CCTV Policy

Welcome to the Poundstretcher CCTV Policy. We are committed to respecting and protecting your data and privacy. This CCTV policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

It is important that you read this CCTV Policy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data so that you are fully aware of how and why we are using your data.

1. Policy Statement

1.1

We believe that CCTV and other surveillance systems, such as facial recognition, have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems are personal data or special category data, which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff and visitors, relating to their data, are recognised and respected.

1.2

This policy is intended to assist staff in complying with their own legal obligations when working with personal data or special category data. In certain circumstances, misuse of information generated by CCTV or other surveillance systems could constitute a criminal offence.

2. Definitions

For the purposes of this policy, the following terms have the following meanings:

CCTV: means fixed and domed cameras designed to capture and record images of individuals and property.

Data: is information which is stored electronically, or in certain paper-based filing systems. In respect of CCTV, this generally means video images. It may also include static pictures such as printed screen shots.

Data Protection Laws means the UK GDPR, the Data Protection Act 2018 and any relevant ICO guidance.

Data Subjects: means all living individuals about whom we hold personal information as a result of the operation of our CCTV (or other surveillance systems).

Personal Data: means data relating to a living individual who can be identified from that data (or other data in our possession). This will include video images of identifiable individuals.

Data Controllers: are the people who, or organisations which, determine the manner in which any personal data is processed. They are responsible for establishing practices and policies to ensure compliance with the law.

Data Users: are those of our colleagues whose work involves processing personal data. This will include those whose duties are to operate CCTV cameras and other surveillance systems to record, monitor, store, retrieve and delete images. Data users must protect the data they handle in accordance with this policy, our Data Protection Policy and Retention Policy.

Data Processors: are any person or organisation that is not a data user (or other employee of a data controller) that processes data on our behalf and in accordance with our instructions (for example, a supplier which handles data on our behalf).

Processing: is any activity which involves the use of data. It includes obtaining, recording or holding data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing or destroying it. Processing also includes transferring personal data to third parties.

Surveillance Systems: means any devices or systems designed to monitor or record images of individuals or information relating to individuals. The term includes CCTV systems, facial recognition as well as any technology that may be introduced in the future such as automatic number plate recognition (ANPR), body worn cameras, unmanned aerial systems and any other systems that capture information of identifiable individuals or information relating to identifiable individuals.

3. About This Policy

3.1

We currently use CCTV cameras in all of our stores and facial recognition in some of our stores to view and record individuals on and around our premises. This policy outlines why and how we use Surveillance system and how we will process data recorded by CCTV or facial recognition cameras to ensure we are compliant with Data Protection Laws.

3.2

3.3

This policy covers all visiting members of the public including contractors and colleagues working in or visiting stores.

3.4

This policy is non-contractual and does not form parts of the terms and conditions of any contract with you, such as for the sale of goods. We may amend this policy at any time without consultation. The policy will be regularly reviewed to ensure that it meets Data Protection Laws.

4. Personnel Responsible

4.1

The board of directors has overall responsibility for ensuring compliance with Data Protection Laws and the effective operation of this policy. This policy covers all visiting members of the public, including contractors and colleagues and colleagues working in or visiting stores.

4.2

Responsibility for keeping this policy up to date has been delegated to the Legal Team.

5. Reasons for the Use of CCTV and Facial Recognition Software

5.1

We currently use CCTV in &/or around our stores as outlined below. We believe that such use is necessary for legitimate business purposes, including:

(a) to prevent and detect crime and protect buildings and assets from damage, disruption, vandalism and other crime;

(b) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;

(d) to assist in day-to-day management, including ensuring the health and safety of staff and others;

This list is not exhaustive, and other purposes may be or become relevant.

6. Monitoring

6.1

CCTV monitors the exterior of the building and the main entrance and secondary exits as well as the car parks and this data is continuously recorded. Facial recognition cameras are limited to the main entrance of our stores.

6.2

As far as practically possible, CCTV cameras will not focus on private homes, gardens or other areas of private property.

6.3

Images are monitored by authorised personnel 24 hours a day, every day of the year.

6.4

Staff using surveillance systems will be given appropriate training to ensure they understand and observe Data Protection Laws related to the processing of relevant data.

7. How We Will Operate Any CCTV

7.1

Where surveillance systems are placed in stores, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and who to contact for further information, where these things are not obvious to those being monitored.

7.2

We will ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data. Recorded images will only be viewed in designated, secure offices.

8. Use of Data Gathered By CCTV

8.1

In order to ensure that the rights of individuals recorded by the surveillance systems are protected, we will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security.

8.2

We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.

9. Retention and Erasure of Data Gathered By CCTV

9.1

Data from Surveillance systems will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Exactly how long images will be retained for will vary according to the purpose for which they are being recorded. For example, where images are being recorded for crime prevention purposes, data will be kept long enough only for incidents to come to light. In all other cases, recorded images will be kept for no longer than one month.

9.2

At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.

10. Use of Additional Surveillance Systems

10.1

Prior to introducing any new surveillance system, we will carefully consider if they are appropriate by carrying out a privacy impact assessment (PIA).

10.2

A PIA is intended to assist us in deciding whether new surveillance cameras are necessary and proportionate in the circumstances and whether they should be used at all or whether any limitations should be placed on their use.

10.3

Any PIA will consider the nature of the problem that we are seeking to address at that time and whether the surveillance camera is likely to be an effective solution, or whether a better solution exists. In particular, we will consider the effect a surveillance camera will have on individuals and therefore whether its use is a proportionate response to the problem identified.

10.4

No surveillance systems will be placed in areas where is an expectation of privacy (i.e. changing rooms) unless, in very exceptional circumstances, it is judged by us to deal with very serious concerns.

11. Covert Monitoring

11.1

We will never engage in covert monitoring or surveillance (that is, where individuals are unaware that the monitoring or surveillance is taking place) unless, in highly exceptional circumstances, there are reasonable grounds to suspect that criminal activity or extremely serious malpractice is taking place and, after suitable consideration, we reasonably believe there is no less intrusive way to tackle the issue.

11.2

In the unlikely event that covert monitoring is considered to be justified, it will only be carried out with the express authorisation of the Head of Loss Prevention. The decision to carry out covert monitoring will be fully documented and will set out how the decision to use covert means was reached and by whom. The risk of intrusion on innocent workers will always be a primary consideration in reaching any such decision.

11.3

Only limited numbers of people will be involved in any covert monitoring.

11.4

Covert monitoring will only be carried out for a limited and reasonable period of time consistent with the objectives of making the recording and will only relate to the specific suspected illegal or unauthorised activity.

12. Ongoing Review of CCTV Use and Facial Recognition Software

12.1

We will ensure that the ongoing use of existing CCTV cameras in the workplace is reviewed periodically to ensure that their use remains necessary and appropriate, and that any Surveillance system is continuing to address the needs that justified its introduction.

13. Requests for Disclosure

13.1

We may share data with other retailers, regulatory bodied such as the ICO, trading standards and the Police, group companies and other associated companies or organisations, for example shared services partners where we consider that this is reasonably necessary for any of the legitimate purposes set out above in paragraph 5.1.

13.2

No images from our CCTV cameras will be disclosed to any other third party, without express permission being given by Head of Loss Prevention. Data will not normally be released unless satisfactory evidence that it is required for the investigation or detection of crimes or for any legal proceedings or a court order has been produced.

13.3

In other appropriate circumstances, we may allow law enforcement agencies to view or remove images from surveillance systems where this is required in the detection or prosecution of crime.

13.4

We will maintain a record of all disclosures of Surveillance systems.

13.5

No images from surveillance systems will ever be posted online or disclosed to the media.

14. Subject Access Requests

14.1

Data subjects may make a request for disclosure of their personal information and this may include images from Surveillance systems (data subject access request). A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing.

14.2

In order for us to locate relevant footage, any requests for copies of recorded images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.

14.3

We reserve the right to obscure images of third parties when disclosing such data as part of a subject access request, where we consider it necessary to do so.

15. Complaints

15.1

If any member of staff has questions about this policy or any concerns about our use of Surveillance systems then they should contact customer services on customer.service@poundstretcher.co.uk

15.2

Where this is not appropriate or matters cannot be resolved informally, members of the public can complain to the ICO on 0303 123 1113.

16. Requests to Prevent Processing

16.1

We recognise that, in rare circumstances, individuals may have a legal right to object to processing and in certain circumstances to prevent automated decision making. If you wish to object, update your data, correct any errors, then please contact the customer services team on customer.service@poundstretcher.co.uk.

16.2

Furthermore, if you would like information about our legitimate interests, then please contact us.