The herein Policy describes the terms and conditions, under which a closed circuit television system (CCTV system) has been installed and is in function in Alimos Marina by the company “DEVELOPMENT OF NEW ALIMOS MARINA CONCESSION SINGLE MEMBER SOCIETE ANONYME” and with the distinctive title “DEVELOPMENT OF NEW ALIMOS MARINA SINGLE MEMBER S.A.”(based in Kifissia, Attica, 25 Ermou Street, VAT Number 801197209, Trade Registry number  No. 151536301000), (hereinafter the “Company”).
The Company has concluded the Concession Agreement dated 13-05-2020, granted the right to use, operate, manage and exploit the mobile  and / or real estate  assets within the land and / or sea zone of Alimos Marina, for a time period of forty (40) years (the “Project” or “Concession”) with the Hellenic Republic Asset Development Fund (“HRADF”), the Greek Republic (“GR”) and the Hellenic Public Properties Company (HPPC), under the specific terms and conditions described in the Concession Agreement and in the other contractual documents that have been signed for the Project, whereas since 01/01/2021 (“Date of Commencement of the Concession”), the company “DEVELOPMENT OF NEW ALIMOS MARINA SINGLE MEMBER S.A.” is the successor party for the operation and management of Alimos Marina.
This Policy of recording personal data via video surveillance system (hereinafter the “Policy”), aims to provide information and further briefing to visitors/users/customers/counterparties/ employees of Alimos Marina (hereinafter “the Users”) regarding the process of their personal data, due to the aforementioned video surveillance system. Moreover, this Policy includes a description of the rights of Users of Alimos Marina, regarding the protection of their personal data and also explains what  kind of personal information the Company collects in this context, and how this data is handled.


The installed video surveillance system (CCTV) records the motions of the incoming data subjects, in the area of ​​Alimos Marina as analyzed below:
The circuit is installed only to protect people and property.
Audio recording capacity is not enabled.
The video surveillance system is not used to monitor employees at their workplace or to record the movements and habits of the Users of Marina, except for easier monitoring and security in its public areas, where, due to the high value of assets located within the Marina, it is obligatory  to take measures, such as monitoring he area through  video surveillance system, in order to achieve the protection of goods, merchandise, assets and persons in the supervised area of ​​Alimos Marina.


The Company is the Controller of your personal data, received through the video surveillance system, according to the General Regulation 2016/679 of the European Union (General Data Protection Regulation, hereinafter referred to as “GDPR”), Law 4624/2019, as in force, the relevant Guidelines  of the Hellenic Data Protection Authority(HDPA) (Guideline 1/2011 “Use of video surveillance systems for the protection of persons and property”) and the relevant Guidelines of the European Data Protection Board (Guideline 3/2019 on processing of personal data through video devices).
The Company has installed in several key spots in the public areas of Alimos Marina,  informatory signs,  according to the standards and relevant guidelines of the Hellenic Data Protection Authority, where the Users of Marina are thoroughly informed about the spots,  where recording cameras have been installed, as well as about the contact details of the Company, so that anyone shall send a query,  regarding the process of his personal data (see below under H).
The Company processes the absolutely necessary data (data minimization) for the protection of goods and persons in the supervised area of ​​Alimos Marina and does not process additional personal data, for scopes  other than the predetermined and described above.


The legal basis for the process of personal data, which is recorded via the video surveillance system, is articles  6.1.c and f of the General Data Protection Regulation (GDPR). The process is mandatory for the Controller’s compliance with his legal obligation, as per  the proper preservation and protection of the vessels, docking  in Alimos Marina (art. 3 of the General Regulation of Operation of Tourist Ports, Joint Ministerial Decision no. T/9803, no. 1323 B’/16-09-2003Government Gazette), as well as for the purposes of the legal interests pursued by the Company (protection of persons and property in case of illegal events).
The area  of Alimos Marina and the goods located within, must be constantly protected from illicit  acts, such as cause of body harm  or material damage to the port facilities, adjacent vessels, port equipment and personnel or to persons or  third parties assets. The same applies to the safety of life, physical composure, health, as well as to  the property of staff and third parties,  legally placed  in the supervised area.
The process of personal data is limited to the minimum, absolutely necessary extent, in order to achieve the a for mentioned scope  of process, i.e. only data of image is collected and the recording  is limited only to areas, which, due to the existing circumstances, are perceived  as highly dangerous for illicit acts to take place, e.g. theft.
It is expressly noted that, on areas where the privacy of the recorded persons, may be severely restricted, under no circumstances takes place camera focus,  and generally, when there may be high  possibility of excessive interference with the personal data of  the Users of Marina. Finally, upon balancing the interests of the  persons, whose personal data may be processed, and the legal interest of the Controller for the safety  of the supervised area  and the protection of the appearing persons’ rights, in case of danger, due to the previously mentioned, the latter  seems to prevail.


The process of the recorded personal data obtained via the video surveillance system, has been assigned by the Company, as the Controller, to the company “High Protection.” (hereinafter referred to as “G4S”), based in Eleusina, Attica, at El.Venizelou Street no. 15, P.C. 19200, with Trade Registry no. 009523501000, VAT no. 997731028 Tax Office: Eleusina). The company High Protection processes the recorded data as the Processor, under a contract signed between the Company and High Protection, where the terms and obligations of the parties, regarding the process of personal data, as set out in Articles 24 and 28 of GDPR, are thoroughly reported.
The access to the recording material, is restricted to Company’s and High Protection’s employees, specially authorized for that scope, whereas only specific and authorized employees of the Company and High Protection, have the permission to watch live footage.
The employees who are authorized to monitor the recording system, are aware of the scope of the process and the permitted use of personal data recorded by the video surveillance system, and are bound by relevant confidentiality and discretion clauses.
In any case, the personal data recorded, are not disclosed or transmitted to third parties, except only upon consent of the persons depicted in the relevant log files.
Excluding the aforementioned, your data may be transferred to public authorities as well as to other third parties, when required by applicable law, including the Company’s compliance with court decisions, and in the occurrence of illicit acts, where the competent judicial, prosecuting, police and / or port authorities, within the framework of their responsibilities, legally request data, which are useful in the context of investigation and preliminary examination of the above acts. In any case, the Company’s Data Protection Officer is immediately, respectively informed.


For the surveillance of the facilities of Alimos Marina, digital (IP) fixed bullet cameras, as well as mobile cameras (PTZ) with rotating capability, which support software for embedding image analysis algorithms (Video Content Analytics) and which compose  the video surveillance system of the Marina, have been installed and are in use  since 01/01/2021.
The aforementioned  cameras do not record sound while, mainly, they monitor the docks of boats (piers and quays), the  land area where the boats are located during winter period, and the surrounding area of ​​the Marina’s Headquarters. The data recorded  consist of visual data. The data and the control of the system, end up in a properly configured space at the Headquarters of the Marina, where the Control Room is located, in which the respective equipment for data collection-recording and camera surveillance are located, together with the work position of the guard-operator. The network allows the transfer of an image, received from each camera, in real time, directly to the equipment of the control center. The video-image data are encoded through  a compression algorithm and saved in the storage media.
The retention period of the  personal data recorded by the video surveillance system is ten (10) days, except in cases of acts against a person or property, where the respective  personal data for the specific event, are kept in a separate file for thirty (30) days.
Upon the expiration of the retention period, ie after the expiration of the aforementioned  ten (10) days, the personal data that have been recorded, are automatically erased.


The Company, in the context of the specific process of personal data, has taken the following applicable Data Security Measures:

  • The computers of the Users have antivirus software protecting them from malicious software.
  • Natural access control mechanisms are applied at the Marina facilities.
  • Physical protection measures of the critical equipment used for the process,  are applied (e.g. structured cabling, etc).
  • Measures of protection against natural disasters are applied (e.g. fire safety system, etc.).
  • User passwords for software supported by the surveillance system.
  • Implementation of  software-level security policies,  to prevent unauthorized access.
  • Maintenance of the information systems used in the context of the process.

The  aforementioned  security measures applied by the Company, are updated either on a regular basis or on an “ad hoc” (by case) basis, due to possible  emergency circumstances, so that these data security measures, shall  always be effective and provide the highest  possible degree of protection to the information and personal data being processed,  in accordance with the above reported.


The Company may transmit the personal data of the subjects, only to third party services   providers,  who perform services on behalf of the Company, as per the scopes described in this Policy, to the extent that this is necessary for the implementation of the scope  of the process. In this case, the Company will take all the necessary measures, so that the services providers, shall be specifically authorized for this purpose and completely bound by confidentiality, and the obligations pursuant to the legal framework, regarding the collection and process of personal data.
Moreover, your data may be transferred to public authorities, as well as to other third parties, when required by applicable law, pursuant to the provisions of point D of this Policy.


The Company, in order to preserve these data in accordance with the provisions of the General Data Protection Regulation 2016/679 and Law 4624/2019, takes all mandatory technical and organizational measures, for the secure process of these data, in order to ensure the appropriate security level of data against risks e.g. destruction, loss, alteration, unreasonable disclosure / access, unauthorized read-copy, modification or erasure of personal data, as well as the confidentiality, integrity, security, availability and reliability of the process systems and services, on an uninterrupted  basis.

The Company, does not process the above data for different scopes   than the aforementioned, and only processes the absolutely necessary personal data, for the scope of each process, which always takes place on a legitimate  basis and in accordance with the spirit and terms of the General Regulation, Law 4624/2019 and the effective legislation.
The personal data processed by the Company, are legally kept for the entire period necessary, for the fulfillment of the scope of the process. Upon the expiration of this period, the data are erased, unless otherwise specified by the applicable legal and regulatory framework oras required to defend the Company’s rights before a judicial  or other competent Authority.
As a data subject, anyone has, under specific terms, the right to access the recorded data concerning him, as well as the right to receive the above data, in a structured, commonly used and machine-readable format (portability right), the right of correction, in case  his data is inaccurate, the right of deletion of personal data concerning him, unless its preservation is mandatory by law, the right of restriction of process, the right of objection at any time to the process of the respective personal data, and in general all the rights provided in Chapter III of the General Regulation.

More specifically and particularly, as per the right of access and erasure of personal data, the below mentioned procedure is followed:

The respective data subject, shall address a written request to the Data Protection Officer (DPO) of the Company, by sending a mail to [email protected], requesting access to his recorded personal data, and if he wishes, he can request their erasure.

The Data Protection Officer shall  respond to the respective query of the data  subject within fifteen (15) days, when he will inform the subject about the progress of his request, as well as per its implementation. Upon the above query of the data subject regarding the erasure  of his personal data, the Company erases  the recorded personal data, unless, there is an obligation or provision that requires the preservation  of the recorded personal data, by the effective legislation  or the applicable regulatory framework.

To exercise your above rights and for any other information or questions regarding the processing of your personal data, you may contact the Data Protection Officer (DPO) of the company named “DEVELOPMENT OF NEW ALIMOS MARINA SINGLE-MEMBER S.A.” at the following e-mail address: [email protected].

In case any of the above rights, is exercised (apart from  the right of access and erasure of data, as analyzed above) by the respective subject, the Company shall  take all possible measures to satisfy this request, within thirty (30) days of its receipt, when there will be respective update on its progress. It is expressed  that the aforementioned deadline, can be extended for two (2) additional months, taking into account the complexity of the request, as well as the total number of requests in general. These rights are exercised at no cost for the data  subject, unless they are frequently repeated and due to their excessity, administrative costs are implied for the Company, in which case, the applicant will bear the relevant costs.
Furthermore, our Company shall  inform the subject about any violation of his personal data, in case it may endanger his rights and freedoms, and provided that it does not come  under one of the exceptions, explicitly provided by law.

In any case, the data subject has the right to appeal to the Hellenic Data Protection Authority (HDPA–Kifisias Avenue no. 1-3, P.C. 115 23, Athens, Telephone: 210 6475600, E-mail: [email protected], https://www.dpa.gr/) whether  he considers, that his rights regarding the process of his personal data are violated, and he has not been satisfied with the Company’s response, as the Controller.


The Company reserves the right to amend  this Policy at any time. The amendments in this Policy, will be published on the Website www.alimos-marina.gr, while the Policy is also available in printed form at the Headquarters of Alimos Marina (Administration Offices). The User must review the Policy for any amendments or additions, and the Company has no obligation to inform each User individually regarding  his rights.