VIDEO SURVEILLANCE INFORMATION NOTICE (CCTV)
Medusa Hotel International S.R.L., with its registered office in Bucharest, 14A Jandarmeriei Street, District 1, registered with the Trade Register under no. J1994021129406, VAT no. RO 6505878, Phone 0744 332 155, uses a video surveillance system (CCTV) for the following purposes:
• protecting the life, integrity, and safety of employees, clients, visitors, and partners;
• protecting the company’s assets and property;
• preventing and investigating security incidents;
• complying with legal obligations regarding the security of premises (Law no. 333/2003 and Government Decision no. 301/2012).
The recorded images are not used for other purposes, such as monitoring employee performance or assessing work activities.
2. Categories of Data Processed
Through the video cameras, the following data are processed:
• video images of individuals present in monitored areas;
MEDUSA HOTEL INTERNATIONAL S.R.L.
• images of vehicles and visible license plate numbers within the camera coverage area. No special categories of data as defined by Article 9 of the GDPR (e.g., health data, religious beliefs, political opinions, etc.) are processed, and no facial recognition or automated profiling technologies are used.
3. Legal Basis for Processing
The data processing is based on:
• Article 6(1)(f) GDPR – the legitimate interest of the controller to ensure the security of persons and property;
• Article 6(1)(c) GDPR – legal obligation, insofar as the security plan is approved by the police authorities under Law no. 333/2003 and Government Decision no. 301/2012.
4. Monitored Areas
Video cameras are installed in the following locations:
• interior: reception, hallways, access routes, and common areas;
• exterior: courtyard, parking lot, and access pathways.
Restrooms, changing rooms, and other spaces intended for private use are not monitored.
5. Storage Period
Video recordings are stored for a maximum of 30 days, after which they are automatically deleted through overwriting.
In justified cases (e.g., security incidents or requests from competent authorities), the storage period may be extended for the time necessary to resolve the situation.
6. Data Recipients
Access to video images is restricted and limited to:
• authorized Medusa Hotel International staff from the IT, Security, and Concierge departments;
• the contracted security service provider;
• competent public authorities (police, judicial bodies), exclusively based on a written and justified legal
request.
7. Data Transfer
The data are not transferred to recipients other than those mentioned above and are not transferred outside the European Union or the European Economic Area.
MEDUSA HOTEL INTERNATIONAL S.R.L.
8. Rights of Data Subjects
In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights:
• the right to be informed (Articles 13–14 GDPR);
• the right of access to images in which you appear (Article 15 GDPR);
• the right to erasure (“right to be forgotten”) and restriction of processing (Articles 17 and 18 GDPR), within the limits of the law;
• the right to object (Article 21 GDPR) if you believe that the processing unjustifiably affects your rights and freedoms;
• the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) (Article 77 GDPR) or to appeal to the courts (Article 79 GDPR).
Requests regarding the exercise of these rights can be sent in writing to the DPO contact details below.
9. Data Security
Medusa Hotel International has implemented appropriate technical and organizational measures to ensure the confidentiality and security of video recordings:
• restricted access based on user accounts and passwords;
• data storage on secure DVR/NVR devices located in locked rooms;
• access auditing and logging;
• regular training of authorized personnel;
• confidentiality agreements signed by persons with access rights.
10. Contact
For any questions or requests regarding data processing through the video monitoring system, please contact:
Data Controller: Medusa Hotel International S.R.L.
• E-mail: office@stejariicountryclub.ro
• Tel: 0744 332 155
Data Protection Officer (DPO):
SC BOCASOFT SRL
• E-mail: dpo@stejariicountryclub.ro
This information notice is available at the reception and on the company’s official website and complements the information displayed on signs in monitored areas.