GDPR - CCTV Disclaimer

Name and contact details of the responsible person
Hotel Vier Jahreszeiten Kempinski Munich
Maximilianstr. 17 - 80539 Munich - Germany

Contact details of the data protection officer
Dr. Charlotte Lauser
Dr.-Gerhard-Hanke-Weg 31 - 85221 Dachau - Germany

Purpose and legal basis of data processing
The purpose of video surveillance is to exercise our house rights, to prevent vandalism, to investigate thefts and to ensure the safety of our guests and staff. Access to the recording is exclusively occasion-related (investigation procedures, damage reports).
The legal basis is Article 6(1)(f) of the General Data Protection Regulation.

Legitimate interests pursued
Video surveillance serves the legitimate interest of protecting the guests, the employees and the hotel from from harm and to investigate any criminal offences. In addition, the Video surveillance also serves to ensure compliance with PCI DSS standards.

Storage duration or criteria for determining the duration
In areas with cashless payment transactions, we store the data for 90 days, in all other areas for a maximum of 30 days. Access to the recordings is limited to one person who is bound to confidentiality.

Recipients or categories of recipients of the data
Recording takes place exclusively on our own local servers. There is no data transfer abroad (also for data backup)!

Information on the rights of the data subject 
The data subject has the right to request confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right to information about these personal data and to the information listed in detail in Article 15 of the GDPR. 

The data subject has the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him or her and, where appropriate, the completion of incomplete personal data (Article 16 GDPR). 
The data subject has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the grounds listed in detail in Article 17 of the GDPR applies, e.g. where the data are no longer necessary for the purposes pursued (right to erasure). 

The data subject shall have the right to obtain from the controller the restriction of processing where one of the conditions listed in Article 18 GDPR applies, e.g. where the data subject has objected to the processing, for the duration of the controller's review. 
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. The controller shall then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims (Article 21 GDPR). 
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her residence, place of work or the place of the alleged infringement.

In Bavaria, the competent supervisory authority is: Bavarian State Office for Data Protection Supervision (BayLDA) - Promenade 18, 91522 Ansbach.

A printed version of the information sheet according to Art. 13 DSGVO is available at the reception.