CCTV surveillance

The Data Controller is:

Ente turistico del Luganese 
Via Giovanni Nizzola 2
6900 Lugano

Any questions regarding data protection or the way in which personal data is processed may be addressed in writing to the aforementioned contact details or by email to:
privacy@luganoregion.com

We process the following personal data, which is collected by means of video recording equipment:

• video recordings from surveillance cameras and technical information or metadata, e.g. location and time of recording.

Video recordings may cover:

• areas outside buildings limited to the property owned or rented by the Data Controller;
• neighbouring properties or public places, in very limited circumstances and only if video surveillance cannot take place without including them in the footage;
• internal areas considered of importance for security, such as building access points, automatic or staff-supervised cash registers, and safe rooms.

Recordings may be made either in continuous mode (24/7) or when motion is detected. No sounds or conversations are recorded.

All areas subject to video surveillance are clearly indicated by a sign with the surveillance camera pictogram.

The legal basis for the processing is the legitimate interest of the Data Controller (overriding interest). In the case of handing over images to judicial bodies, the legal basis is the legal obligation.

The images obtained from video surveillance equipment will be processed for the following purposes:

• protection of movable and immovable property;
• prevention of possible vandalism, damage and theft;
• verification in cases of disputes relating to cash transactions or cash discrepancies at the end of a shift;
• monitoring access to buildings and preventing unlawful or unauthorised access;
• supervision of sensitive areas, e.g. safe room, server room;
• safety of employees, customers and visitors;
• investigation of accidents, thefts or robberies.

Ente turistico del Luganese, as Data Controller and employer, protects the welfare and privacy of its employees (Art. 328 CO and Art. 30 of theFederal Act on Data Protection, FADP). None of the systems used are employed in any way as a tool for remotely monitoring the work activity of employees and anyone working in various capacities at the different sites.

Images and recordings will be processed solely by personnel explicitly authorised by the Data Controller and only insofar as they require the data to perform their duties and in full compliance with the principles of theFederal Act on Data Protection (FADP).

Authorised persons may be employees or collaborators of the Data Controller or other entities acting as Data Processors or Independent Data Controllers, such as security companies or video surveillance system maintenance companies.

In the event of judicial investigations or inquiries, images and recordings acquired by video surveillance may be surrendered to the competent authorities in order to comply with legal obligations.

The Data Controller has implemented appropriate technical and organizational measures to protect personal data and, in using video surveillance systems, follows the provisions and guidelines of the Federal Data Protection and Information Commissioner (FDPIC).

Recipients are required to comply at all times with the obligation of confidentiality and applicable data protection legislation and to put in place appropriate technical and organizational measures to ensure the security of personal data and protect it from unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access.

We process and store images and recordings captured by video surveillance exclusively on servers in Switzerland.

Access to image recording equipment and servers is strictly limited to authorized personnel.

We store images and recordings captured by video surveillance only for the time necessary for the purposes of processing. In principle, this is for a period of 7 days from the time the data is collected.

We store images and recordings for a longer period if we are legally or contractually obliged to do so, or if we have a legitimate interest in doing so (e.g., for the exercise or defence of legal claims until the expiry of the limitation period).

At the end of the specified storage period, the data is deleted by automatic overwriting.

• You have the right to obtain information on the processing of your personal data.
• You have the right to request the amendment, deletion, and restriction of your personal data and to object to the processing of that data.
• If you believe that your rights or data protection requirements have been violated, you are entitled to lodge a complaint with the relevant supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

Requests and inquiries regarding these rights can be sent to the aforementioned contact details of the Data Controller.

It should be noted that the deletion/anonymization of images of a single person in a footage may be technically difficult or impossible to perform. If the only alternative is to delete the entire recording or video fragment, this would defeat the very purpose of video surveillance. Therefore, we will do our best to respond to your requests, while remaining within the scope of what is technically reasonable and proportionate.

We reserve the express right to amend this policy at any time to ensure that it is always both up-to-date and compliant with current legislation.