HatHats Coffee Company CCTV Policy
The HatHats Coffee Company and its subsidiary companies operate a CCTV surveillance system (“the system”) throughout its head office and trading estate, with Images being monitored and recorded centrally. The system is owned, managed and operated by HatHats Coffee Company Limited.
The responsible manager is the companies Operations Director.
Images obtained from the system which include recognisable individuals constitute personal data and are covered by the Data Protection Act. This Policy should therefore be read in conjunction with the HatHats Coffee’s Data Protection Code of Practice.
The Directors of HaatHats Coffee Company Limited are the registered data controllers under the terms of the Act. The Data Protection Officer for HatHats Coffee Company is a company Director who is responsible for ensuring compliance with the Act.
This policy has been drawn up in accordance with the advisory guidance contained within the Information Commissioner’s CCTV Code of Practice and the Home Office Surveillance Camera Code of Practice.
HatHats Coffee Company’s registered purpose for processing personal data through use of the system is crime prevention and/or staff monitoring. This is further defined as:
CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.
The operators of the system recognise the effect of such systems on the individual and the right to privacy.
Full details of the companies data protection registration are available on the Information Commissioner’s Office website.
The system is intended to produce images as clear as possible and appropriate for the purposes stated. The system is operated to provide when required, information and images of evidential value.
Cameras are located at strategic points throughout the companies estate, principally at the perimeters, entrance and exit points of buildings and public and non-public work and seating spaces.
Signage is prominently placed at strategic points on the estate to inform staff, visitors and members of the public that a CCTV installation is in use and includes contact details for further information.
Images captured by the system are recorded continuously and may be monitored remotely via secure Data connections. Images displayed on live monitors are to assist staff with security and aide the smooth running of our outlets and operations.
All staff working with data recorded are made aware of the sensitivity of handling CCTV images and recordings. The Director responsible for the system will ensure that authorised staff are fully briefed and trained in all aspects of the operational and administrative functions of the system.
Detailed procedures for the management of the system are included in the overall Outelet Standard Operating Procedures “SOPs”.
- Information retention
No more images and information shall be stored than is required for the stated purpose. Images will be deleted once their purpose has been discharged. Information used as a reference database for matching purposes will be accurate and kept up to date.
All access to recorded images is recorded on a monitored daily log. Access to images is restricted to those who need to have access in accordance with this policy, the SOPs and any governing legislation.
Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with the Data Protection Act.
Anyone who believes that they have been filmed by the system can request a copy of the recording, subject to any restrictions covered by the Data Protection Act (“Subject access request”). Data subjects also have the right to request that inaccurate data be corrected or erased and to seek redress for any damage caused. Procedures are in place to ensure all such access requests are dealt with effectively and within the law. Access requests should be addressed to firstname.lastname@example.org or by letter to:
The Data Protection Officer, HatHats Coffee Company, 67 John Wilson Business Park, Whitstable, Kent, CT5 3QT
- Covert recording
Covert cameras may be used only in very limited circumstances. This requires the written authorisation of the Chief Executive Officer or another Director and, where this may involve members of staff, the Head of People and Culture.
Covert surveillance may be carried out in cases of suspected specific criminal activity only where the objective of making the recording would be seriously prejudiced should the individual(s) concerned be informed of such surveillance.
Any authorisation to use covert surveillance must include a justification of the need to use such methods to obtain evidence of suspected criminal activity in a specific case; an assessment of alternative methods of obtaining such evidence and a statement of how long the covert monitoring should take place. The authorisation must be reviewed every 28 days and consider whether that should continue or be closed. Any decision to use covert surveillance for any reason must be fully documented and records of such decision retained securely.
Members of the public should address any concerns or complaints over use of the businesses CCTV system to email@example.com or by telephone to the companies Head Office on 01227 282 902. HatHats Coffee staff should address any enquiries or concerns relating to the system to their line manager in the first instance.
- Annual review
This policy was approved by the board of Directors on 1st October 2018. It will be reviewed annually by the Head Of People and Culture to ensure that the purpose still applies and every five years by the Board Of Directors.
This Policy document rests with Business Operations