CCTV Policy

Information contained in this policy covers all employees, visitors, contractors, and others who may visit the premises.

CCTV has a legitimate part to play in helping to maintain a safe and secure environment for all. The company recognises that this may raise concerns about the effect on individuals and their privacy. This policy describes how the business will manage images, and the data recorded.

The business is committed to compliance with legal obligations under the data protection act (GDPR) and recognises that information held is subject to data protection legislation.

CCTV coverage across the business is in place for the following reasons:

• Crime prevention, to protect buildings and assets from damage, disruption, vandalism, or other crime.
• Personal safety of staff, visitors, and other members of the public and as a deterrent against crime.
• To assist in the day-to-day management, including ensuring the health and safety of staff and others.
• To enhance security of product through the manufacturing process and aid any investigation because of complaints.
• To support any investigation because of any injuries, incidents on our sites
• To assist in the effective resolution of disputes which arise during any disciplinary or grievance proceedings.

This list is not exhaustive and other purposes to review recorded images may become relevant.

Monitoring / camera locations and operation of CCTV

CCTV monitoring across Clitheroe and Speke cover the exterior of the buildings and the entrances and exits, and internal manufacturing areas.

Cameras are located with consideration to minimize viewing of spaces not relevant to the legitimate purposes of the monitoring. CCTV cameras do not focus on any private homes, gardens or other areas of private property.

No surveillance cameras are positioned in areas where there is an expectation of privacy, for example changing rooms.

Live feeds from cameras and recorded images will only be viewed by appropriate members of staff whose role requires them to have access to such data, such as the Mill controllers, HR, EHS and Line Managers. Under no circumstances must images be recorded using personal devices.

Where any images are viewed and / or saved to support any reason, this will be summarised on a CCTV log which will be retained locally by each site.

To ensure the rights of individuals recorded by the CCTV system are protected, any retained images will be stored in a way that maintains its integrity and security.

Data recorded by the CCTV system is stored for periods as defined by the installation system.

Signage is installed to inform of CCTV in operation.

Covert monitoring

The business will never engage in covert monitoring or surveillance (where individuals are unaware that this is taking place) unless in highly exceptional circumstances there are reasonable grounds to suspect that criminal activity or extremely serious malpractice is taking place and after careful consideration, there is no less intrusive way to tackle the issue. In the event of covert monitoring being considered as justified, it will only be carried out with the express authorisation of the Managing Director and HR Manager who will ensure that the decision making has been correctly documented and the risk on innocent workers is considered. Any such data to be handled and managed in accordance with GDPR.

Requests for disclosure

The business may share data with other companies or organisations where consideration has been given to the reasons as outlined earlier in this policy.

Data will not be released to a third party without express permission being given by the Managing Director and HR Manager, where satisfactory evidence that is required for legitimate purposes is produced.

The business may also allow law enforcement agencies to view of remove CCTV footage where this is required in the detection or prosecution of crime.

A record of all disclosures of CCTV footage will be maintained by the HR Manager.

No images from CCTV will be posted online or disclosed to the media.

Subject access requests

Data subjects (Employees, visitors etc who may be captured by CCTV) may make a request for disclosure of CCTV images. Any such request must be made in writing stating the following:

The reason for the request

The date, time, and location where the footage was captured.

Each request will be dealt with on a case-by-case basis, and any images released will be subject to GDPR and will consider any other individuals who may also be captured prior to being released.

Complaints

If anyone has any queries or concerns about the use of CCTV, they should speak in the first instance to their Line Manager.

If this is not appropriate or matters cannot be resolved informally, the formal grievance procedure should be used.

Authorised persons to review recorded images.

Directors, Senior Managers, Quality & Compliance Manager. (Anyone who may be covering for a more senior role during holiday periods etc)

Request to view recorded images, should be made via the IT Manager, who will manage access and log in permissions. There must be a legitimate business reason for viewing recorded images, as detailed earlier.

Images viewed and or retained must be recorded on document SHE.008 which is stored in the CCTV folder in the S drive, access to which is restricted to authorised persons.

Associated documents: EHS.008 CCTV Access to recorded image’s view and retention log