The capture, monitoring, recording, storage, retention and processing of images of identifiable individuals constitutes personal data as defined by the Data Protection Act 1998 and The General Data Protection Regulation (GDPR). This Code of Practice sets out the intended use and management of CCTV equipment and images by the Company and aims to ensure the Company is fully compliant with the requirements of all current and related legislation.
This policy has been produced in line with the Information Commissioners CCTV Code of Practice (www.ico.org.uk).
This Code of Practice is binding to all employees, contractors and visitors to the Company and its premises and all other persons who may, for whatever reason, be present on Company premises at any time.
The scope of the monitoring includes, but is not limited to, health and safety considerations and violations, unlawful and unacceptable conduct, such as theft, violence, unwanted behaviours and breach of Company policy, as well as for general monitoring purposes.
The Company’s CCTV facility records images only. There is no audio recording.
Swimmingly Limited owns all CCTV systems on Company properties. The CCTV day to day operations are operated by the owner. Review, management and maintenance of the systems are the responsibility of the owner. Only trained personnel authorised by a Director will operate any of the equipment located on the premises. The CCTV systems recorded material is copyrighted owned by Swimmingly Limited.
CCTV systems are utilised by the Company for the following specific purposes:
Where images are obtained by persons committing acts of an illegal or criminal nature and/or acts which breach Company policies and procedures, these images maybe used as evidence, in accordance with law enforcement agencies.
One cameras is located in the pool building, positioned so that it covers only the pool and surrounding decked areas. No cameras are located in toilet/washroom areas.
All cameras are clearly visible and signage is displayed through the relevant premises so that employees, customers, contractors, visitors and other third parties are aware they are entering an area which is covered by CCTV.
Covert use of the Company’s CCTV systems can only take place on the written permission of the Directors. For monitoring to occur, there must be reasonable cause to suspect that unauthorised or illegal activity is taking place or is about to take place or that a breach of Company policy is taking place and informing the individual(s) concerned would seriously prejudice its prevention or detection. Covert monitoring will only be undertaken for a limited and reasonable period of time consistent with the documented objectives. All decisions relating to the use of covert monitoring will be fully documented.
Where a legitimate third party (e.g. a law enforcement agency) wishes to undertake covert monitoring using Company premises, the request should be brought to the attention of a Director in the first instance who will discuss it with all relevant parties.
Once the specific investigation has been completed, covert monitoring will cease. All other information collected in the course of covert monitoring will be deleted or destroyed unless it reveals information which the Company cannot reasonably be expected to ignore.
It is important to ensure that access to and disclosure of CCTV images is restricted and carefully controlled not only to safeguard the rights of individuals but also to ensure that any evidence remains intact should the images be required in the future for evidence purposes.
Authorised Company CCTV operators (including those with View Only access) must:
Recorded images are held in a secure location. As the system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not usually held for more than 28 days, unless an incident is recorded which requires further investigation. Once a hard drive has reached the end of its use it will be erased prior to disposal.
If images are required for longer than normal retention periods, for example for use following an incident, in an investigation or as a legal requirement, and are stored on or transferred to removable or other media, the images will be erased or destroyed once the purpose of the recording is no longer relevant. Where a law enforcement agency is investigating a crime, or an accident has occurred, images may need to be retained for a longer period.
Access to, and disclosure of, images recorded on CCTV is restricted to the trained, approved operators of the CCTV system and to members of management and authorised third party personnel in accordance purposes and scope of the system and Code of Practice. This ensures the rights of individuals are protected. Images can only be disclosed in accordance with the purposes for which they were originally collected.
Disclosure of images to members of management other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:
Requests from the third parties for access or disclosure should be directed to a Director in the first instance.
Requests from individuals whose images have been recorded and retained to access to their images must be approved by a Director and must follow the process outlined in section 4.0.
With the approval of a Director, an individual who is subject, or witness, to an investigation may be shown CCTV footage in order to allow full investigation of the incident. In such cases, other individuals may appear within the footage. Every reasonable attempt will be made to prevent unfair intrusion into the privacy of other parties evident in the footage, unless involved in the incident being investigated and it is impossible to obscure or remove their image.
In all cases, viewing of any such images must be in line with the procedures set out in this policy.
Images must not be disclosed to any third parties without prior authorisation (including Company employees who are not authorised to view them). Breach of this may result in disciplinary investigation.
All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required. If disclosure is denied, the reason will be recorded.
It is important to ensure that access to and disclosure of CCTV images is restricted and carefully con
In the event of an emergency or a major incident, the police will be given authority to view the images. Such authority will be given by Senior Management verbally and noted in writing to record and access log to the CCTV system.
Staff Training
The Company will ensure that all employees handling CCTV images or recordings are trained in the operation and administration of the CCTV system and on the impact of the Data Protection Act 1998 and/or GDPR with regard to the CCTV system and the Company’s CCTV Code of Practice.
Individuals Access Rights
Under the Data Protection Act 1998 and GDPR legislation, individuals have the right on request to receive a copy of the personal data that the Company holds about them, including CCTV images if they are recognisable from the image. This is known as a Subject Access Request (SAR).
Subject Access Requests must be submitted in line with the Company’s Data Privacy Policy and related documents. The requests, which should be in writing, should include the date and approximate time when the images were recorded, along with the location of the CCTV camera / area of the incident so that the identity of the individual making the request can be established and verified as the person in the images. The reason for the request should also be supplied. The response from the Company will be in line with Company policy.
Any request involving access to the Company’s CCTV footage must be approved by a Director.
An approved representative of the Company will determine whether disclosure of the requested images will reveal third party information (individuals have no right to access CCTV images relating to other people). In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy. Where it is not legitimately possible to restrict or erase third party images, the Company may reasonably refuse to provide access to the images. The individual making the request will be informed accordingly.
If the Company is unable to comply with a request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, the individual making the request will be advised accordingly.
An administration fee will not usually be charged for considering and/or complying with a Subject Access Request however, the Company reserve the right to charge a reasonable fee where the request is deemed to be unnecessary, unfounded or excessive in nature.
The Company may be required for legal, medical or other legitimate business reasons to retain records despite a request to restrict processing or erase data. Individuals requesting that their data be removed from the system should refer to the Company’s Data Privacy Policy for further details or speak to Senior Management.
Misuse of the system and complaints
Any use of the Company’s CCTV systems which is outside of scope of this Code of Practice and which is inconsistent with the purposes and procedures stated above will be treated seriously and may be subject to investigation under the Company’s Disciplinary policy and procedures, which could lead to termination of employment. Serious breaches may be treated as Gross Misconduct.
TheDirectors will record any complaints received in respect of operation of the Company’s CCTV systems and this Code of Practice.
Further reference should be made to the Company’s Data Privacy Policy.
Code of Practice Review and Changes
There may be occasions when amendments need to be made to this Policy as well as related documentation and Company policy and guidelines, where, for example, there is a change in the law or best practice guidance. The Company reserves the right to make appropriate changes. If changes are made, employees will be informed of what the changes are and from when they are effective.
This Policy does not form part of employees’ terms and conditions of employment and may be subject to change at the discretion of Senior Management and / or Directors.
trolled not only to safeguard the rights of individuals but also to ensure that any evidence remains intact should the images be required in the future for evidence purposes.
Authorised Company CCTV operators (including those with View Only access) must: