Video Surveillance Information Policy

Latest information: 17/11/2025

This Policy describes the terms and conditions under which a video surveillance system (CCTV system) has been installed and operates in the offices of the limited liability company with the name “BESCONE.E.” and distinctive title “BESCON”, VAT number 802238600, which is based on KANTAKOUZINOU 48 , NICAE – AGIOU IOANNI RENTI / PIRAEUS, Postal code
18450 (hereinafter “or company”).

This Policy on recording personal data through a video surveillance system (hereinafter the “Policy”) aims to provide information and further information to visitors/customers/contractors/employees of the company (hereinafter the “subjects”), regarding the processing of their personal data under the aforementioned video surveillance system. This Policy also includes a description of the rights of the subjects with regard to the protection of their personal data and also explains what type of information the company collects in this context, as well as how this data is managed.
1. Responsible processing:

1.1. The Company “BESCON E.E.” is the Data Controller of your personal data, which it receives through the video surveillance system, in accordance with the General Data Protection Regulation 2016/679 of the European Union for Data Protection (General Data Protection Regulation, hereinafter referred to as “GDPR”), the Law 4624/2019, as in force, the relevant Directives of Data Protection Authority Personnel Character (hereinafter “APDPH”) (Leading 1/2011
“Use of video surveillance systems for the protection of persons and property”) and the relevant Directives of the European Data Protection Board ( Guideline 3/2019 on processing of personal data through video devices ).
1.2. The company has installed information signs in its offices, in accordance with the standards and relevant instructions of the Hellenic Data Protection Authority, where data subjects are clearly informed about the locations where recording cameras are located, as well as about the company’s contact details, so that anyone who wishes can send a request regarding the processing of their personal data (see below).
1.3. The Company processes the absolutely necessary data (data minimization) to protect the goods and persons in the supervised area of the company’s offices and does not further process personal data for purposes other than those predefined and those described immediately below.
2. Purpose processing and legal base:

2.1. We use a surveillance system for the purpose of protecting persons and property. The processing is necessary for the above purposes of legitimate interests that we pursue as a controller (Article 6, paragraph 1, point (f) of the GDPR). The company has a legal obligation to protect the high-value items it trades and their spare parts, the equipment located on its premises and especially the critical to its operational operation, information systems and the necessary for their operation, equipment. For this reason proceeds to installation closed circuit monitoring and specifically cameras, without an automatic rotation mechanism, with a fixed viewing angle, which will monitor exclusively the areas where technological equipment, high-value items, confidential company documents, the loading and unloading area, the warehouse, the repair shop area, with the aim of ensuring the physical security of the area, equipment, goods and employees.

2.2. Specifically, the installed video surveillance system (CCTV) records the movements of the subjects in the company’s offices as analyzed below:
1. The circuit is installed only for the protection of people and property.
2. The recording capabilities audio not are activated.
3. The video surveillance system is not used to monitor employees in their workplaces or to record the movements and habits of subjects, but only for easier supervision and security in the company’s common areas, where due to the high value of goods located within it, it is necessary to take measures, such as reviewing the area through a video surveillance system, in order to achieve the protection of the goods, assets, technological equipment, confidential company documents, merchandise and persons in the company’s supervised area.

3. Analysis legal interests

3.1. The installation of the video surveillance system and the way in which the data is collected and stored has been carried out in accordance with the principles of legality, necessity, proportionality and data minimization, as provided for in the GDPR. The legitimate interest of the company consists in the need to protect our premises and the goods located therein from illegal acts, such as, for example, theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the monitored premises. We only collect image data and limit the recording to areas where we have assessed that there is an increased possibility of committing illegal acts, e.g. theft, such as at the entrance, without focusing on areas where it may be limited excessively or private life of persons of whose
the image is taken, including their right to respect for personal data.
3.2. As mentioned, the legitimizing processing base of personal data recorded through the video surveillance system, is the art. 6 par. 1. letter f of the General Data Protection Regulation (GDPR). The processing is necessary for the purposes of the legitimate interests pursued by the company (protection of persons and property in the event of unlawful events). The company’s office premises and the property located therein must be protected from unlawful acts, such as, for example, material damage to the premises and the equipment, from him risk of theft of objects owned by the company or its employees or objects of third parties who visit the company. The same applies to the safety of life, physical integrity, health and property of personnel and third parties who are legally present in the monitored area.
3.3. The processing of personal data has been limited to the personal data strictly necessary to achieve the above processing purpose, namely only image data is collected and recording is limited to areas where it is assessed from the existing conditions that there is an increased likelihood of committing illegal acts, e.g. theft or expensive technological equipment or goods are found or for security reasons of employees (e.g. reception area – cash desk, workshop – repair shop, warehouse, goods loading-unloading area).
3.4. It is expressly noted that in Under no circumstances is focus placed on places where the privacy of the persons whose image is being taken may be excessively restricted, and in general where there may be the possibility of excessive interference with the personal data of the subjects.
3.5. Further, your We inform you that:

1. The system is not used for surveillance of employees within their workplaces. The data collected through the system will not be used for

monitoring the work of staff, evaluating employee behavior and efficiency.
2. The video surveillance system records movement in the monitored area in combination with the date and time during the days and times described below in No. -5-.
3.6. After weighing the interests of the natural persons whose personal data may be processed, and the legitimate interest of the Controller in the security of the monitored area and the protection of the rights of the persons present in the event of danger, due to the above, the latter appears to prevail.
4. Processing of data – Recipients

4.1. Access to the recording material is only possible for the legal representative of our company, Bessa Konstantinos, who is informed about the purpose of processing and the permitted use of personal data recorded by the video surveillance system.
4.2. In any case, the personal data recorded are not transmitted to third parties, except with the consent of the individuals depicted in the relevant files, with the exception of following cases: a) to the competent judicial, prosecutorial and police authorities when it includes data necessary for the investigation of a criminal act, which concerns persons or goods of the controller, b) to the competent judicial, prosecutorial and police authorities when they request data, lawfully, in the exercise of their duties, and c) to the victim or perpetrator of a criminal act, when it concerns data which may constitute evidence of the act.
5. Data recording via of video surveillance system

5.1. For the surveillance of the company’s facilities, they have also been installed are used cameras type «DOME AND BULLET» the which

support software for remote monitoring and which constitute the office’s video surveillance system.
5.2. The above cameras do not record sound, while, primarily, they monitor the following areas:
1. Ground floor of the building: A total of 6 cameras, which monitor the entrance – exit, the reception area, the cashier, the intermediate area, the office – work area, corridors, as well as the back area – repair shop, where the company’s goods are transported and repaired.
2. 1st floor (Attic) of the building: A total of 5 cameras, which monitor the office of the legal representative, the warehouse, as well as the spare parts area .
3. Exterior areas of the building: A total of 3 cameras, of which two (2) monitor the main entrance-exit door, one monitors the glass facade of the business and one (1) monitors an uncovered area of the company.
5.3. The cameras operate during working and non-working hours on a 24-hour basis.
5.4. It is explicitly stated that the cameras have been adjusted so that they do not focus in positions workers’ work and serve exclusively the safety of persons and property and are under no circumstances used to evaluate the work of the company’s employees.
5.5. The recording data consists of visual data, while the data and control of the system is accessible only from the mobile device of the above-mentioned legal representative of the company, who has the data collection – recording, data monitoring application installed and is accessible exclusively by him. The network allows the transfer of images, received from each camera in real time to the above application.
6. Time of observance of data recording
6.1. The retention period of personal data recorded by the video surveillance system is fifteen (15) days, after which they are automatically deleted, in accordance with the provisions of Article 8 of Directive 1/2011 of the Data Protection Regulation.
6.2. In the event that we detect any incident during this period in weight face or goods, we isolate part of video and we keep it for up to thirty (30) more days, for the purpose of investigating the incident and initiating legal proceedings for the defense our legitimate interests, while if the incident concerns a third party, the data is retained for up to three (3) more months.
7. Measure data security

7.1. OR company in frames her specific processing personal data, has taken the following applicable security measures:
1. The computers of subjects they have software protection from malicious software (antivirus).
2. Applicable measure physics protection of critical equipment used for processing (e.g. structured cabling).
3. Applicable policies security in level software for the preventing unauthorized access.
4. The information systems used in the processing context are maintained .
7.2. The above security measures implemented by the Company are updated either on a regular basis or on a case-by-case basis, due to any assistance emergency circumstances, so that these information security measures are always effective and provide the greatest possible degree of protection to the information and personal data that are processed, in accordance with the above.
8. Transmission of personal data

8.1. The company may transfer the personal data of the subjects only to third party service providers who perform tasks for account her Company, relative with their purposes where
are described in present Politics, in extent to which this it is necessary for the implementation of the purpose of the processing. In this case, the Company will take all necessary measures so that the above service providers are specifically authorized for this purpose and are fully bound by the confidentiality and obligations provided for in the legislation regarding the collection and processing of personal data.
8.2. In addition, your data may be transferred to public authorities as well as other third parties when required by applicable law, in accordance with the aforementioned provisions of this Policy.
9. Rights of subjects of the data

9.1. The Company, in order to maintain this data in accordance with the provisions of the General Data Protection Regulation 2016/679 and Law 4624/2019, takes all necessary technical and organizational measures for the secure processing of this data and to ensure the appropriate level of data security against risks such as destruction , loss, alteration, unauthorized disclosure/access, unauthorized reading-copying, modification or deletion of personal data, in order to ensure the confidentiality, integrity, security, availability and reliability of the processing systems and services on an ongoing basis.
9.2. The Company does not process the above data for purposes other than those mentioned above, and also processes only the personal data that is necessary for the purpose of each processing, which always takes place lawfully and in accordance with the spirit and terms of the General Data Protection Regulation. Regulation, Law 4624/2019 and applicable legislation.
9.3. The personal data processed by the Company are legally retained for the entire period necessary to fulfill the purpose. of processing. Upon expiry of this period the data is deleted except for if otherwise is defined from the current legislative and normative frame or

as required to defend the Company’s rights before a Court or other competent Authority.
9.4. Data subjects generally have all the rights provided for in Chapter III of the GDPR, and specifically:
1. Right of access: you have the right to know whether we are processing your image and, if so, this applicable, to receive a copy of it. The data subject has the right to access the video surveillance system data concerning him/her, by submitting a relevant request, in which he/she will indicate the exact time it was found within the range of the cameras and the location, as well as a recent good quality photo.
2. Right to portability: you have the right to receive the above data concerning you, in a structured, commonly used and machine-readable format.
3. Right to rectification: you have the right to request the correction of your data if it is inaccurate.
4. Right to restriction: you have the right to ask us to restrict processing, such as not deleting data that you consider necessary for the establishment, exercise or defense of legal claims.
5. Right to object: you have the right to object to the processing your image from the video surveillance system.
6. Right to erasure: you have the right to request that we delete your data, unless its retention is mandatory by law.
9.5. You can exercise your rights by sending an e-mail to info@besco n.gr or a letter to our postal address or by submitting the request in person at the office address. In order for us to consider a request related to your image, you will need to specify to us approximately when you were within range of the cameras and provide us with an image of you, to facilitate our identification of your your data and in the conceal of data third party

of the persons depicted. Alternatively, we give you the opportunity to come to our facilities to show you the images in which you appear. We also point out that the exercise of the right to object or delete does not entail the immediate deletion of data or the modification of the processing. In any case, we will inform you answer in detail the as soon as possible possible, within of deadlines which is defined by the GDPR.
9.6. Specifically, regarding the right to access and delete personal data, the following procedure is followed: The subject in question, can to addresses written request in the company, requested first of all, access to his recorded personal data, and if he wishes, he can request their deletion. The company will respond to the subject’s request within fifteen (15) days, at which time it will inform the subject about the progress of the request. his request as well as for its implementation. In the event of a request by the subject to delete his personal data, the The Company deletes the recorded personal data of the requesting subject, provided that there is no obligation or provision by law or any applicable regulatory framework that requires the retention of the recorded personal data.
9.7. Specifically, to exercise the above rights, as well as for any other information or questions regarding the processing of your personal data, data subjects can contact the following email address: info@bescon.gr .
9.8. If exercised any of the above rights (except for the right to access and delete data, as explained above) of the subject, the Company will take every possible measure to satisfy the said request within thirty (30) days of its receipt, at which time there will be relevant information on its progress. These rights are exercised at no cost to the subject, except and if are repeated often and because of volume entail for the

company administrative costs, so the applicant will be charged with the relevant costs.
9.9. Furthermore, the Company will inform the subject of any breach of his/her personal data, in case such breach is likely to pose a high risk to his/her rights and freedoms and provided that this does not fall under one of the exceptions expressly provided for by law.
10. Right filing a complaint

10.1. If you believe that the processing of your data violates Regulation (EU) 2016/679 or you believe that your rights regarding the processing of your personal data are being violated and you are not satisfied with the response of the company as controller, you have the right to submit a complaint to the supervisory authority.
10.2. The competent supervisory authority for Greece is the Data Protection Authority, Kifisias 1-3, 115 23, Athens, https://www.dpa.gr/ , tel.
2106475600, email: contact@dpa.gr ).

11. Changes in the present policy

11.1. The Company reserves the right to modify this at any time. Policy. The changes in the present Policy will are published on the website https://www.bescon.gr/ , while this Policy is also available in printed form at the company’s offices. The subject should review the Policy for any changes or additions and the Company is not obliged to inform each subject individually about their rights .