• WORKING HOURS: MONDAY - SUNDAY 10:00 - 18:00

CCTV Policy

Alphavet S.A. (hereinafter the “Company”) has installed a Closed Circuit Television (CCTV) surveillance system at its premises for the purpose of ensuring the safety of individuals and the security of property. This policy is intended to inform employees, customers, and visitors about the operation of the CCTV system and the processing of personal data collected, in compliance with the EU General Data Protection Regulation (EU 2016/679, GDPR), Greek Law 4624/2019, and the guidelines of the Hellenic Data Protection Authority (HDPA), including HDPA Directive 1/2011. The Company adheres to the core data protection principles of lawfulness, fairness and transparency, purpose limitation, data minimization, storage limitation, integrity and confidentiality, and accountability as required by law.

For transparency, clear signage has been placed at all entry points to our premises, informing the public that the area is under CCTV surveillance.

Description of the CCTV System

Our CCTV system consists of security cameras operating continuously (24 hours a day, 7 days a week). All cameras are fixed (no remote pan/tilt or zoom capability) and do not record audio, only video.

There are no cameras in areas where people have a heightened expectation of privacy, such as restrooms or staff locker rooms, nor in any area for which a security risk cannot be justified. Importantly, the CCTV system is not used to systematically monitor employees’ performance or behavior. Cameras are installed only at entry/exit points and areas with critical equipment, in line with HDPA guidelines, and the Company will not use CCTV footage to evaluate employee productivity.

Purpose and Legal Basis of Processing

The CCTV system is operated exclusively for security purposes, aimed at protecting the Company’s premises, the individuals on site, and the Company’s assets. In particular, the CCTV captures and records video for the following purposes:

  1. Protection of individuals: To safeguard the safety of employees, customers, and visitors on Alphavet’s premises – for example, by preventing or addressing incidents of violence and enabling a quick response in case of an accident or other emergency.
  2. Protection of property: To protect the Company’s facilities and property (including medical equipment, medications, electronic systems, and records) from theft, damage, or unauthorized access.
  3. Deterrence and incident investigation: To deter illegal or criminal acts on the Company’s premises and to help investigate security incidents by using CCTV recordings as evidence if an incident occurs (such as a break-in or vandalism).

The legal basis for the processing of personal data via CCTV is the Company’s legitimate interest (GDPR Article 6(1)(f)) in protecting its premises, assets, and the safety of its personnel and clients. Operating the CCTV system also helps Alphavet fulfill its duty to maintain a safe working and service environment.

Data Retention Period and Deletion

CCTV recordings are retained for a maximum of 14 days, after which they are automatically overwritten on the recording system (cyclical overwriting). The 14-day retention period is in line with the guidance of the HDPA’s Directive 1/2011 and is deemed sufficient, as any security incident (e.g. damage, loss of property, reported event) would typically come to light within that time frame, prompting a review of the footage if necessary.

If a significant security incident is detected within the retention period (for example, a theft, property damage, violent incident, or any event related to the protection of persons or property), the Company will export and isolate the relevant segment of footage in order to investigate the incident and preserve it as evidence. Such extracted footage will be retained for a longer period only for the purpose of documenting the incident and potentially using it as proof (e.g. for a law enforcement investigation or legal proceedings). In all cases, Alphavet will limit the retention of footage to the minimum necessary duration for each situation and will inform the authorities as required. Once an incident has been resolved or the above maximum retention periods have elapsed (whichever comes first), any retained footage related to that incident will be permanently and securely deleted.

Access to and Disclosure of Footage

Access to recorded CCTV footage is strictly limited to authorized individuals, in order to minimize the risk of unauthorized use or disclosure.

Alphavet does not disclose or share CCTV footage with any third parties except when there is a legal obligation or authority to do so. We may provide CCTV data to competent authorities (such as the Police or judicial/prosecutorial authorities) only if the legal conditions are met. This could occur either in response to an official request from the authorities as part of a lawful investigation (in which case the Company is obliged to comply and hand over the requested footage), or on Alphavet’s own initiative if the footage contains evidence of a criminal act against the Company or a third party (for example, a recording of a break-in or assault). Any such transfer of footage will be carried out in accordance with the law and will be limited to what is necessary for the investigation of the specific incident.

Technical and Organizational Security Measures

ALPHAVET has adopted appropriate technical and organisational security measures to protect video surveillance data against unauthorised access, alteration, or disclosure, such as secure storage of the recording equipment, access restricted to authorised personnel, use of dedicated access credentials, maintenance of logs, and contractual commitments with the parties involved in its operation. The authorised personnel responsible for managing the CCTV system have been appropriately trained and are bound by a duty of confidentiality.

Data Subject Rights

Any individual entering our monitored premises (employees, customers, visitors) is considered a data subject with respect to the CCTV footage and has certain rights under the GDPR regarding their personal data. In particular, you have the right to:

  • Access: To know whether your personal data is being processed and to receive a copy of that data (in this case, any CCTV images in which you appear).
  • Erasure: To request deletion of your personal data (the “right to be forgotten”). For example, you may request that footage showing you be erased if it is no longer needed for the stated purposes, or if you believe the processing is unlawful.
  • Restriction: To request that the processing of your data be restricted (for example, by temporarily blocking access to footage where you appear) if you contest the accuracy of the data or object to its processing, until the issue is resolved.
  • Objection: To object, on grounds relating to your particular situation, to the processing of your data via CCTV which is based on the Company’s legitimate interest. Alphavet will then cease processing the data unless it demonstrates compelling legitimate grounds that override your rights, or if the footage must be retained for the establishment/exercise of legal claims.
  • Complaint: To lodge a complaint with the competent Data Protection Authority, which in Greece is the Hellenic Data Protection Authority (HDPA), if you believe that your rights have been violated or that the processing of your data does not comply with data protection law.

Alphavet respects and facilitates the exercise of these rights. We will evaluate any request and respond without undue delay and in any case within the timeframe set by law (normally within one month, with a possible extension of two further months if necessary due to complexity). Exercising your rights is free of charge – there is no fee for lodging a request or for us to take action on it, except in the rare case of manifestly unfounded or excessive/repeated requests (in which case a reasonable fee may be charged or the request refused as allowed by GDPR Article 12(5)).

How to Exercise Your Rights / Contact Procedure

If you wish to exercise any of the above rights or request access to CCTV footage, you may contact the Company via email at info@alphavet.gr or by calling (+30) 210-6201459. Alternatively, you may send a written request to our mailing address: Alphavet S.A., 40 Filosofon Street, 14564 Nea Kifissia, Athens, Greece. In your request, please describe what you are requesting and include any information that would help us locate the relevant data (for example, the date and approximate time of your visit to our premises, and any distinguishing details about your appearance or interaction). For security reasons and to protect privacy, the Company may ask for additional information or proof of identity before granting access to footage, to ensure that data is disclosed only to the correct person.

Alphavet will review your request and respond as promptly as possible, and in any event within the legal deadline. Our response will either grant the request (e.g. by providing you with a copy of the relevant footage or confirming deletion) or explain the reasons if we cannot fully comply (for instance, if honoring the request would infringe on another person’s rights or is not required by law). In the case of an access request, we will either provide the relevant footage (if available and permissible) or inform you if no data was found. The first copy of any footage involving you will be provided free of charge, and, as noted above, you will not be charged for the handling of your request (except under the exceptional conditions of manifestly unfounded or excessive requests under GDPR Article 12(5)).

Our CCTV system operations and this policy are fully compliant with applicable data protection laws, including the EU General Data Protection Regulation (2016/679), the Greek Law 4624/2019, and Directive 1/2011 of the Hellenic Data Protection Authority. Alphavet follows the principles of data minimization and proportionality in the design and use of the system (cameras are installed only at critical locations, retention period is limited, etc.), in line with the aforementioned legal requirements. A thorough Data Protection Impact Assessment (DPIA) was conducted before the system became operational, in order to identify and mitigate any privacy risks. Alphavet is committed to regularly reviewing the CCTV system’s compliance with the law and will update this policy as necessary to ensure ongoing protection of privacy and personal data.