Company CCTV Policy 

1. INTRODUCTION
   • The Company uses CCTV for the purposes of the prevention and detection of crime and to recognise and identify individuals with a view to taking appropriate action where necessary.
   • This document sets out the accepted use and management of CCTV equipment and images to ensure that the Company complies with the Data Protection Act 2018 and other relevant legislation. We process personal data in line with our Data Protection Policy.
   • The Company will also be cognisant of the Guiding Principles of the Surveillance Camera Code of Practice as published by the Home Office and updated in 2021.
   • This policy and procedure applies to all St David Group Company sites with CCTV including, but not limited to:
     • St David Project Omega Ltd
     • The Old Lyric Hall Ltd

2. OBJECTIVES
   • The purpose of this policy is to establish what CCTV is in operation and how it will be used and managed.
   • CCTV has been installed to:
     • assist the prevention and detection of crime.
     • assist with the identification, apprehension and prosecution of offenders, and the identification of actions that might result in disciplinary action.

3. OPERATION
   • Management of the system
     • The CCTV operating system is administered and managed by the Company in accordance with the principles and objectives expressed in this policy document.
     • The use of CCTV is proportionate and conducted in the public interest, as aligned with the Surveillance Camera Code of Practice.
     • The day-to-day management is the responsibility of the Company during the working week and outside normal hours and at weekends.
     • The CCTV system is operational 24 hours a day, 365 days of the year.
     • Warning signs, as required by the Code of Practice of the Information Commissioner, are placed at all access routes to areas covered by the Company’s CCTV cameras. These signs are visible and legible, per the Information Commissioner’s Office (ICO) guidance on signage.
   • System control – Monitoring procedures
     • On a regular basis the Company will check and confirm the efficiency of the system, ensuring that:
     • the cameras are functional
     • the equipment is properly recording
     • Access to the CCTV System is strictly limited to specific authorised persons. Unauthorised persons are not permitted to view live or pre-recorded footage.
     • Unless an immediate response to events is required, cameras must not be re-directed at an individual, their property or a specific group of individuals, without an authorisation being obtained from the Company, and filming must be compliant with Article 8 right to respect for private and family life as detailed in Article 8 of the European Convention on Human Rights (ECHR).
     • Materials or knowledge secured as a result of CCTV will not be used for any commercial purpose.
     • Recording is carried out on digital data apparatus.
   • Exemptions
     • The CCTV system is designed to ensure maximum effectiveness and efficiency, but it is not possible to guarantee that the system will cover or detect every single incident taking place in the areas of coverage.
   • Retention and disposal of data
     • Data will be disposed of by a secure method of digital data wiping.
     • Data is stored securely for up to 30 days, as recommended by ICO guidelines and GDPR principles and to allow for any official investigations to take place.
     • Footage will only be provided if requested by in writing by external agencies in the process of detecting crime and in the prosecution of offenders.

4. DIGITAL RECORDING PROCEDURES
   4.1 Rules for storage of data
        4.1.1 Each Camera securely stores data with access restricted to authorised staff.
        4.1.2 If requested by the police CCTV will be downloaded and provided to the Officer requesting it following an official written request.
   4.2 Dealing with official requests: use of CCTV in relation to criminal or internal investigations
        4.2.1 The Company will ensure that data is shared only with parties that can demonstrate legal authority and a legitimate purpose, as recommended by the ICO and following an official written request.
        4.2.2 CCTV recorded images may be viewed by the Police and other law enforcement agencies for the prevention, investigation and detection of crime following an official written request.
        4.2.3 Subject access requests are free under GRDP, though a fee may be charged in certain circumstances, such as when requests are excessive or manifestly unfounded.

5. BREACHES OF THE POLICY (INCLUDING BREACHES OF SECURITY)
   5.1 Any breach of the Policy authorised staff will be initially investigated by the Company, in order to initiate the appropriate disciplinary action.

6. ASSESSMENT OF THE SCHEME
   6.1 Performance monitoring, including random operating checks, may be carried out by an authorised member of staff of the Company. 
   6.2 A formal review of this policy will take place every 5 years by the Data Protection Officer or sooner if there is a policy need or legislative change.
   6.3 A formal Data Protection Impact Assessment (DPIA) will be conducted by the Data Protection Officer, as required under GDPR principles for CCTV.

7. STAFF TRAINING
   7.1 The Company will ensure that all employees handling CCTV images or recordings are trained in the operation and administration of the CCTV system and on the impact of the laws regulating data protection and privacy with regard to that system.
   
   
   
8. COMPLAINTS
   8.1 Any complaints about the CCTV system should be addressed to:

          Data Protection Officer
          St David Group
          Refuge House,
          33-37 Watergate Row South,
          Chester,
          CH1 2LE

9. SUBJECT ACCESS REQUEST
   9.1 The Data Protection Act provides Data Subjects (individuals to whom “personal data” relate) with a right to access data held about themselves, including that obtained by CCTV.
   9.2 A Subject Access Request should be made in writing to the Company. A response will be provided within one month of receipt of the request, in line with GDPR principles. SARs are free unless they are found to be unfounded or excessive, in which case a small fee may be charged to cover administrative costs.  For more information, please contact the Data Protection Officer.

For further information, please contact:

Data Protection Officer
St David Group
Refuge House,
33-37 Watergate Row South,
Chester,
CH1 2LE

APPENDIX A

CAMERA LOCATIONS AND IDENTIFICATION DETAILS