VIDEO SURVEILLANCE PRIVACY
Privacy Notice Pursuant to Article 13 of EU Regulation 2016/679 – Video Surveillance
1. Introduction
Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter “GDPR”), we hereby inform you that the personal data collected through the video surveillance system operating at:
- Hotel Villa Pamphili – Via della Nocetta 105, 00164 Rome (RM)
(hereinafter the “Premises”) are processed by Aries Group S.r.l., headquartered at Via Lampedusa 11/A, 20141 Milan (MI), VAT no. 11337310962 (“Aries” or the “Data Controller”), in accordance with this notice, the authorization of the INL, and applicable laws.
2. Purpose of Processing
Personal data, consisting of images of individuals captured by the video surveillance system, are processed solely to protect the corporate assets of the respective Premises and to ensure the safety of individuals and activities taking place therein. The system also serves as a deterrent against potential criminal acts.
Footage is accessed exclusively by duly authorized personnel and solely for the purposes stated above.
3. Legal Basis
The legal basis for processing is the Data Controller’s legitimate interest in protecting the corporate assets and ensuring the safety of individuals and activities on the Premises.
4. Processing Methods and Types of Data Collected
The video surveillance system operates continuously, 24 hours a day, seven days a week, year-round.
Only video recordings are collected; no audio is recorded.
Surveilled areas are clearly marked with appropriate signage.
Access to footage is strictly limited to authorized personnel.
A detailed list of camera locations is available at the reception desk of each property for consultation.
5. Data Processing Procedures
Personal data is processed by the Data Controller in compliance with applicable legal requirements.
Data is managed using both manual and electronic methods designed to ensure security and confidentiality.
Only trained personnel or contracted service providers—operating under a legally binding agreement—may access the data.
6. Data Retention
Recorded images are retained for a maximum of 24 hours, unless extended retention is necessary due to holidays, periods of inactivity, or requests from law enforcement or judicial authorities.
After the retention period, recordings are automatically deleted from the system.
7. Data Disclosure
Personal data collected via the video surveillance system is not disseminated.
Disclosure to third parties occurs only to achieve the purposes outlined above or to fulfill legal or contractual obligations.
Possible recipients include:
- Providers responsible for managing, maintaining, or administering the video surveillance system
- Security service providers
- Professional consultants, including legal advisors
- Regulatory, supervisory, or judicial authorities
Where these entities act independently of the Data Controller, they are identified as separate data controllers.
8. Data Transfers
The Data Controller does not transfer personal data to countries outside the European Economic Area or to international organizations.
9. Data Subject Rights
Under Articles 15 to 22 of the GDPR, individuals whose personal data is processed may exercise the following rights, free of charge and at any time, subject to legal conditions:
- To confirm whether personal data concerning them is being processed
- To obtain information on the purposes and methods of processing
- To access their personal data
- To obtain a copy of their personal data and information on its storage location
- To request updates, corrections, or additions to the data
- To request deletion of the data in accordance with Article 17 GDPR
- To object to data processing
- To lodge a complaint with the national supervisory authority (in Italy: the Garante per la Privacy – www.garanteprivacy.it)
- To request portability of their personal data
- To request restriction of processing pursuant to Article 18 GDPR
Requests may be submitted by email to: privacy@ariesgroup.it.