CCTV Policy - Middlesex Badminton Dome (the Dome)
Contents
1. Introduction
2. CCTV system overview
3. Purposes of the CCTV system
4. Monitoring and recording
5. Compliance with Data Protection legislation
6. New installations
7. Applications for disclosure of images
8. Retention of images
9. Complaints Procedure
10. Monitoring compliance
11. Policy Review
1. Introduction
1.1 The Dome has in place a CCTV surveillance system “the CCTV system”. This policy details the purpose, use and management of the CCTV system at the Dome and details the procedures to be followed in order to ensure that the Dome complies with relevant legislation and the current Information Commissioner’s Office Code of Practice.
1.2 The Dome will have due regard to the Data Protection Act 1998, the General Data Protection Regulation (GDPR) and any subsequent data protection legislation, and to the Freedom of Information Act 2000, the Protection of Freedoms Act 2012 and the Human Rights Act 1998. It shall also have due regard to the Surveillance Camera Code of Practice, issued under the Protection of Freedoms Act 2012 and in particular the 12 guiding principles contained in it.
1.3 This policy is based upon guidance issued by the Information Commissioner’s Office, ‘In the picture: A data protection code of practice for surveillance cameras and personal information’[appendix 1] (“the Information Commissioner’s Guidance”).
1.4 This policy and the procedures therein detailed, applies to installations capturing images of identifiable individuals for the purpose of viewing and or recording the activities of such individuals. CCTV images are monitored and recorded in strict accordance with this policy.
2. CCTV System overview
2.1 The CCTV system is owned by the Dome and managed by the Management Committee and its appointed agents. Under the Data Protection Act 1998 the Dome is the ‘data controller’ for the images produced by the CCTV system.
2.2 The Chair of the Dome Management committee is responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring, and ensuring compliance with this policy.
2.3 Signs are placed in the carpark, at the main entrance, in the entrance hall and in the walkway by the playing area to inform players, visitors and members of the public that CCTV is in operation.
2.4 The Chair of the Dome’s Management Committee is responsible for ensuring that adequate signage is erected in compliance with the CCTV Code of Practice.
2.5 Five cameras are sited to ensure that they cover the 6 badminton courts and walkway as far as is possible. Three cameras are installed to cover the car park and emergency exit; Two cameras are sited in the entrance hall.
2.6. Recordings are stored for 21 days and then overwritten. All recordings are saved on the hard drive and can only be copied by burning to disc.
2.7 The CCTV system is sensor operated and is capable of being monitored for 24 hours a day, every day of the year.
2.8 Any proposed new CCTV installation is subject to a Privacy Impact Assessment.
3. Purposes of the CCTV system
3.1 The principal purposes of the Dome’s CCTV system are as follows:
- for the prevention, reduction, detection and investigation of crime and other incidents;
- to ensure the safety of staff, players, and visitors;
- to assist in the investigation of suspected breaches of Dome’s regulations by staff or players; and the monitoring and enforcement of traffic related matters.
- To ensure compliance with the Management Committee’s rules on Covid-protection.
3.2 The CCTV system will be used to observe the Dome’s badminton courts and areas under surveillance in order to identify incidents requiring a response. Any response will be proportionate to the incident being witnessed.
3.3 The Dome seeks to operate its CCTV system in a manner that is consistent with respect for the individual’s privacy.
4. Monitoring and Recording.
4.1 Cameras are monitored in a specific room which is a secured area and where the monitor is only visible by authorised personnel.
4.2 Images are recorded centrally on servers located in the secure area and are viewable in this area by all authorised personnel. Additional personnel may be authorised by the management committee to monitor cameras sited within their own areas of responsibility on a view only basis.
4.3 The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed, and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate.
4.4 We also show images in reception which cover the entrance hall and playing hall (only) which are public areas in order to remind people of the CCTV in use and the internal coverage.
4.5 All images recorded by the CCTV System remain the property and copyright of the Dome.
5. Compliance with Data Protection Legislation
5.1 In its administration of its CCTV system, the Dome complies with the Data Protection Act 1998. Due regard is given to the data protection principles embodied in the Data Protection Act. These principles require that personal data shall be:
a) processed fairly and lawfully;
b) held only for specified purposes and not used or disclosed in any way incompatible with those purposes;
c) adequate, relevant and not excessive;
d) accurate and kept up to date;
e) be kept longer than necessary for the particular purpose;
f) processed in accordance with the rights of individuals;
g) kept secure; and
h) not be transferred outside the European Economic Area unless the recipient country ensures an adequate level of protection.
5.2 From 25 May 2018, the Dome also complies with the General Data Protection Regulation. Due regard will be given to the data protection principles contained within Article 5 of the GDPR which provide that personal data shall be:
a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed;
and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
6. Applications for disclosure of images
Applications by individual data subjects
6.1 Requests by individual data subjects for images relating to themselves “Subject Access Request” should be submitted in writing to the Dome management committee together with proof of identification.
6.2 In order to locate the images on the Dome’s system, sufficient detail must be provided by the data subject to allow the relevant images to be located and the data subject to be identified.
6.3 Where the Dome is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual.
Access to and disclosure of images to third parties
6.4 A request for images made by a third party should be made in writing to the Chair of the Dome Committee.
6.5 In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation.
6.6 Such disclosures will be made at the discretion of the Chair of the Dome Committee with reference to relevant legislation and where necessary, following advice from the Dome Management Committee.
6.7 Where a suspicion of misconduct arises and at the formal request of the Investigating Officer, the Chair of the Dome Management Committee may provide access to CCTV images for use in staff disciplinary cases.
6.8 The Chair of the Dome Management Committee may provide access to CCTV images to Investigating Officers when sought as evidence in relation to player/coach/visitor discipline cases.
6.9 A record of any disclosure made under this policy will be held on the CCTV management system, itemising the date, time, camera, requestor, authoriser, and reason for the disclosure.
7. Retention of images
7.1 Unless required for evidential purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 30 days from the date of recording. Images will be automatically overwritten after this point.
7.2 Where an image is required to be held in excess of the retention period referred to in 7.1 (above), the Chair of the MBD or their nominated deputy, will be responsible for authorising such a request.
7.3 Images held for more than their retention period will be reviewed on a three-monthly basis and any not required for evidential purposes will be deleted.
7.4 Access to retained CCTV images is restricted to the Chair of the Dome Management Committee and other persons as required and as authorised by the Chair of the Committee.
8. Complaints procedure
8.1 Complaints concerning the Dome’s use of its CCTV system or the disclosure of CCTV images should be made in writing to the Chair of the Committee.
8.2 All appeals against the decision of the Chair of the Committee should be made in writing to [email protected]
9. Monitoring Compliance
9.1 All staff involved in the operation of the Dome’s CCTV System will be made aware of this policy and will only be authorised to use the CCTV System in a way that is consistent with the purposes and procedures contained therein.
9.2 All staff with responsibility for accessing, recording, disclosing, or otherwise processing CCTV images will be required to undertake data protection training.
10. Policy review
10.1 The Dome’s usage of CCTV and the content of this policy shall be reviewed annually by the Management Committee with reference to the relevant legislation or guidance in effect at the time. Further reviews will take place as required.
1. Introduction
2. CCTV system overview
3. Purposes of the CCTV system
4. Monitoring and recording
5. Compliance with Data Protection legislation
6. New installations
7. Applications for disclosure of images
8. Retention of images
9. Complaints Procedure
10. Monitoring compliance
11. Policy Review
1. Introduction
1.1 The Dome has in place a CCTV surveillance system “the CCTV system”. This policy details the purpose, use and management of the CCTV system at the Dome and details the procedures to be followed in order to ensure that the Dome complies with relevant legislation and the current Information Commissioner’s Office Code of Practice.
1.2 The Dome will have due regard to the Data Protection Act 1998, the General Data Protection Regulation (GDPR) and any subsequent data protection legislation, and to the Freedom of Information Act 2000, the Protection of Freedoms Act 2012 and the Human Rights Act 1998. It shall also have due regard to the Surveillance Camera Code of Practice, issued under the Protection of Freedoms Act 2012 and in particular the 12 guiding principles contained in it.
1.3 This policy is based upon guidance issued by the Information Commissioner’s Office, ‘In the picture: A data protection code of practice for surveillance cameras and personal information’[appendix 1] (“the Information Commissioner’s Guidance”).
1.4 This policy and the procedures therein detailed, applies to installations capturing images of identifiable individuals for the purpose of viewing and or recording the activities of such individuals. CCTV images are monitored and recorded in strict accordance with this policy.
2. CCTV System overview
2.1 The CCTV system is owned by the Dome and managed by the Management Committee and its appointed agents. Under the Data Protection Act 1998 the Dome is the ‘data controller’ for the images produced by the CCTV system.
2.2 The Chair of the Dome Management committee is responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring, and ensuring compliance with this policy.
2.3 Signs are placed in the carpark, at the main entrance, in the entrance hall and in the walkway by the playing area to inform players, visitors and members of the public that CCTV is in operation.
2.4 The Chair of the Dome’s Management Committee is responsible for ensuring that adequate signage is erected in compliance with the CCTV Code of Practice.
2.5 Five cameras are sited to ensure that they cover the 6 badminton courts and walkway as far as is possible. Three cameras are installed to cover the car park and emergency exit; Two cameras are sited in the entrance hall.
2.6. Recordings are stored for 21 days and then overwritten. All recordings are saved on the hard drive and can only be copied by burning to disc.
2.7 The CCTV system is sensor operated and is capable of being monitored for 24 hours a day, every day of the year.
2.8 Any proposed new CCTV installation is subject to a Privacy Impact Assessment.
3. Purposes of the CCTV system
3.1 The principal purposes of the Dome’s CCTV system are as follows:
- for the prevention, reduction, detection and investigation of crime and other incidents;
- to ensure the safety of staff, players, and visitors;
- to assist in the investigation of suspected breaches of Dome’s regulations by staff or players; and the monitoring and enforcement of traffic related matters.
- To ensure compliance with the Management Committee’s rules on Covid-protection.
3.2 The CCTV system will be used to observe the Dome’s badminton courts and areas under surveillance in order to identify incidents requiring a response. Any response will be proportionate to the incident being witnessed.
3.3 The Dome seeks to operate its CCTV system in a manner that is consistent with respect for the individual’s privacy.
4. Monitoring and Recording.
4.1 Cameras are monitored in a specific room which is a secured area and where the monitor is only visible by authorised personnel.
4.2 Images are recorded centrally on servers located in the secure area and are viewable in this area by all authorised personnel. Additional personnel may be authorised by the management committee to monitor cameras sited within their own areas of responsibility on a view only basis.
4.3 The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed, and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate.
4.4 We also show images in reception which cover the entrance hall and playing hall (only) which are public areas in order to remind people of the CCTV in use and the internal coverage.
4.5 All images recorded by the CCTV System remain the property and copyright of the Dome.
5. Compliance with Data Protection Legislation
5.1 In its administration of its CCTV system, the Dome complies with the Data Protection Act 1998. Due regard is given to the data protection principles embodied in the Data Protection Act. These principles require that personal data shall be:
a) processed fairly and lawfully;
b) held only for specified purposes and not used or disclosed in any way incompatible with those purposes;
c) adequate, relevant and not excessive;
d) accurate and kept up to date;
e) be kept longer than necessary for the particular purpose;
f) processed in accordance with the rights of individuals;
g) kept secure; and
h) not be transferred outside the European Economic Area unless the recipient country ensures an adequate level of protection.
5.2 From 25 May 2018, the Dome also complies with the General Data Protection Regulation. Due regard will be given to the data protection principles contained within Article 5 of the GDPR which provide that personal data shall be:
a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed;
and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
6. Applications for disclosure of images
Applications by individual data subjects
6.1 Requests by individual data subjects for images relating to themselves “Subject Access Request” should be submitted in writing to the Dome management committee together with proof of identification.
6.2 In order to locate the images on the Dome’s system, sufficient detail must be provided by the data subject to allow the relevant images to be located and the data subject to be identified.
6.3 Where the Dome is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual.
Access to and disclosure of images to third parties
6.4 A request for images made by a third party should be made in writing to the Chair of the Dome Committee.
6.5 In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation.
6.6 Such disclosures will be made at the discretion of the Chair of the Dome Committee with reference to relevant legislation and where necessary, following advice from the Dome Management Committee.
6.7 Where a suspicion of misconduct arises and at the formal request of the Investigating Officer, the Chair of the Dome Management Committee may provide access to CCTV images for use in staff disciplinary cases.
6.8 The Chair of the Dome Management Committee may provide access to CCTV images to Investigating Officers when sought as evidence in relation to player/coach/visitor discipline cases.
6.9 A record of any disclosure made under this policy will be held on the CCTV management system, itemising the date, time, camera, requestor, authoriser, and reason for the disclosure.
7. Retention of images
7.1 Unless required for evidential purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 30 days from the date of recording. Images will be automatically overwritten after this point.
7.2 Where an image is required to be held in excess of the retention period referred to in 7.1 (above), the Chair of the MBD or their nominated deputy, will be responsible for authorising such a request.
7.3 Images held for more than their retention period will be reviewed on a three-monthly basis and any not required for evidential purposes will be deleted.
7.4 Access to retained CCTV images is restricted to the Chair of the Dome Management Committee and other persons as required and as authorised by the Chair of the Committee.
8. Complaints procedure
8.1 Complaints concerning the Dome’s use of its CCTV system or the disclosure of CCTV images should be made in writing to the Chair of the Committee.
8.2 All appeals against the decision of the Chair of the Committee should be made in writing to [email protected]
9. Monitoring Compliance
9.1 All staff involved in the operation of the Dome’s CCTV System will be made aware of this policy and will only be authorised to use the CCTV System in a way that is consistent with the purposes and procedures contained therein.
9.2 All staff with responsibility for accessing, recording, disclosing, or otherwise processing CCTV images will be required to undertake data protection training.
10. Policy review
10.1 The Dome’s usage of CCTV and the content of this policy shall be reviewed annually by the Management Committee with reference to the relevant legislation or guidance in effect at the time. Further reviews will take place as required.
