THE CROWN OF CRUCIS
1. Policy statement
1. Policy statement
- 1.1 We believe that CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise that this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems are personal data which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff, relating to their personal data, are recognised and respected.
- For the purposes of this policy, the following terms have the following meanings:
- CCTV: means fixed and domed cameras designed to capture and record images of individuals and property.
- Privacy Statement: The Crown of Crucis privacy statement found on website here
- Surveillance systems: means any devices or systems designed to monitor or record images of individuals or information relating to individuals. The term includes CCTV systems as well as:
- any technology that may be introduced in the future such as automatic number plate recognition (ANPR);
- body worn cameras; or
- any other systems that capture information of identifiable individuals or information relating to identifiable individuals.
- 3.1 We currently use CCTV cameras to view and record individuals on our premises. This policy outlines why we use CCTV, how we will use CCTV and how we will process data recorded by CCTV cameras to ensure we are compliant with data protection law and best practice.
- 3.2 We recognise that information that we hold about individuals is subject to data protection legislation. The images of individuals recorded by CCTV cameras are personal data and therefore subject to the legislation. We are committed to complying with all our legal obligations and seek to comply with best practice suggestions from the Information Commissioner's Office (ICO).
- 3.3 This policy covers all our customers, visiting members of the public, employees, workers and contractors.
- 3.4 This policy will be regularly reviewed to ensure that it meets legal requirements, relevant guidance published by the ICO and industry standards.
- 4.1 We currently use CCTV as outlined below. We believe that such use is necessary for legitimate business purposes, including:
- (a) to comply with our licencing conditions;
- (b) to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime;
- (c) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;
- (d) to support law enforcement bodies in the prevention, detection and prosecution of crime;
- (e) to assist in day-to-day management, including ensuring the health and safety of staff and others; or
- (f) to assist in the effective resolution of disputes,
- This list is not exhaustive and other purposes may be or become relevant.
- 5.1 Images are monitored by authorised personnel when required pursuant to clause 4.
- 5.2 Staff using surveillance systems will be given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data.
- 6.1 Where possible, we will display signs at the entrance of the surveillance zone to alert individuals that their image may be recorded.
- 6.2 We will ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data. Recorded images will only be viewed in designated, secure offices.
- 7.1 In order to ensure that the rights of individuals recorded by the CCTV system are protected, we will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so.
- 7.2 Given the large amount of data generated by surveillance systems, we may store video footage using a cloud computing system. We will take all reasonable steps to ensure that any cloud service provider maintains the security of our information, in accordance with industry standards.
- 7.3 We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.
- 8.1 Data recorded by the CCTV system will be stored. Data from CCTV cameras will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Exactly how long images will be retained for will vary according to the purpose for which they are being recorded. For example, where images are being recorded for crime prevention purposes, data will be kept long enough only for incidents to come to light. In all other cases, recorded images will be kept for no longer than 90 days.
- 8.2 At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.
- 9.1 We may share data with other group companies and other associated companies or organisations, for example shared services partners where we consider that this is reasonably necessary for any of the legitimate purposes set out above in paragraph 4.1.
- 9.2 No images from our CCTV cameras will be disclosed to any other third party, without express permission being given by our data protection officer (who’s details can be found in our Privacy Statement) (DPO). Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.
- 9.3 In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.
- 9.4 We will maintain a record of all disclosures of CCTV footage.
- 9.5 No images from CCTV will ever be posted online or disclosed to the media.
- 10.1 You may make a request for disclosure of your personal information in accordance with our Privacy Statement.
- 10.2 In order for us to locate relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.
- 10.3 We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so.
- 11.1 We recognise that, in rare circumstances, individuals may have a legal right to object to processing and in certain circumstances to prevent automated decision making (see Articles 21 and 22 of the General Data Protection Regulation). For further information regarding this, please contact our DPO.