CCTV Data Protection Policy.

1.0 Introduction 

Closed Circuit Television (CCTV) is used and operated by Augustine Investments Limited for a number of purposes. This use may involve the recording of personal data of individuals including their recognisable images. Augustine Investments Limited is obliged to protect such data in accordance with provisions contained in the General Data Protection Regulation (GDPR) which came into effect on 25th May 2018 and the Data Protection Act 2018.

2.0 Purpose of Policy

Augustine Investments Limited has developed a general policy and procedure to protect personal data. Provisions contained in this policy apply to the operation by Augustine Investments Limited of CCTV systems. The purpose of this policy is to outline specific provisions to assist Augustine Investments Limited to fulfil its data protection obligations regarding the operation of CCTV systems including, but not limited to, arrangements relating to the location, control and security of CCTV systems, recording by CCTV systems and access to their recordings. 

3.0 Definitions

For the purposes of this policy document the following definitions apply:

• Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Memberi State law.
• Data Subject: is an individual who is the subject of personal data.
• Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of Augustine Investments Limited.

4.0 Scope

The scope of this policy document applies to all:

• Augustine Investments Limited uses of CCTV that involve the recording of personal data. 
• Augustine Investments Limited tenants and employees.  
• CCTV service providers contracted by Augustine Investments Limited.

5.0 Purpose of CCTV

5.1  CCTV is used by Augustine Investments Limited for the following purposes:

• Safeguarding of persons and property located on Augustine Investments Limited premises and its environs. 
• Exercising its law enforcement powers e.g. the prevention, investigation and prosecution of offences under litter and waste management legislation.
• Securing public order and safety in public places by facilitating the deterrence, prevention, detection and prosecution of offences and anti-social behaviour e.g.community-based CCTV schemes.
• Supporting An Garda Síochána to deter, prevent, detect and prosecute crime.

5.2   Data obtained through the use of CCTV systems shall be limited and proportionate to the purposes for which it was obtained.

5.3. CCTV will not be used by Augustine Investments Limited for any other purposes other than those outlined in this policy document.

6.0 CCTV Locations:

• Entrance of the building.
• Right-side wing of the building.
• Back of the building.
• Ground lobby floor of the building.
• Stairwell leading to the first floor of the building.
• Basement ground floor.
• Basement emergency fire escape.

6.1  CCTV will be deployed, as appropriate, either permanently or from time to time, at various locations within the functional area of Augustine Investments Limited for any of the purposes outlined in this policy document. These locations may include the following: 

• Augustine Investments Limited premises and property. 
• Properties containing Augustine Investments Limited electronics and equipment.
• Public areas.

6.2  CCTV will not be deployed where persons have a reasonable expectation of privacy. This would include:

• Toilet area
• Staff Kitchen
• General Office Space

6.3  Cameras shall be positioned in such a way as to prevent or minimise recordings of persons or property other than those that are intended to be covered by the CCTV system.

7.0 CCTV Signage 

7.1  Overt CCTV surveillance requires signage, that is clearly visible and legible, to be placed so that persons are aware that they are entering an area that is covered by a CCTV system.

7.2   If the identity of the Controller (i.e. Augustine Investments Limited) and the usual purpose for processing (i.e. security) is obvious the following is all that is required to be placed on the signage: 

• Notice that CCTV is in operation.
• Details of who to contact regarding the CCTV system.

7.3  If the purpose for processing is not obvious the following is required to be placed on the signage:

• Notice that CCTV is in operation.
• Name of the organisation responsible for the CCTV system.
• Details of who to contact regarding the CCTV system.

7.4  Appropriate locations for signage include:

• Entrances to premises and property.
• Lobby and basement area.
• Emergency Exit area

8.0 Covert CCTV Surveillance 

8.1  The use of CCTV to obtain data without an individual’s knowledge is generally unlawful.

8.2 Covert CCTV surveillance is normally only permitted on a case-by-case basis where the data is necessary for the purposes of preventing, detecting or investigating offences or apprehending or prosecuting criminal offenders.

8.3 The use of covert CCTV surveillance will normally require the involvement of a law enforcement authority - An Garda Síochána.

8.4 Covert CCTV surveillance must be focussed and of short duration.

8.5 Only specific and relevant individuals/locations should be recorded.

8.6 If no evidence is obtained that is relevant to the purpose of the covert CCTV surveillance within a reasonable period, the CCTV surveillance should cease.

8.7 If the CCTV surveillance is intended to prevent crime, overt CCTV surveillance may be considered to be a more appropriate measure and less invasive of individual privacy.

9.0 Roles and Responsibilities

9.1 Augustine Investments Limited CCTV systems shall be operated and maintained by:

• Ausgustine Investments Limited authorised personnel only, to maintain the integrity and privacy of the CCTV system.
• CCTV service providers.

9.2 CCTV service providers (TEC Security) are licensed with the Private Security Authority (PSA) which is the statutory body with responsibility for licensing and regulating the private security industry in Ireland.

9.3 The Building Manager will assign responsibility for the operation of the CCTV system. This responsibility will include ensuring that the CCTV system is being operated in a manner that is consistent with this policy and data protection legislation.

9.4 Only persons authorised by the relevant Building Manager for each CCTV system may have access to the CCTV system.

9.5 The Building Manager will ensure that the assigned personnel and other persons that have authorised access to the system are appropriately trained.

10.0 Retention of CCTV Recordings 

10.1  Data recorded on CCTV systems shall be kept for no longer than is considered necessary.

10.2 Normally data recorded on CCTV systems will not be retained by Augustine Investments Limited beyond a maximum of 30 days.

10.3 Data recorded on CCTV systems may however be retained by Augustine Investments Limited beyond a maximum of 30 days in circumstances where the data is required for evidential purposes and/or legal proceedings.

11.0 Security Arrangements for CCTV 

11.1 Access to each CCTV and its recordings will be restricted to persons that have authorised access to the system.

11.2  The storage /medium used by the CCTV system is kept in a secure location.

12.0 CCTV Register

CCTV Register shall be maintained by Augustine Investments. This register shall contain, at a minimum, the following information:

• Name
• Date
• CCTV is operational

13.0  Access

Access to CCTV recordings may be provided to the following:

• Data Subjects.
• An Garda Síochána.

13.1 Access by Data Subjects

13.1.1 Data protection legislation provides data subjects with a right to access their personal data. This includes their recognisable images and other personal data captured by CCTV recordings. Access requests are required to be submitted in writing in physical or electronic format e.g. by letter or e-mail.

13.1.2 Where it is deemed necessary or appropriate Augustine Investments Limited may request the provision of additional information to confirm the identity of person submitting a data subject access request. 

13.1.3 It would not suffice for a data subject to make a general access request for a copy of CCTV recordings.  Instead, it will be necessary that data subjects specify that they are seeking to access a copy of CCTV recordings that have captured their recognisable images and/or other personal data between specified dates, at certain times and at a named location.

13.1.4  The provision of access to a data subject to CCTV recordings of his/her recognisable images and/or other personal data will normally involve providing a copy of the recording in video format. In circumstances where the recording is technically incapable of being copied, or in other exceptional circumstances, stills may be provided as alternative to video footage. Where stills are provided Augustine Investments Limited will aim to supply a still of the recording in which the data subject’s recognisable images and/or other personal data appears.

13.1.5  Where recognisable images and/or other personal data of other parties other than the data subject appear on the CCTV recordings these will be pixelated or otherwise redacted on any copies or stills provided to the data subject. Alternatively, unedited copies of the CCTV recordings may be released provided consent is obtained from those other parties whose recognisable images and/or other personal data appear on the CCTV recordings.

13.1.6  If the CCTV recording is of such poor quality as to not clearly identify recognisable images and/or other personal data relating to the data subject, then the recording will not be considered as personal data and may not be released by Augustine Investments Limited.

13.1.7    If the CCTV recording no longer exists on the date that Augustine Investments Limited receives an access request, it will not be possible to provide access to a data subject. CCTV recordings are usually deleted in accordance with provisions contained in this policy.

13.2 Access by An Garda Síochána 

13.2.1   Requests from An Garda Síochána to view footage or for copies of CCTV recordings are required to be submitted in writing on An Garda Síochána headed paper and signed by an appropriate ranking member of An Garda Síochána. The request should specify the details of the CCTV recordings required and cite the legal basis for the request being made.

13.2.2 In order to expedite a request in urgent situations, a verbal request from An Garda Síochána for copies of CCTV recordings will suffice. However, such a verbal request must be followed up

with a formal written request from An Garda Síochána.

13.3 Access by Other Third Parties 

Access by third parties such as public bodies, private organisations and individuals other than the data subject to CCTV recordings will only be provided in circumstances that are permitted by data protection legislation.

13.4 Authorised Personnel

Authorised Personnel have access to CCTV recordings for viewing and download purposes. A secure password is set to access the data. A manual register of access and a log of all downloads is kept and is audited against the system log attained from the processor showing who accessed the system and any downloads done.

14.0  Access Log

14.1 An Access Log will be maintained by the Building Manager that has responsibility for the CCTV system.

14.2 This log shall maintain a record of all requests made by the following to view/obtain copies of CCTV recordings and the outcome of such requests:

• Data Subjects
• An Garda Síochána
• Other Third Parties

15.0 Guidelines/Codes of Practice

Augustine Investments Limited shall adhere to all relevant CCTV Guidelines/Codes of Practice issued by the Data Protection Commission and/or other statutory bodies.

16.0  Complaints to the Data Protection Commission

16.1 Data subjects may make a complaint to the Data Protection Commissioner in the following circumstances:

• If they experience a delay outside of the prescribed timeframe for making a decision on an access request or if they are dissatisfied with a decision by Augustine Investments Limited on their access request.
• If they consider that Augustine Investments Limited processing of their personal data is contrary to their data protection rights. 

16.2  Contact details for the Data Protection Commission are as follows:

Phone Number:                0761 104 800 or Local 1890 252 231

E-mail:                              [email protected]

Website: 

www.dataprotection.ie

Postal Address:

Data Protection Commission

Canal House

Station Road

Portarlington

Co. Laois

R32 AP23.

17.0  Further Information

Further information on the operation of this policy document please contact below.

Phone Number:           086 8311549

E-mail:                         [email protected]

Postal Address:          Augustine Investments Limited 

The Priory, John St W,

Dublin

D08 AP63

18.0 Awareness

18.1 Augustine Investments Limited shall implement appropriate measures to makes its employees and other relevant parties aware of the content of this policy document.

18.2 All persons involved in the planning and operation of Augustine Investments Limited CCTV systems should familiarise themselves with the content of this policy document. 

19.0 Monitoring and Review - Provisions contained in this policy document shall be subject to on-going monitoring and review in accordance.

20.0 Compliance with this Policy

All employees/personnel who are responsible for implementing, managing, operating or using the CCTV system must do so only as authorised and in accordance with this Policy. Any failure to comply with this Policy may be a disciplinary offence and liable for prosecution under the Data Protection Act 2018.