Swimmingly Ltd. (the Company) uses closed circuit television (CCTV) images internally to provide a safe and secure environment for employees, contractors, visitors and other third parties to the Company and to protect the Company’s premises and property
The capture, monitoring, recording, storage, retention and processing of images of identifiable individuals constitutes personal data as defined by the Data Protection Act 1998 and The General Data Protection Regulation (GDPR). This Code of Practice sets out the intended use and management of CCTV equipment and images by the Company and aims to ensure the Company is fully compliant with the requirements of all current and related legislation.
This policy has been produced in line with the Information Commissioners CCTV Code of Practice (www.ico.org.uk).
1.1 Scope of the Code
This Code of Practice is binding to all employees, contractors and visitors to the Company and its premises and all other persons who may, for whatever reason, be present on Company premises at any time.
The scope of the monitoring includes, but is not limited to, health and safety considerations and violations, unlawful and unacceptable conduct, such as theft, violence, unwanted behaviours and breach of Company policy, as well as for general monitoring purposes.
The Company’s CCTV facility records images only. There is no audio recording.
1.2 Ownership and operation of the CCTV System
Swimmingly Limited owns all CCTV systems on Company properties. The CCTV day to day operations are operated by the owner. Review, management and maintenance of the systems are the responsibility of the owner. Only trained personnel authorised by a Director will operate any of the equipment located on the premises. The CCTV systems recorded material is copyrighted owned by Swimmingly Limited.
CCTV systems are utilised by the Company for the following specific purposes:
- To identify unlawful and unacceptable conduct, unwanted behaviours and breach of Company agreements and policy
- To deter and detect crime, including theft and criminal damage
- To assist in the identification and prosecution of offenders
- To enhance the safety and wellbeing of employees, contactors, visitors and members of the public by ensuring health and safety rules and Company procedures are being complied with
- To assist with the identification of unauthorised actions or unsafe working practices
- To assist in the overall management of all owned premises
Where images are obtained by persons committing acts of an illegal or criminal nature and/or acts which breach Company policies and procedures, these images maybe used as evidence, in accordance with law enforcement agencies.
1.4 Location of Cameras
One cameras is located in the pool building, positioned so that it covers only the pool and surrounding decked areas. No cameras are located in toilet/washroom areas.
All cameras are clearly visible and signage is displayed through the relevant premises so that employees, customers, contractors, visitors and other third parties are aware they are entering an area which is covered by CCTV.
1.5 Covert Monitoring
Covert use of the Company’s CCTV systems can only take place on the written permission of the Directors. For monitoring to occur, there must be reasonable cause to suspect that unauthorised or illegal activity is taking place or is about to take place or that a breach of Company policy is taking place and informing the individual(s) concerned would seriously prejudice its prevention or detection. Covert monitoring will only be undertaken for a limited and reasonable period of time consistent with the documented objectives. All decisions relating to the use of covert monitoring will be fully documented.
Where a legitimate third party (e.g. a law enforcement agency) wishes to undertake covert monitoring using Company premises, the request should be brought to the attention of a Director in the first instance who will discuss it with all relevant parties.
Once the specific investigation has been completed, covert monitoring will cease. All other information collected in the course of covert monitoring will be deleted or destroyed unless it reveals information which the Company cannot reasonably be expected to ignore.
- Access to and disclosure of CCTV Images
It is important to ensure that access to and disclosure of CCTV images is restricted and carefully controlled not only to safeguard the rights of individuals but also to ensure that any evidence remains intact should the images be required in the future for evidence purposes.
Authorised Company CCTV operators (including those with View Only access) must:
- Restrict access to only those who need it
- Ensure that the system is only used for the purpose for which it was installed;
- Make practical arrangements for ensuring that recording images are only viewed by authorised personnel in secure confidential location;
- Treat all recorded content with sensitivity and in the strictest confidence; and
- Ensure that all CCTV logs record any access to, and disclosure of, CCTV images.
2.2 Recording & Retention
Recorded images are held in a secure location. As the system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not usually held for more than 28 days, unless an incident is recorded which requires further investigation. Once a hard drive has reached the end of its use it will be erased prior to disposal.
If images are required for longer than normal retention periods, for example for use following an incident, in an investigation or as a legal requirement, and are stored on or transferred to removable or other media, the images will be erased or destroyed once the purpose of the recording is no longer relevant. Where a law enforcement agency is investigating a crime, or an accident has occurred, images may need to be retained for a longer period.
2.3 Access to CCTV Images
Access to, and disclosure of, images recorded on CCTV is restricted to the trained, approved operators of the CCTV system and to members of management and authorised third party personnel in accordance purposes and scope of the system and Code of Practice. This ensures the rights of individuals are protected. Images can only be disclosed in accordance with the purposes for which they were originally collected.
Disclosure of images to members of management other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:
- The police and other law enforcement agencies, where the images recorded could assist in the prevention or detection of a crime, or the identification and prosecution of an offender, or the identification of a victim or witness;
- Prosecution agencies, such as the Crown Prosecution Service;
- Relevant legal representatives;
- Insurance companies or loss adjusters (e.g. where an accident has occurred and a claim made);
- Approved personnel where investigating an accident or health and safety breach;
- Approved managers and/or personnel involved with Company disciplinary and performance management processes.
Requests from the third parties for access or disclosure should be directed to a Director in the first instance.
Requests from individuals whose images have been recorded and retained to access to their images must be approved by a Director and must follow the process outlined in section 4.0.
With the approval of a Director, an individual who is subject, or witness, to an investigation may be shown CCTV footage in order to allow full investigation of the incident. In such cases, other individuals may appear within the footage. Every reasonable attempt will be made to prevent unfair intrusion into the privacy of other parties evident in the footage, unless involved in the incident being investigated and it is impossible to obscure or remove their image.
In all cases, viewing of any such images must be in line with the procedures set out in this policy.
Images must not be disclosed to any third parties without prior authorisation (including Company employees who are not authorised to view them). Breach of this may result in disciplinary investigation.
All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required. If disclosure is denied, the reason will be recorded.
In the event of an emergency or a major incident, the police will be given authority to view the images. Such authority will be given by Senior Management verbally and noted in writing to record and access log to the CCTV system.
- Staff Training
The Company will ensure that all employees handling CCTV images or recordings are trained in the operation and administration of the CCTV system and on the impact of the Data Protection Act 1998 and/or GDPR with regard to the CCTV system and the Company’s CCTV Code of Practice.
- Individuals Access Rights
Under the Data Protection Act 1998 and GDPR legislation, individuals have the right on request to receive a copy of the personal data that the Company holds about them, including CCTV images if they are recognisable from the image. This is known as a Subject Access Request (SAR).
Any request involving access to the Company’s CCTV footage must be approved by a Director.
An approved representative of the Company will determine whether disclosure of the requested images will reveal third party information (individuals have no right to access CCTV images relating to other people). In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy. Where it is not legitimately possible to restrict or erase third party images, the Company may reasonably refuse to provide access to the images. The individual making the request will be informed accordingly.
If the Company is unable to comply with a request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, the individual making the request will be advised accordingly.
An administration fee will not usually be charged for considering and/or complying with a Subject Access Request however, the Company reserve the right to charge a reasonable fee where the request is deemed to be unnecessary, unfounded or excessive in nature.
- Misuse of the system and complaints
Any use of the Company’s CCTV systems which is outside of scope of this Code of Practice and which is inconsistent with the purposes and procedures stated above will be treated seriously and may be subject to investigation under the Company’s Disciplinary policy and procedures, which could lead to termination of employment. Serious breaches may be treated as Gross Misconduct.
TheDirectors will record any complaints received in respect of operation of the Company’s CCTV systems and this Code of Practice.
- Code of Practice Review and Changes
There may be occasions when amendments need to be made to this Policy as well as related documentation and Company policy and guidelines, where, for example, there is a change in the law or best practice guidance. The Company reserves the right to make appropriate changes. If changes are made, employees will be informed of what the changes are and from when they are effective.
This Policy does not form part of employees’ terms and conditions of employment and may be subject to change at the discretion of Senior Management and / or Directors.