PRIVACY NOTICE

CCTV (Closed Circuit Television) data

Last updated on 12/05/2022

This Privacy Notice describes the video surveillance system at Crowne Plaza Antwerp (hereinafter — the “Hotel”) and the safeguards adopted by Holcro NV with registered office at Gerard le Grellelaan 10, 2020 Antwerp, Belgium (hereinafter — the “Data Controller”) to protect Your personal data. The processing of Your data in the context of video surveillance by the Data Controller is based on the Belgian Camera Act of 21 March 2007 (as amended) and the Regulation 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter — the “GDPR”).

Purposes of personal data processing

The Data Controller collects data through the CCTV system for various reasons:

1. To ensure the security of the building, the safety of Data Controller’s staff, guests and visitors, as well as property and information located or stored on the premises;
2. To prevent, deter, and if necessary, investigate unauthorised physical access, including unauthorised access to secure premises and protected rooms, IT infrastructure, or operational information;
3. To prevent, detect and investigate a theft of equipment or assets owned by the Data Controller, guests, visitors or staff, acts of vandalism or threats to the safety of guests, visitors and personnel of the Hotel (e.g. fire, physical assault).

The CCTV system is not used for any other purpose, such as to monitor the work of employees or their attendance. The cameras are aimed to give a general overview of what is happening in certain places relevant to the security of the premises.

The purpose of data processing is not to recognise people unless a security or data protection incident is involved. The system is not used as an investigative tool or to obtain evidence in internal investigations or disciplinary procedures unless a security or data protection incident is involved. In exceptional circumstances, the data may be transferred to internal and external compliance (e.g. to the police), security or investigatory bodies in the framework of data protection compliance, a formal disciplinary or criminal investigation.

The CCTV cameras are installed at various places at the Hotel such as (i) at the entrance to the Hotel (incl. staff entrance), (ii) inside the Hotel (incl. at the reception, in the lobby, in the meeting lounge, in the breakfast room, in the restaurant, in the AnnA Living x Bar , in the fitness room & Octopus swimming pool, at the entrance to Octopus Event Pool) and (iii) in the parking.

Legal basis for personal data processing

The Data Controller uses video surveillance equipment for security purposes, which is a legitimate interest of the Data Controller under Article 6.1.f of the GDPR.

Where cameras are used, there is a clearly visible, on-the-spot sign with the contact information of the Data Controller and the Data Protection Officer. The CCTV Privacy Notice with more information on video surveillance activities is available at our Reception/Front Desk or upon request.

Information the Data Controller collects from You

The Data Controller only collects images caught on camera, no sound or voice is recorded.

Special categories of personal data

The CCTV System is not used by Data Controller to collect and/or process any special categories of personal data, as defined in Art. 9 GDPR: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (when processed for the purpose of uniquely identifying individuals, through appropriate technology, e.g., fingerprint scanners), data concerning health or data concerning a natural person’s sex life or sexual orientation.

Contact details of the Data Controller

The Data Controller is responsible for the processing of Your personal information. Contact details of the Data Controller:

Holcro NV
Gerard le Grellelaan 10, 2020 Antwerp, Belgium
Tel.: +32 3 259 75 00
Email: info@cpantwerp.com

Recipients of the personal data
The video images and streaming can be accessed only by General Manager and Fire-Life& Safety Manager.
Access to the hard-disk video recorder is highly limited, being protected by a password. The data cannot be accessed without the authorisation of General Manager and/or Fire Life and Safety Manager.

Data transfers
The Data Controller does not sell or otherwise disclose Your personal data collected for this purpose to third parties. Only government officials (e.g. police, fire department, judicial department etc.) can – only when required by law – request and receive access to the data footage.

Retention period
The Data Controller retains the personal data processed no longer than necessary for the purpose for which it was collected (including as required by applicable law or regulation). The recorded data is erased automatically after a period of maximum 30 days when it is automatically overwritten by a new video footage.

Your rights under the GDPR
As a data subject, under the GDPR You have certain rights over Your personal data and data Data Controller is responsible for fulfilling these rights.

Right of access
You have a right of access to personal data held by Us as the Data Controller. This right may be exercised by emailing Us at info@cpantwerp.com.We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (as a general rule, within 30 days).

Right to rectification
Modifying the CCTV footage is not allowed. However, You can modify the report written in connection with a security incident, if applicable in Your case.

Right to erasure
You have the right to delete Your data at any time by sending an email request to info@cpantwerp.com when the processing activity is unlawful.

Right to object
You have the right to object at any time by sending an email request to info@cpantwerp.com, when You have legitimate reasons relating to Your particular situation. The Data Controller will address Your request within 30 days from the receipt of the request.

This privacy statement is intended to provide information about what personal data We collect about You and how it is used. Along with the rights of access and amendments referred to above, individuals also have other rights in relation to their personal data We hold, such as a right to restrict processing of personal data and the right to data portability.

If You wish to exercise any of these rights, please send an email to info@cpantwerp.com.

Complaints
You have a right to complain about Our use of Your personal data. In order to do so, please send an email with the details of Your complaint to our DPO:

CRANIUM NV
Excelsiorlaan 43, 1930 Zaventem
Email: info@cpantwerp.com

You also have the right to lodge a complaint with the Belgian Data Protection Authority: www.gegevensbeschermingsautoriteit.be

Security of personal data
The Data Controller is committed to protecting the security of Your personal data. Therefore, We use several security technologies and procedures to help Us protect Your personal data from unauthorised access, use or disclosure. We keep Your data on video and computer systems that are limited in access and are in controlled facilities.

Updates of the CCTV Privacy notice
We may amend or update this Privacy notice from time to time to reflect changes in Our practices with respect to the processing of Your personal data, or changes in applicable law.