the area under surveillance together with date and time. Image from the cameras operating any moment is available in real time in the staff’s offices.

    The video - surveillance system is used for the sole purposes of security and protection of its premises, its staff, its visitors, its property and its documents. This system is not used for any other purpose than the aforementioned. The data collected via the system are not used to monitor the work of employees, to evaluate their behavior and their efficiency.

  5. Protection of the recorded data

    The video-surveillance system and its stored personal data are accessible by a small number of persons, clearly specified and, in particular, the Executive Director of the Center, the Manager of Administrative and Accounting Matters as well as the company with which the Center cooperates for the provision of technical support services regarding the systems and the networks, which processes data as Data Processor for the Center on its instructions. The Center uses a company as an external partner solely for the maintenance and, possibly, the repair in case of failure of the video-surveillance system, to extract footage of the recordings once criminal action is detected and for erasure of recordings once the 12 days period elapses. In addition, live images only are accessible by the Center’s personnel for security reasons.

    Apart from the aforementioned persons who have access to the recorded data because of their role and regarding the information which are relevant to their post (need-to-know principle), the data are not notified nor transmitted to third parties except on request of any interested person and following the consent of any individual recorded in the CCTV image. There is an exception in case where competent judicial, prosecutor and police authorities request lawfully data in the context of exercising their duties, and also transmission is permitted to the person captured in the stored data as a victim or an offender of an unlawful act.

    Moreover, the Center protects the safety of the video-surveillance system by adopting the following organizational and technical measures. The images captured by the cameras are recorded and stored for a time period of 12 working days, i.e. for a shorter period than the one of the fifteen (15) working days specified in the Directive of HDPA. Following the end of the said time period, the stored images are automatically and in order deleted so as that the new images of the new period will be recorded in their place. In case of an incident related to security, the relevant recorded material can be retained for a longer than the 12 days period, namely the data can be extracted from the system and be stored in a separate file with a maximum of 30 days. If the incident refers to a third party, the retention of the images can last up to 3 months.

  6. Information of the data subjects of the video-surveillance recording

    The Center informs the public regarding video-surveillance of its premises with the following means:

    • In all areas where there a video – surveillance camera is placed, an easily discernible informative signage/notice is displayed in a conspicuous location stating that the area is monitored by CCTV for the protection of persons and assets. In these signs, it is mentioned that the video-surveillance is in operation on behalf of the Center, which is the Data Controller and that for more information the subject can contact the Executive Director and the Manager of Administrative and Accounting Matters of the Center.
    • This policy of the Center is posted on its website for those who wish to know more about its practice regarding video-surveillance issues. Information in print is available, also, at the entrance/exit (basement), at the digital library (first floor), at the Seminars Hall/Reading room (second floor) and at the attic (third floor) of the Center.
  7. Out sourced Data Processors

    The Center out sources the provision of technical support services of its safety systems regarding video-surveillance. This processing includes visits to the Center’s office premises by the external contractor and control of the system’s circuit as well as creation of security copies of the software regarding control and monitor. The said external partners/data processors are bound by a written agreement providing for the confidentiality and the security of the processing.

  8. The rights of the subjects depicted in the video-surveillance recordings

    The subjects whose image is recorded by the Center’s CCTV may exercise each of their rights provided in the regulation in force regarding personal rights. The requests for access, correction, restriction, to object or erase personal data related to the use of CCTV, as well as the relevant questions or notes must be addressed in writing via e-mail to the following e-mail address: chsnafplion@chs.harvard.edu, subject: GDPR – CCTV or to the following postal address: Othonos and Filellinon Square, 21100 Nafplio.

    Every individual has the right to access the data recorded by the video-surveillance system which identify him/her as a data subject. This means that in any moment he/her can apply requesting for a copy of the part of the recording in which his/her image is captured, in case that the time period of their automatic erasure has not elapsed. It is also noted that in case the video-surveillance system records a criminal act in which someone is involved as a victim or an offender, the latter can request that the relevant part of the recording is handed to him/her, in case that the time period of their automatic erasure has not elapsed, without prejudice of a relevant prohibition from the part of a competent judicial authority. The data controller is obliged to grant, within reasonable time starting from the filling of the relevant request, a copy of the part of the image recording in which the data subject has been captured or a series of images in print from the recorded images or, accordingly, to inform in writing the interested person within the same time limit either that he/she is not depicted or that the relevant part of the recording has been destroyed. Alternatively, in case that the data subject is in accordance as well, the data controller may just show, in due time, the said part. To this aim, the data subject must indicate the accurate time and place where he/she was under the scope of the cameras.

    When a copy of image is granted, the data controller must cover the image of third persons (e.g. by blurring the part of the image) as their right to privacy may be violated otherwise. In case of a simple demonstration, the coverage of third parties’ image is not necessary.

    In order to gain access to personal data concerning a third person, which were collected via CCTV in the Center’s premises, a recently taken photograph of good quality as well as a copy of a proof of personal authentication (like an identity card, passport, etc) must be attached to the access request.

    The data subject has the right to object to his/hers image processing via CCTV and to demand the erasure or seizure (lock) of his/her data. It is noted that if the Center finds that the right of objection is lawful and must be satisfied, it must proceed to the erasure or seizure (lock) of the relevant data as well as to adjust the system’s operation in general so as to prevent a relevant processing in the future.

    The data subjects’ rights are examined by the Center and are satisfied according to those provided by the legislation in force. The Center must satisfy the rights of access and objection as described in this section. In case that the Center offendes in any way, the protection of personal data, the data subjects may recourse to the HDPA.

  9. Future changes in this policy

    The Center intends to review periodically this policy, in order to reflect the changes in its policies and its practices. In case it amends this policy, the Center will update the following “Date of last update”.

LAST UPDATE: September 1, 2020