GR

​​

SECOND-LEVEL PRIVACY NOTICE Processing of Personal Data through Video Surveillance Systems (CCTV)

​

This notice is provided in accordance with Regulation (EU) 2016/679 (GDPR), Law 4624/2019 and Recommendations 2/2020 of the Hellenic Data Protection Authority (HDPA). It constitutes the detailed second-level information notice, following the relevant first-level CCTV signage.

​

1. Data Controller

​

Company name: Vie Finance A.E.P.E.Y. S.A.
Contact email: compliance@viefinance.eu

​

2. Data Protection Officer (DPO)

​

The Company has appointed a Data Protection Officer (DPO).

DPO contact email: dpo@viefinance.eu

​

3. Legal Basis for Processing

​

The processing of personal data is carried out lawfully on the basis of:

• Article 6(1)(f) GDPR (legitimate interests of the Company), and

• Article 6(1)(c) GDPR, insofar as the processing is necessary for compliance with regulatory and supervisory obligations arising from the applicable European and national regulatory framework governing Investment Services Firms (A.E.P.E.Y.), in particular with regard to operational and business security and resilience.

​

The legitimate interests of the Company consist in ensuring a high level of security for individuals, premises and critical infrastructure, as well as in the prevention, deterrence and documentation of incidents that may affect the lawful operation of the Company.

​

A balancing test has been carried out, taking into account the nature of the monitored areas, the limited purpose of the processing, the scope of image capture and the rights of data subjects.

​

4. Purpose of Processing

​

The use of the closed-circuit television (CCTV) system, through which only image data are collected, aims at:

• Protecting the physical safety of employees and visitors.

• Protecting the Company’s premises, equipment and assets.

• Securing physical access to critical infrastructure (such as the data room and archives).

• Preventing and investigating security incidents.

​

6. Recipients / Categories of Recipients

​

Access to video surveillance material is granted exclusively to authorized personnel of the Company, within the scope of their duties.

​

The material is not disclosed to third parties, unless required:

• by a legal obligation,

• following a request by a competent supervisory, administrative or judicial authority, or

• for the establishment, exercise or defense of the Company’s legal claims.

​

7. Transfers outside the European Union

​

No transfer of personal data to third countries outside the European Union or to international organizations takes place.

​

8. Data Retention Period

​

Image data collected are retained for seven (7) days, after which they are automatically deleted.

If, within this period, a security incident is identified, a relevant segment of the video is isolated and retained for up to one (1) additional month for the purpose of investigating the incident and initiating legal actions to protect the Company’s legitimate interests.
Where the incident concerns a third party, the relevant video may be retained for up to three (3) additional months.

​

9. Data Subjects’ Rights

​

Data subjects have the following rights:

• Right of access: You have the right to know whether your image is being processed and, if so, to receive a copy thereof.

• Right to restriction: You have the right to request restriction of processing, for example to prevent deletion of data that you consider necessary for the establishment, exercise or defense of legal claims.

• Right to object: You have the right to object to the processing.

• Right to erasure: You have the right to request the deletion of your data.

​

Rights may be exercised by submitting a relevant request to the Data Controller or the DPO by email to the above contact details.

​

In order to process a request relating to your image, you will be asked to indicate approximately when you were within the range of the cameras and to provide an image of yourself, to facilitate identification of your data and the masking of third parties’ images. Alternatively, you may attend the Company’s premises in order to view the images in which you appear.

 

Please note that the exercise of the right to object or erasure does not automatically result in immediate deletion of data or modification of processing. In all cases, you will receive a reasoned response as soon as possible and within the time limits set by the GDPR.

​

10. Right to Lodge a Complaint

​

If you believe that the processing of your personal data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority.

​

The competent supervisory authority in Greece is the Hellenic Data Protection Authority,
1-3 Kifisias Avenue, 115 23 Athens
Website: https://www.dpa.gr/
Tel.: +30 210 6475600

​

11. Availability of the Notice

​

This second-level privacy notice:

• is available in printed form at the Company’s premises, and

• is provided electronically through the Company’s website or via reference (URL and/or QR code) from the first-level CCTV signage.

​

​