1. Policy statement
- 1.1 Brigade Electronics Group plc and Brigade Electronics (UK) Limited (together “Brigade”) believe that CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all its staff and visitors. However, Brigade recognises that this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems may include personal data which must be processed in accordance with data protection laws. Brigade is committed to complying with its legal obligations and ensuring that the legal rights of data subjects, relating to their personal data, are recognised and respected.
- 2.1 For the purposes of this policy, the following terms have the following meanings:
CCTV: means cameras designed to capture and record images.
data: is information which is stored electronically, or in paper-based filing systems. In respect of CCTV, this generally means video images. It may also include static pictures such as printed screen shots.
data subjects: means all living individuals about whom Brigade holds personal information as a result of the operation of its CCTV (or other surveillance systems).
personal data: means data relating to a living individual who can be identified from that data (or other data in our possession). This will include video images of identifiable individuals.
data controllers: are the people who, or organisations which, determine the manner in which any personal data is processed. They are responsible for establishing practices and policies to ensure compliance with the law. Brigade is the data controller of all personal data used in its business for its own commercial purposes.
data processors: are any person or organisation that is not a data user (or other employee of a data controller) that processes data on Brigade’s behalf and in accordance with Brigade’s instructions (for example, a supplier which handles data on Brigade’s behalf).
3. About this policy
- 3.1 Brigade currently uses CCTV to view and record areas and activity which may include individuals in specified locations on and around its premises located at:
- 3.1.1 Brigade House, The Mills, Station Road, South Darenth, DA4 9BD;
- 3.1.2 Unit 1.04, The Mills, Station Road, South Darenth, DA4 9BD; and
- 3.1.3 10 Applegarth Drive, Questor Estate, Hawley Road, Dartford, DA1 1JD, (together the “Sites”).
- 3.2 Brigade carried out a data privacy impact assessment (DPIA) to ensure it is balancing its need for CCTV with the impact on the privacy of data subjects.
- 3.3 This policy outlines why Brigade uses CCTV, how it will use CCTV and how it will process data recorded by CCTV to ensure it is compliant with data protection law and best practice.
- 3.4 This policy also explains how to make a subject access request in respect of personal data created by CCTV.
- 3.5 Brigade’s Data Protection Officer (DPO) has overall responsibility for ensuring compliance with relevant legislation and the effective operation of this policy.
- 3.6 Any questions about this policy should be directed to Brigade’s DPO at email@example.com.
4. Reasons for the use of CCTV
- 4.1 Brigade currently uses CCTV around its Sites as outlined below. Brigade believes that such use is necessary for legitimate interests and business purposes, including:
- 4.1.1 to prevent crime and protect buildings and assets from theft, damage, disruption, vandalism and other crime;
- 4.1.2 for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;
- 4.1.3 to support law enforcement bodies in the prevention, detection and prosecution of crime;
- 4.1.4 to assist in day-to-day management, including ensuring compliance with health and safety laws and regulations;
- 4.1.5 to assist in the defence of any civil litigation, including health and safety incidents and accidents
- 4.2 This list is not exhaustive and other purposes may be or become relevant.
5. CCTV Monitoring
- 5.1 CCTV monitors:
- 5.1.1 the exterior of the buildings on the Sites 24 hours a day and this data is continuously recorded;
- 5.1.2 limited parts of the interior of Unit 1.04 and Applegarth.
- 5.2 Active CCTV internally as well as externally are identified and indicated by CCTV signs. Such signs will contain details of the purpose for using the surveillance system, who to contact for further information and where to find this policy.
- 5.3 Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring.
- 5.4 The CCTV does not record sound.
- 5.5 CCTV images are available for viewing, although not necessarily monitored, by authorised personnel 24 hours a day, every day of the year.
- 5.6 Monitoring or viewing of recorded footages or images by authorised personnel are usually only prompted in the event of an alert or incident.
- 5.7 Live feeds from CCTV will only be monitored where this is reasonably necessary, for example, to protect health and safety or for security purposes.
- 5.8 Brigade will ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data.
- 5.9 Authorised personnel can only access or view CCTV images / footage via password protected user accounts.
6. Use of data gathered by CCTV
- 6.1 In order to ensure that the rights of individuals recorded by the CCTV system are protected, Brigade will ensure that data gathered from CCTV is stored in a way that maintains its integrity and security.
- 6.2 Brigade may engage data processors to process CCTV data on its behalf. Brigade will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.
7. Retention and erasure of data gathered by CCTV
- 7.1 Recorded data on CCTV hardware will be overwritten on a rolling basis approximately every 30 days.
- 7.2 Any data or footage downloaded for a specific, legitimate purpose will be permanently deleted once there is no reason to retain the recorded information. Exactly how long such images will be retained for will vary according to the purpose for which they were recorded and downloaded.
- 7.3 At the end of their useful life, all images stored in whatever format will be erased permanently and securely.
8. Requests for disclosure
- 8.1 Brigade may share CCTV data with other group companies and other associated companies or organisations, for example professional advisors or shared services partners where Brigade considers that this is reasonably necessary for any of the legitimate purposes set out above in paragraph 4.1.
- 8.2 No images from Brigade’s CCTV will be disclosed to any other third party, without express permission being given by the Group IT & Communications Director and/or DPO.
- 8.3 In other appropriate circumstances, Brigade may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.
- 8.4 Brigade will maintain a record of all disclosures of CCTV footage.
- 8.5 No images from CCTV will ever be posted online or disclosed to the media.
9. Subject access requests
- 9.1 In certain circumstances, data subjects may make a request for disclosure of their personal information held by Brigade and this may include CCTV images (data subject access request). A data subject access request is subject to the statutory and legal conditions from time to time in place and should be made in accordance with Brigade’s Subject Access Request Procedure available on its website.
- 9.2 In order for Brigade to locate relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.
- 9.3 Brigade reserves the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where it considers it necessary to do so.
- 9.4 In certain circumstances, Brigade may not be able to adhere to a subject access request, for example where it may adversely affect the rights of others or where Brigade is unable to identify the data subject.
10. Other rights of data subjects
- 10.1 Brigade recognises that, in rare circumstances, data subjects may have a legal right to object to processing and in certain circumstances to prevent automated decision making (see Articles 21 and 22 of the General Data Protection Regulation).