CCTV Policy

CCTV Policy


At Dolphin Square, we believe that CCTV and Body Worn Cameras (“BWC”) play a legitimate role in helping to maintain a safe and secure environment for all our staff, guests, customers, and potential customers, tenants, employees of its partners and suppliers and contractors. Images recorded by CCTV and BWC are 'Personal Data' (defined below) and, as such, must be processed in accordance with data protection laws.


We are committed to complying with our legal obligations in order to appropriately handle and protect Personal Data and ensure that the legal rights of staff, guests, customers, and potential customers, tenants, employees of partnersand suppliers and contractors relating to their Personal Data, are recognised and respected.


This policy is intended to enable staff, guests, customers, and potential customers, tenants, employees of its partners and suppliers and contractors to understand how Dolphin Square uses CCTV and BWC, which departments are responsible for use of these technologies, the rights individuals have in relation to information captured, who has access to images captured and how individuals can raise any queries or concerns they may have.

 

1. Definitions


For the purposes of this policy, the following terms have the following meanings:


BWC: means body-worn cameras, as worn by our security personnel, that may capture information of identifiable individuals or information relating to identifiable individuals.


CCTV: means cameras, devices or systems including fixed CCTV and any other systems that may capture information of identifiable individuals or information relating to identifiable individuals.


Image Data: means any Data in respect of CCTV and BWC, e.g. video images, static pictures, etc.


Data: means any information which is stored electronically or in paper-based filing systems.


Data Subject: means any individuals who can be identified directly or indirectly from Personal Data, including Image Data. Data Subjects include staff, guests, customers, and potential customers, tenants, employees of its partners, suppliers and contractors, and members of the public.


Data Controller: is the organisation or authority which, determines how and for what purpose the Personal Data are processed. When operating CCTV and BWC, Dolphin Square is the relevant Data Controller and is responsible for ensuring compliance with the Data Protection Laws.


CCTV and BWC Users: are our employees (or employees of any Data Processors we appoint) whose work involves operating CCTV and processing Image Data. This will include those whose duties are to operate CCTV to record, monitor, store, retrieve and delete images. CCTV and BWC Users must protect the Image Data they handle in accordance with this policy.


Service Provider: is any organisation that is not a CCTV and BWC User (or other employee of a Data Controller) that processes Image Data or Personal Data on our behalf and in accordance with our instructions.


Data Protection Laws: means

a) General Data Protection Regulation (EU) 2016/679, as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 ("UK GDPR");


b) all other applicable laws, regulations or court judgements relating to the processing of personal data, data privacy, electronic communications, marketing and/or data security, including but not limited to the Privacy and Electronic Communications (EC Directive) Regulations 2003; and


c) any and all legally binding guidelines, recommendations, best practice, opinions, directions, decisions, or codes issued, adopted or approved by the UK’s Information Commissioner’s Office and/or any other supervisory authority or data protection authority from time to time in relation to the processing of personal data, data privacy, electronic communications, marketing and/or data security;


Personal Data: is any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;


Processing: is any activity which involves the use of Image Data, whether or not by automated means. It includes collecting, obtaining, recording or holding Image Data, or carrying out any operation or set of operations on the Image Data including organising, structuring, amending, retrieving, using, disclosing or erasing or destroying it. Processing also includes transferring Image Data to third parties.


Site: means the Dolphin Square premises at Dolphin Square, Chichester Street, London, SW1V 3LX.

 

2. About this policy


2.1: This policy sets out why we use CCTV, how we will use CCTV and how we will process any Image Data recorded by CCTV to ensure that we are compliant with Data Protection Law.


2.2: We currently use CCTV to view and record areas of our Site, 24 hours per day, 7 days per week. We currently deploy BWC on an occasional basis, and only where necessary to record a specific event where they may be a threat to residents, guests or staff.


2.3: The images of individuals recorded by CCTV and BWC are Personal Data and, therefore, subject to the Data Protection Laws. Dolphin Square is the Data Controller of all Image Data captured at our Site.


2.4: This policy covers all staff, guests, visitors, customers, and potential customers, tenants, employees of its partners and suppliers and contractors and may also be relevant to members of the public visiting the Site.

 

3. Staff responsible


The Estate Security Manager has overall responsibility for ensuring compliance with Data Protection Laws and the effective operation of this policy. Day-to-day operational responsibility for CCTV and BWC and the storage of Image Data recorded is the responsibility of theEstate Security Team Leader. Should you have any queries on the use of CCTV, BWC or surveillance systems by us please contactThe Estate Security Manager by emailing dataprotection@dolphinsquare.co.uk.

 

4. Why we use CCTV and BWC


4.1: We currently use CCTV and BWC around our Site as outlined below. We believe that such use is necessary for the following legitimate purposes:


(a) to prevent or detect crime on our Site and protect buildings and assets from damage, disruption, theft, vandalism and other crime, and to act as a deterrent against such crime;


(b) for the personal safety of tenants, guests, staff, customers, and potential customers, employees of its partners, suppliers and contractors and other members of the public, against harassment, abuse and other harms;


(c) for the health and safety of those using the pool, gym floor and other facilities, or when staff undertaking welfare checks;(d) to support law enforcement bodies in the prevention, detection and prosecution of crime; and


(e) to support any internal investigations, for example, where relevant to a staff disciplinary procedure or breach of contract.


4.2: We may implement or use CCTV or BWC for purposes other than those specified above which we will notify you of from time to time.

 

5. Monitoring


5.1: The locations of the CCTV are chosen to minimise the viewing of spaces / individuals which are not relevant to the legitimate purpose of the monitoring as specified above.  CCTV cameras currently point at primary ingress and egress areas, common area spaces, primary thoroughfares, areas of congregation, and publicly accessible areas. Additional CCTV cameras also point to areas that utilise access control, such as the car park, storage spaces, and areas where regular business is conducted.


5.2: Currently, none of our CCTV records sound.


5.3: A live feed from the CCTV is monitored continuously by our staff on Site and images are only revisited in the event of an incident or if a request is made.


5.4: Security staff who help to keep our Site safe may be equipped with BWC when patrolling the site. BWC will only be activated to start recording where security personnel perceive there to be a present threat to individuals and / or our Site.


5.5: Any staff using CCTV and BWC will be given training to ensure that they understand how to use these technologies in a proportionate manner and understand the legal requirements relating to the processing of any Data gathered.

 

6. How we operate CCTV and BWC


6.1: Where CCTV is in use at our Site, we will ensure that signs are displayed at the entrance of the surveillance zone to alert staff, guests, customers, and potential customers, tenants, employees of its partners, suppliers and contractors that their image may be recorded. The signs will contain details of the organisation operating the system (where they are operated by a third party) and who to contact for further information.


6.2: We will ensure that live feeds from the CCTV are only viewed by appropriately authorised members of staff or third-party service providers whose role requires them to have access to such Image Data. Recorded images will only ever be viewed in  secure and restricted areas by our security staff or relevant elected employees for legitimate purposes.


6.3: BWC will only ever be activated by our security personnel to start recording footage in the event of a perceived threat to tenants, guests, staff or other individuals on Site, or where perceived necessary where there is a risk to an individual's health or safety, such as welfare checks. Before activating BWC, security personnel will make a clear announcement that they are recording footage, and the BWC will be turned off once the threat is believed to have ended, or the incident is over.  


7. How we protect the Data


7.1: In order to ensure that the rights of individuals recorded by our CCTV and BWC are protected, we will ensure that Image Data gathered from such systems is stored in a way that maintains its integrity and security. This may include encrypting the Data, where it is possible to do so.


7.2: We will ensure that any Image Data is only used for the purposes specified in section 4.1 above. We will not use Image Data for another purpose unless permitted by Data Protection Laws.


7.3: Where we engage Data Processors to process Data on our behalf, we will ensure contractual safeguards are in place to protect the security and integrity of the Data.

 

8. Retention and erasure of Data


8.1: Data recorded by our CCTV and BWC will be stored locally on servers at our Site. We will not retain this Data indefinitely but will permanently delete it once there is no reason to retain the recorded information. Exactly how long the Data will be retained for will vary according to the purpose for which it was recorded. For example, where images are being recorded for crime prevention purposes, Image Data will be kept only for as long as it takes to establish that a crime has been committed or where we are using the Image Data for staff disciplinary purposes, the images will be kept until the process is completed. In all other cases, recorded images will be kept for no longer than 30 days before being overwritten and permanently deleted.


8.2: At the end of its useful life and in any event within 7 years all Data stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs or hard copy photographs will be promptly disposed of as confidential waste.

 

9 Ongoing review of CCTV use


9.1: We will periodically review our ongoing use of existing CCTV and BWC at our Site to ensure that its use remains necessary and appropriate and in compliance with Data Protection Laws.


9.2: We will also carry out checks and deliver training to ensure that this policy is being followed by all staff.

 

10. Rights of Data Subjects


10.1 As Image Data will identify individuals, it will be considered Personal Data under applicable Data Protection Laws. Under Data Protection Laws, Data Subjects have certain rights in relation to the Personal Data concerning them (which are not absolute rights, and are subject to caveats in certain circumstances). These are as follows:

(a) the right to access a copy of that Personal Data and the following information (this may include Image Data captured by our CCTV or BWC):

(i) the purpose of the processing;

(ii) the types of Personal Data concerned;

(iii) to whom the Personal Data has or will be disclosed; and

(iv) the envisaged period that the Personal Data will be stored, or if not possible, the criteria used to decide that period;


(b) the right to request any inaccurate Personal Data that we hold concerning them is rectified, this includes having incomplete Personal Data completed;


(c) the right to request the Personal Data we hold concerning them is erased without undue delay, where it is no longer necessary for us to retain it in relation to the purposes it was collected;


(d) the right to request restriction of our processing of Personal Data in certain circumstances;


(e) the right to object to our processing of Personal Data where this is based on our legitimate interests, except where we are able to demonstrate compelling legitimate grounds for the processing which override the interests and freedoms of the data subject, or for the establishment, exercise or defence of legal claims;


(f) the right to request Personal Data is provided to a Data Subject in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller (the right to data portability); and


(g) the right to lodge a complaint with the Information Commissioner’s Office, if the Data Subject considers that our processing of the Personal Data relating to him or her infringes Data Protection Laws.

 

11. Service Providers


11.1 In order to operate CCTV and BWC across our Site we appoint service providers to provide us with maintenance services related to that CCTV, and also to assist with the management of internal IT infrastructure behind our surveillance systems. Such service providers act only on our instructions and on our behalf for the purposes listed in section 4.1 above. We require these service providers by contract to safeguard the privacy and security of Personal Data they process on our behalf.

 

12. Requests of disclosure by third parties


12.1: No images from our CCTV cameras will be disclosed to any third party (other than our third-party CCTV maintenance service providers), without express permission being given by the Data Protection Officer of our Site. In any event, Data will only be disclosed to a third party in accordance with Data Protection Laws.


12.2: In certain circumstances, we may allow law enforcement agencies, to view or remove CCTV footage where this is required in the detection or prosecution of crime, and where they can demonstrate a lawful basis under Data Protection Laws for the receipt of Data.


12.3: In addition, we may allow legal representatives and insurance companies and/or their loss adjustors, to view or remove CCTV footage where this is required for health and safety, or insurance claim purposes and where they can demonstrate a lawful basis under Data Protection Laws for the receipt of Data.


13. Complaints


13.1: If anyone has questions about this policy or any concerns about our use of CCTV or BWC, then they should speak toThe Estate Security Manager.


13.2: Where this is not appropriate or matters cannot be resolved informally, employees should use our formal grievance procedure by contacting Human Resources.If you are not an employee, you can contact our Data Protection Officer by emailing dataprotection@dolphinsquare.co.uk.



CCTV Policy last updated February 2025

Share by: