Data Controller Information

Data Controller: Aristotle University of Thessaloniki (AUTh)

Controller Contact Details: Safety & Protection Unit, map@auth.gr
Aristotle University of Thessaloniki
University Campus
54124 Thessaloniki, Greece

Data Protection Officer: data.protection@auth.gr

Purpose and Legal Basis of Processing

At Aristotle University of Thessaloniki (AUTH), we have installed a vehicle access control system. The personal data collected are processed for the protection of your life and physical safety, as well as for the protection of our movable and immovable property, in accordance with the duty assigned to us under Article 225 of Law 4957/2022.

For this purpose, we have installed a monitoring system to manage controlled vehicle access to the university campus. The monitoring system does not collect images and does not record individuals. Automatic Number Plate Recognition (ANPR) cameras use Optical Character Recognition (OCR) technology to convert the image of a vehicle license plate into text.

Locations of ANPR Cameras and Operation of the Vehicle Access Control System

At the main entrances and exits of the university campus located:

• on Egnatia Street
• on Agiou Dimitriou Street

In addition:

• at the underground parking area of the Administration Building
• at the outdoor parking area of the Administration Building
• at the outdoor area in front of the Ceremonial Hall

Planned extensions:

• at the AHEPA Hospital parking area (Paraplegic Building)
• at the student outdoor parking area on 3rd September Street
• at the School of Forestry and Natural Environment parking area at Finikas area of east Thessaloniki

Information signs are installed at all locations where ANPR cameras operate.

Categories of Data and Data Subjects

Automatically collected data:

• Unique Beneficiary Number (UUID)
• Vehicle License Plate Number
• Date and Time of Entry
• Date and Time of Exit
• Parking Zone

Upon request:

• Full Name
• Contact Telephone Number
• Vehicle Registration Number

Data Retention Period and Recipients

The data we collect are stored for fifteen (15) days on the servers of the AUTH Digital Governance Unit and are then deleted.

If, during this period, we identify an incident involving a violation of the controlled entry-exit system, we isolate the relevant data through the management application and retain them for up to one (1) additional month for the investigation of the incident and the initiation of legal procedures. We may keep this material for a longer period if we consider it necessary for the establishment, exercise, or defence of legal claims.

We do not disclose or transfer your personal data to third parties, except to Judicial and Law Enforcement Authorities when they lawfully request them in the performance of their duties, or to persons involved in a criminal act when the requested data may constitute evidence of that act.

Access to anonymised data is granted to the company that provides technical support for the operation of the access control system and to authorised university employees responsible for monitoring the management application of the vehicle access control system.

Technical and Organisational Measures

We take all appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, including:

• authorised staff access
• confidentiality obligations
• a personal data processing agreement with the company providing technical support for the access control system
• firewall protection on the VLAN networks of the controlled access points
• access control through user credentials for entry to the management application
• log files
• appointment of a Vehicle Access Control System Manager and a Data Protection Officer (DPO)

Your Rights and How to Exercise Them

You have the following rights regarding your personal data:

Right of Access:
You may ask whether we process your data and, if so, receive information about the processing and a copy of your data.

Right to Restriction:
You may request that we restrict the processing of your data. In such a case, we will only store the data and process them with your consent, for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person.

Right to Object:
You have the right to object to the processing. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims.

Right to Erasure:
You may request the deletion of your data.

You may exercise your rights by submitting a written request via email to map@auth.gr or by sending a written application to:

Aristotle University of Thessaloniki
University Campus
54124 Thessaloniki, Greece

If we have reasonable doubts regarding the content of your request or your identity, we may ask you to provide additional information.

To enable us to satisfy your request, it is necessary for you to specify as accurately as possible the controlled access point and the time when you entered and/or left the university premises, in order to help us locate your data.

The processing of personal data described above is necessary for the operation of the vehicle access control system on the university campus. Therefore, if you object to this processing or request that it stop, it will not be possible to grant access for your vehicle to the university premises.

Right to Lodge a Complaint

If you believe that your personal data or your rights are being violated, you may contact the AUTH Data Protection Officer at: data.protection@auth.gr

If you do not receive a satisfactory response, you may submit a complaint to the Hellenic Data Protection Authority through its website: https://www.dpa.gr/

Other contact details of the Authority are:

1-3 Kifisias Avenue
115 23 Athens, Greece
Tel.: +30 210 6475600
Email: contact@dpa.gr