Camera Monitoring Policy

Homepage Camera Monitoring Policy

With the aim of protecting and implementing additional security measures for our buildings and assets, employees, and visitors, Banka Kombëtare Tregtare SH.A. (hereinafter "the Bank" or "BKT") operates a Video Surveillance system (camera monitoring system).

This Camera Monitoring Policy, together with Annex No. 1, defines how, why, and when the video surveillance system is used, as well as the controls and security measures applied by the Bank.
Personal data processed through the video surveillance system in all areas where the Bank carries out its activities, including but not limited to Head Office, Branches, Agencies, and ATMs, and which make an individual (employee, client, third party, or visitor) directly or indirectly identifiable, are processed in accordance with Law No. 124/2024 "On Personal Data Protection."

 

The installation of cameras is carried out in such a way that it not only complies with the criteria set out in applicable laws and regulations, but also ensures compliance with the policies and standards of BKT and Çalik Holding.

Taking into account the legal requirements for monitoring premises where banking activities are carried out, the requirements for additional measures for public security, and the protection of the life and health of employees, clients, visitors, and property, the Bank has implemented a video surveillance system which has the following purposes:

  • Prevention, detection, and documentation of criminal activity and threats to order and security within the Bank's premises.
  • Investigation of criminal offences and other acts that compromise security.
  • Documentation and analysis of unauthorized entries into the Bank's premises.
  • Investigation of unauthorized access to restricted areas within the Bank's premises.
  • Monitoring of evacuation procedures to ensure the safety of staff, visitors, and contractors.
  • Monitoring of access routes and areas within the Bank where cash handling and cash-in/cash-out procedures are carried out.

The layout plan of security cameras for each facility is approved by the State Police structures in the territory where the facility is located.

In the framework of BKT's obligation towards all stakeholders, another objective of this policy is to inform them about how this type of processing is carried out and what technical and organizational measures are taken by the Bank to ensure secure processing in compliance with legal requirements.

 

In implementation of Law No. 19/2016 "On Additional Measures for Public Security," Regulation of the Bank of Albania No. 48, dated 02.10.2024 "On minimum security requirements in premises where banking and financial activities are carried out and for the transport of monetary values," as well as internal policies and regulations, the Bank conducts monitoring of its premises through surveillance cameras.

Taking into account the security and protection of the interests of staff, clients, third parties, and the Bank's property from evident risks, as well as in compliance with applicable legal provisions, the Bank is entitled to process images recorded by the video surveillance system.

The Bank also undertakes to strictly comply with the following legal framework:

  • Law no. 124/2024 "On Personal Data Protection".
  • Instruction no. 3/2025 "On the Processing of Personal Data by Video Surveillance Systems".
  • Instruction no. 20/2012 "On the Processing of Personal Data in the Banking Sector".
  • Instruction no. 46/2017 "On determining the level of security for the processing of personal data through security systems in implementation of Law No. 19/2016 "On Additional Measures for Public Security".
  • Instruction no. 633/2018 "On determining the level of additional security measures and the type of measures that must be taken by entities depending on their activity or risk assessment, as well as the procedures for their notification."
 

The Bank, in fulfilment of its legal obligation, shall inform data subjects in a clear and effective manner about video surveillance.

For this purpose, BKT follows a comprehensive approach consisting of a combination of the following methods:

  • Posters in accordance with the format in Annex No. 1, displayed in the Bank's premises, informing the public about monitoring and providing the necessary information regarding data processing.
  • Publication of this policy on the Bank's official website.
  • Displaying a QR code at the reception desk to allow visitors immediate access to this Policy. 
 

The video surveillance system processes personal data of various categories of data subjects, including but not limited to the following:

  • Clients
  • Employees
  • Visitors
  • Walk-in Customers
  • Third parties
 

The Bank implements appropriate technical and organizational security measures to protect personal data collected through the video surveillance system from accidental loss, alteration, disclosure, or unauthorized access, particularly where processing involves data transmission over a network, as well as against all other unlawful forms of processing. The storage and processing of data obtained from the video surveillance system is carried out in compliance with legal requirements.

Below are the security measures taken by the Bank:

  • The servers where recordings are stored are located in secure premises where additional security measures have been implemented.
  • Firewall systems have been installed to protect the technological infrastructure.
  • Necessary administrative measures have been taken both with respect to the Bank's personnel and third parties.
  • At the entrances of the Bank's premises, information signs are placed to notify data subjects of the existence of a surveillance system, in accordance with ANNEX No. 1.
  • Access management enables access only to staff whose function is strictly related to the processing of data obtained from the system.
  • The Bank ensures that the transmission and recording of data are carried out with full security measures in full compliance with the relevant legislation.
  • The Bank guarantees that the video surveillance system does not infringe the fundamental rights of individuals (clients, staff, third parties, or others) by interfering with their private life.
  • The Bank ensures that the viewing angle of the video surveillance cameras is set in such a way that it captures images strictly within the purpose for which the system has been installed.
  • The Bank ensures that any network transmission of data is carried out in encrypted form, with full access rights granted only to the data controllers and authorized recipients.
  • Cameras have been installed in staff working areas for security purposes and are positioned in accordance with the requirements set forth by law.[1]
  • Authorized persons who, in the course of their duties, become aware of the content of data recorded by the CCTV system are obliged to maintain confidentiality even after the termination of their employment. Access to such data is limited strictly to what is necessary for the fulfillment of their duties.
  • Every Bank employee is regularly trained on the secure use of personal data and on understanding their responsibilities and limitations in accordance with the requirements of the legal framework.

Prior to the installation of new video surveillance systems or any modifications to existing systems, the Bank conducts a compliance assessment with the applicable legal framework.

 

In the premises where the Bank carries out its activities, including its real estate properties or premises leased and used for business operations, archives, or storage areas, surveillance cameras are used for continuous monitoring. The following areas are designated for the installation of surveillance cameras:

With the exception of cases where, in order to comply with other regulatory requirements, monitoring includes specific workstations that are not intended for surveillance.

  • External façade areas of the Bank at the entrance to the interior premises.
  • Entrance to the interior premises / corridors.
  • Customer area, counters, and cashier/service areas.
  • Cash storage and handling areas (entrance and internal premises).
  • Document storage and administration areas (archives and entrance to internal premises).
  • Information technology systems areas (entrance and internal premises).
  • Areas around generators.
  • ATM operations.
  • Parking areas.
  • Elevators.
  • Access routes and internal areas of the Bank where cash receipt and delivery procedures are carried out.

Note: The installation of cameras is not permitted in areas such as toilets, changing rooms, lockers, or other similar spaces.

 

The technological tools and settings made available by the Bank for processing data obtained from the video surveillance system are standardized and user-friendly. The Bank adopts the highest technological and organizational standards to ensure that processing is carried out securely.

The video surveillance system is an integrated CCTV system that supports recordings from multiple cameras, each individually recording on a continuous basis. All cameras operate 24 hours a day, 7 days a week. The image quality must ensure high resolution and include infrared capability.

The criteria for the administration of the video surveillance system are:

  • The installatio nf cameras and the video surveillance system at BKT has been carried out in full compliance with legal requirements, following the internal standard procedure, and classifying areas based on their level of risk exposure.
  • Only the Administrator of the video surveillance system has full rights to the server and the applications responsible for granting access to the system, in accordance with the access matrix.
  • The final implementation scheme of the surveillance system, as well as any changes that may be required, must be approved by the relevant structures of the State Police.
  • The rights for online surveillance and for downloading footage from the installed camera system are granted only to authorized persons, and any access to the recorded data is documented for subsequent control and auditing purposes.
  • The Physical Security Department is also responsible for communications with state institutions that request video footage from surveillance systems, in accordance with Law No. 19/2016"On Additional Measures for Public Security."
  • The use of video footage for administrative investigations/inquiries is authorized only by the responsible person, who assigns the relevant personnel to carry out actions within the system.
 

The BKT video surveillance system is subject to periodic internal controls, except in cases where, due to significant changes, an assessment of the impact on personal data processing and compliance with applicable laws and regulations is required.

The installation and control of the video surveillance system are carried out by licensed companies trained by security camera manufacturers, in accordance with regulatory requirements.

In any case, a periodic overall assessment of the system is conducted with the aim of ensuring surveillance needs are met, verifying the existing system, and reflecting and ensuring compliance with any changes in applicable regulations.

 

The retention periods for recordings made by the video surveillance system shall be fully in compliance with the applicable legal framework and relevant regulations.

Data from the Bank's camera monitoring system are stored for 60 (sixty) days. Upon expiry of this period, all recordings are automatically deleted without the possibility of recovery.

In cases where, following a written request and for investigative purposes, video materials obtained from the system are made available to the relevant Authorities, the responsibility for their storage lies with the Authority from the moment the materials are handed over.

 

Individuals whose personal data are processed by the video surveillance system have the right, under Law No. 124/2024 "On Personal Data Protection," to be clearly informed about the existence and purpose of such processing, and to exercise the rights of access, objection, and deletion in relation to the categories of personal data processed. In any case, when fulfilling a data subject access request, the Bank shall take into account the protection of third-party personal data.

 

In the event of an incident involving personal data, such as damage, loss, or destruction, the Bank implements an immediate response plan led by the Information Security Department in cooperation with other involved structures. The Bank shall notify the Commissioner for the Right to Information and Data Protection within the legally prescribed deadlines and no later than 72 hours, and where applicable, the data subject whose data has been affected.

 

Requests for information regarding this policy may be sent to the following addresses:

Contact Method Details
Mail address Banka Kombëtare Tregtare sh.a. Rruga e Vilave, Lundër 1, Tirana, Albania
E-mail address info@bkt.com.al or/and dpo@bkt.com.al
Dedicated section on the website: Suggestion & Complains | Banka Kombetare Tregtare

In the event of dissatisfaction regarding the handling of the request by BKT, you always have the right to address the Office of the Commissioner for the Right to Information and Data Protection at the address Rr. "Abdi Toptani", building 5, Tirana. For more information, visit the Commissioner's website info@idp.al or call the Toll-free line 0800 20 50.

 

This Camera Monitoring Policy is subject to continuous review in order to reflect any necessary changes arising from technical, legal, or operational updates to the video surveillance system. Any update to this policy will be published on the Bank's official website.