Introduction
The Geological Society is committed to ensuring the safety and security of its employees, Fellows, visitors and property. The use of Closed Circuit Television (CCTV) systems is an integral part of this commitment. This policy outlines the appropriate and lawful use of CCTV within our premises, in compliance with relevant UK legislation and guidance.
Purpose of CCTV
CCTV is installed on our premises for the following purposes:
- To enhance the security of employees, Fellows, visitors and property.
- To deter and detect criminal activity or other misconduct.
- To assist in the investigation of incidents, accidents or breaches of company policies.
- To ensure compliance with health and safety procedures.
The lawful basis under which CCTV data is processed is Article 6 ("Legitimate Interests) of the UK General Data Protection Regulation (GDPR).
CCTV is not used for monitoring employee performance or conduct, except where this directly relates to the purposes stated above.
Location of cameras
CCTV cameras are strategically positioned in areas where there is a legitimate need for security surveillance. These locations include, but are not limited to, building entrances and exits and key internal locations. Cameras are not installed in private areas such as toilets, changing rooms or break rooms.
Signage is in place at the main reception and side entrance to inform people entering the building of the presence of CCTV.
Data protection
All CCTV footage is classified as personal data under the UK GDPR and the Data Protection Act (DPA) 2018.
The following principles will be adhered to in managing CCTV data:
- Lawfulness, fairness and transparency - The collection and processing of CCTV data will be carried out in a lawful, fair and transparent manner.
- Purpose limitation - CCTV data will only be used for the purposes specified in this policy.
- Data minimisation - Only the data necessary for the specified purposes will be collected and retained.
- Storage limitation - CCTV footage will be retained for a maximum of 30 days unless required for an ongoing investigation or legal proceedings, after which it will be securely deleted.
- Integrity and confidentiality - CCTV data will be stored securely to prevent unauthorised access, alteration or disclosure.
Access to recorded CCTV footage
Access to recorded CCTV footage is strictly controlled and limited to authorised personnel only. Access may be granted to the following:
- Senior Leadership Team
- Head of Facilities
- Head of IT
- Law enforcement agencies where required by law
Employees or other individuals may request access to CCTV footage in which they appear by submitting a Subject Access Request to the Data Protection Officer. Requests will be processed in accordance with the GDPR and DPA.
Disclosure of recorded CCTV footage
Recorded CCTV footage will only be disclosed to third parties, such as law enforcement agencies, where there is a legal obligation or a legitimate interest to do so. Any disclosure will be documented, specifying the purpose and recipient of the footage.
Monitoring and review
The CCTV system is monitored on an ongoing basis to ensure it operates effectively and meets the purposes outlined in this policy.
This policy will be reviewed annually or in response to significant changes in legislation or organisational procedures.
Complaints and concerns
Any complaints or concerns regarding the use of CCTV should be directed to the Geological Society's DPO. Complaints will be investigated in accordance with the Geological Society's grievance procedures and the relevant legal framework.
Responsibilities
DPO: Responsible for overseeing compliance with this policy and relevant data protection legislation.
Head of Facilities and Head of IT: Responsible for the daily operation and monitoring of the CCTV system.
Employees: Required to comply with this policy and report any breaches or concerns to the DPO.
This policy is made available to all employees, visitors and any other stakeholders upon request.
Contact
Any individual wanting to request access to CCTV footage in which they appear must submit a Subject Access Request to the Data Protection Officer by emailing [email protected]
Review
This policy will be renewed annually.
Page last updated: November 2024