Video Surveillance Policy

Information on the processing of personal data through the video surveillance system (Second-Level Information Notice)

1. Data Controller

The Data Controller is the University Legal Entity under the name “UNIC ATHENS University Legal Entity”, headquartered in Elliniko, Attiki, 29th Street, no. 17, P.C. 16777, (tel.: +30 210 6748293).

2. Data Protection Officer (DPO)

The Data Protection Officer is the law firm under the name “Avrantinis & Associates Law Firm”, 8 Makedonon Street, P.C. 11521, Athens, Greece.

Contact person: Sotirios Vazimas, Attorney-at-Law, Certified DPO

Tel.: +30 2120003102 | Email: [email protected]

3. Purpose of Processing

The operation of the video surveillance system at the premises of UNIC ATHENS aims at the protection of persons and property, and more specifically:

the protection of the university’s premises, equipment and academic material from unlawful acts, such as theft, unauthorised entry and vandalism (protection of property), and
ensuring the safety, physical integrity, health and property of students, staff, collaborators and visitors present on the premises (protection of natural persons).

4. Legal Basis of Processing

The processing of personal data through the video surveillance system is necessary for the purposes of the legitimate interests pursued by the Data Controller (Article 6(1)(f) of the General Data Protection Regulation 2016/679/EU).

5. Legitimate Interests of the Data Controller

The legitimate interest of the Data Controller consists in the need to protect the university’s premises, including the property located therein, from unlawful acts such as theft, unauthorised entry and vandalism, as well as from natural phenomena that may cause damage, such as fire.

The installation of the closed-circuit television (CCTV) system at the entrance/exit points and at selected common areas of the university constitutes a necessary means for the control of persons and vehicles entering the university premises. In the event of a suspicious or harmful incident, recourse to the recorded visual material is deemed necessary for the prevention of risks or for identifying any persons responsible.

The Data Controller collects image data exclusively from areas which, on a reasoned assessment, present an increased likelihood of unlawful acts (data minimisation). The processing does not extend to areas where the private life of the data subjects might be disproportionately restricted (such as sanitary facilities, changing rooms, etc.). No audio recording takes place.

6. Categories of Data

Through the video surveillance system, only image data (video) is collected. No audio recording takes place, no facial recognition systems are used, and there are no pan-tilt-zoom cameras that do not fall within the provided exceptions.

7. Recipients

The material recorded by the video surveillance system is accessible only by the authorised security personnel of UNIC ATHENS, who operate the system. The Data Controller takes all appropriate technical and organisational measures to ensure the security of the material held.

The material held is not disclosed to third parties, except in the following exhaustively listed cases:

To the competent judicial, prosecutorial and police authorities, when it contains information necessary for the investigation of a criminal act.
To the competent judicial, prosecutorial and police authorities, when they lawfully request such data in the exercise of their duties.

To the victim or perpetrator of a criminal act, where the data may constitute evidence of the act.

Given that UNIC ATHENS is a branch of the University of Nicosia in Greece, pursuant to the provisions of Law 5094/2024, data may be transferred to the parent institution exclusively within the framework of the supervision that it is obliged to exercise, subject to the observance of confidentiality and the duty of discretion.

8. Storage Period

The Data Controller retains personal data only for the period required to achieve the purposes of the processing (storage limitation). The recordings are stored for a period of fifteen (15) days from the moment of their capture, in accordance with the maximum limit of Directive 1/2011 of the Hellenic Data Protection Authority (HDPA). Upon expiry of the above period, the recordings are automatically deleted.

If, during the data retention period, an incident is identified or reported, the Data Controller shall isolate the relevant portion of the video and retain it: (a) for thirty (30) working days, where the incident affects its own legitimate interests, and (b) for three (3) months, where the incident concerns the legitimate interests of a third party.

9. Rights of the Data Subjects

The Data Controller ensures and facilitates the exercise of the rights of data subjects. In particular, as a data subject you have the right:

To be informed as to whether your data is being processed and, if so, to obtain access to it (right of access).
To request the erasure of your data (right to erasure).
To object, at any time, to the processing of your data (right to object).
To request the restriction of the processing of your data (right to restriction).

To exercise the above rights, you may send a message to the email address [email protected] or a letter to the address: 17, 29th Street, P.C. 16777, Elliniko, Greece.

For the effective examination of your requests, you are kindly asked to specify the time period during which you were within the range of the video surveillance system and to provide an image of yourself, so as to facilitate the identification of your own data and the concealment of data relating to third parties appearing in the footage. Alternatively, the Data Controller offers you the possibility of attending its premises, where it will show you the images in which you appear.

The Data Controller undertakes to respond to requests without delay and, in any event, within thirty (30) days from their submission. This deadline may be extended by a further sixty (60) days where required due to the complexity or the number of requests. In any case, you will be informed within thirty (30) days of any extension and the reasons therefor.

10. Right to Lodge a Complaint with a Supervisory Authority

If you consider that the processing of personal data concerning you infringes the provisions of the General Data Protection Regulation (EU) 2016/679, Law 4624/2019 and the applicable implementing legislation, you have the right to lodge a complaint with the competent Greek supervisory authority:

Hellenic Data Protection Authority

1-3 Kifisias Avenue, P.C. 115 23, Athens

Tel.: 210 6475600

Email: [email protected]

Website: www.dpa.gr

11. Technical Description of the System

The UNIC ATHENS video surveillance system forms part of an Integrated Security System (ISS), designed by the company SeCon (Security Consultants) and implemented by Fast Forward S.A. The CCTV system is based on IP technology and comprises:

IP cameras (dome, bullet, fisheye types) installed at strategic points (entrances, exits, common areas).
A Video Management System (VMS) for the monitoring, recording and storage of the material.
Network Video Recorders (NVR) for the storage of video material.
Monitoring screens at the security control centre.
The system operates via a closed local area network (LAN) with a Power over Ethernet (PoE) connection, ensuring a high level of security and reliability. Access to the system is controlled by means of user roles and access log files (audit trail).

About

The Campus

Partners

Environment, Health & Safety

Programmes

Admissions

Current Students

International Students

Relevant Links

University Life

Dining & Entertainment

Student Support

Alumni

News

Events