Privacy Notice

Activity: Video Surveillance System Operation

The vehicle parking facilities at Athens International Airport “Eleftherios Venizelos” (P1, P2, P3, Valet, coach parking lot, Main Terminal Building curbside) are subject to monitoring by cameras of a dedicated Closed-Circuit TV System (CCTV) that has been permanently installed, in full operation, with live streaming in dedicated screens and integrated recording system.

  1. Data Controller: "Athens International Airport S.A." (AIA) with corporate seat at Spata Attica, Administration Building (B17), P.C. 190 19. 

    AIA’s Data Protection Officer may be contacted via e-mail at [email protected] and via correspondence to the postal address: Manager, Data Protection & Compliance Athens International Airport S.A. Administration Building (B17)
    In parallel  with ΑIA, Hellenic Police - Athens International Airport Policing Division (Airport Police) has real-time access to CCTV system with simultaneous viewing and recording, using the same technical means and resources.  Airport Police is the competent State Authority for the prevention, investigation, detection and prosecution of criminal offenses and the execution of criminal sanctions, including protection against threats to public security and their prevention, in accordance with Law 4624/2019 and Directive (EU) 680/2016. 

  2. Purpose and lawfulness of processing: The processing of personal data via CCTV applies as a measure to ensure the efficient operation, safety and security of parking facilities, as well as the prevention and evidencing of unlawful actions against persons, equipment and goods in the areas under surveillance, thus minimizing risk of unlawful actions. 

    AIA holds the right of usufruct over the Airport Site, as constituted by the Greek State under the Airport Development Agreement, ratified by L. 2338/1995, amended and further ratified by L. 4594/2019. Within this regulatory framework, AIA is the competent entity for the management of airport operations and therefore is legally obliged to ensure airport safety and security, in compliance with the applicable legislation, including National Civil Aviation Security Regulation (NCASR) and the Technical Guidelines issued and updated by the Hellenic Civil Aviation Authority (HCAA).  

    Data processing is appropriate and necessary for compliance with the legal obligations - under the ADA and the ratifying laws - to which AIA is subject, but furthermore is necessary for the purposes of the legitimate interests pursued by AIA, aiming to ensure safety, security, and efficiency at the Airport, for both travelers and visitors.  

  3. Data Processors: The CCTV system is operated by specialized personnel (operators) of the company “Cityzen Parking and Services S.A” located at Athens 14563, Kifissias Ave. 297 & Tzouna 1, being the Managing Director of the airport parking facilities, as per related contract. The operators are trained to safeguard the uninterrupted and efficient system operation; they monitor and assess the information gathered to ensure the protection of infrastructure and individuals within.  

    The company “Space Hellas”, located in Athens, Mesogeion Ave. 312, 15341 provides system maintenance and support services.

  4. Security of Processing: AIA, in cooperation with the Managing Contractor, apply adequate organizational and technical measures to enhance system resilience and safeguard confidentiality, integrity and availability for the period data is retained. Data storage is performed within European Economic Area. The system infrastructure is in designated facilities within the airport with restricted access, under the accountability of the Management Contractor. Recorded visual data is stored in an encrypted environment and processed by authorized users having individual access levels thereto. 

  5. Data retention: The recorded material is retained in the system for a period of fifteen (15) days, provided that in the aforementioned time no incident has been identified or reported that justifies data export and storage in separated area. 

    In the event of an incident affecting AIA’s assets or persons of the AIA or a security incident, the data is kept in a separate electronic file for a period of thirty (30) days. If the incident concerns a third party, the AIA may keep the relevant data in a separately for three (3) months. 

    Note: AIA may retain data for the duration of any period necessary to establish, exercise or defend any legal rights. 

  6. Data subject rights: Legislation in force provides rights to be exercised by the data subjects. Requests for information, access, transfer or deletion shall be addressed by the data subjects to AIA’s Data Protection Officer. Still, the exercise of any of the rights is subject to applicable regulatory, or operational restrictions by AIA. 

  7. Right to lodge a complaint and have legal protection: The data subjects may submit a complaint to the Hellenic Personal Data Protection Authority (www.dpa.gr) or seek legal remedy if they consider that data processing does not comply with the current legislation.