The Kilmurry Lodge Hotel CCTV Policy

Policy Statement

Closed Circuit Television on Kilmurry Lodge Hotel premises are regulated in accordance with the Data Protection Acts 1988/2003 and in line with the European Union framework known as GDPR

 

Policy Purpose

The purpose of this policy is to outline the safeguards in place in regard to the operation of and access to the CCTV systems, and the resultant images. The system is in place with the primary purpose of reducing the threat of crime generally, protecting Kilmurry Lodge Hotel premises and helping to ensure the safety of all Kilmurry Lodge Hotel staff and customers with respect to the individuals privacy. Theses purposes will be achieved by monitoring the system to:

  • Deter those having criminal intent
  • Assist in the prevention and detection of crime
  • Facilitate the identification, apprehension and prosecution of offenders in relation to crime and public order
  • Facilitate the identification of any activities / events which might warrant disciplinary proceedings being taken against staff or to assist in providing evidence to managers and/or to a member of staff who disciplinary or other action is, or is threatened to be taken
  • Facilitate the movement of vehicles on site
  • In the case of security or operations staff to provide management information relating to employee compliance with contracts of employment

The system will not be used:

  • To provide recorded image for the world-wide-web
  • To record sound
  • For any automated decision taking

Policy Scope

This policy applies to al

Legislation

The policy is governed by the Data Protection Acts 1988/2003

Data Protection Principles established by Kilmurry Lodge Hotel

  • Obtain and process data fairly
  • Only keep personal data for one or more specified, explicit and lawful purpose
  • Process personal data only in ways compatible with the original purpose
  • Keep personal data safe and secure
  • Keep personal data accurate, complete and up to date
  • Ensure that personal data is adequate, relevant and not excessive
  • Retain personal data no longer than is necessary for the specified purpose
  • Provide a copy of his/her personal data to any individual, on request

Purpose Limitation

The CCTV system is not used for any other purpose than that outlined by the purpose policy; for example, it is not used to monitor the work of employees or to monitor attendance.

The Security Control Room

Images captured by the system will be monitored and recorded in the Security Control Room, ‘’the comms’’ room, 24 hours a day throughout the whole year. Monitors are not visible from outside the control room.

No unauthorized access to the Control Room will be permitted at any time. Access will b strictly limited to duty managers, duty controllers, authorised members of senior management, an garda siochana and any other person of statutory powers of entry. A list of those members of senior management authorized to access the Control Room is given at Appendix 2.

Customers, guests and staff may be granted access to the Control Room on a case-by-case basis and only then on written authorisation from the Operation Manager. In an emergency and where it is not reasonably practicable to secure prior authorisation, access may be granted to persons with a legitimate reason to enter the Control Room

Before allowing access to the Control Room, staff will satisfy themselves of the identity of any visitor and that the visitor has appropriate authorisation. All visitors will be required to complete and sign the visitors’ log which shall include details of their name, their department or organisation they represent, the person who granted authorisation and the times of entry to an exit from the centre

 

Roles & Responsibilities

The CCTV system of Kilmurry Lodge Hotel’s premises are maintained by G.E. Services and uses the Hik-Connect software

The operations manager has overall responsibility for overseeing the Control Room. Images of identifiable living individuals are subject to the provisions of the Data Protection Act 1998; the operations manager is responsible for ensuring day to day compliance with the Act. All recordings will be handled in strict accordance with this policy and the procedures set out in the procedure manual.

Details of the administrative procedures which apply to the Control Room will be set-out in the procedures manual, a copy of which is available for inspection by prior arrangement, stating the reasons for request

Staff

All staff working in the Kilmurry Lodge Hotel and who have access to the Control Room will be made aware of handling CCTV images and recordings. The operations manager will ensure the all staff are fully briefed and trained in respect of the functions, operational and administrative, arising from the use of CCTV

Training in the requirements of the Data Protection Act 1998/2003 will be given to all those required to work in the Control Room by the dedicated data protection officer

Recording

The CCTV system is a conventional static system. It records digital images and is equipped with motion detection. It records any movement detected by the cameras in the area under surveillance, together with time, date and location.

All cameras operate 24 hours a day and 7 time a week.

The image quality in most cases allows identification of those in the cameras area of coverage

The cameras are all fixed (there are no pan-tilt-and-zoom cameras), and this they cannot be used by operators to zoom in on a target or follow individuals around

Kilmurry Lodge Hotel does not use high-tech or intelligent video-surveillance technology, does not interconnect our system with other systems, and does not use covert surveillance, sound recording, or talking CCTV

Images will normally be retained for 30 days from the date of recording, and then automatically over written and the log updated accordingly

All hard drives and recorders shall remain the property of Kilmurry Lodge Hotel until disposal and destruction

Access to Images

All access to images will be recorded in the Access Log as specified in the procedures manual

Access to images will be restricted to those staff who need access in accordance with the purposes of the system. A list of such staff is given at Appendix 2

Access to images by third parties; Disclosure of recorded material will only be made to third parties in strict accordance with the purposes of the system and is limited to the following authorities:

  • Law enforcement agencies where images recorded would assist in a criminal enquiry and/or the prevention of terrorism and disorder
  • Prosecution agencies
  • Relevant legal representatives
  • The media where the assistance of the general public is required in the identification of a victim of crime or the identification of a perpetrator of a crime
  • People whose images have been recorded and retained unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings
  • Emergency services in connection with the investigation of an accident

Access to images by a subject; CCTV digital images, if they show a recognisable person, are personal data and are covered by the Data Protection Act. Anyone who believes that they have been filmed by CCTV is entitled to ask for a copy of the data, subject to exemptions contained in the Act. They do not have the right to instant access.

A person whose image has been recorded and retained and who wishes access to the data must apply in writing to the Operations Manager or acting Data Protection Officer. Subject access request forms are obtainable from reception.

The Operations Manager or acting Data Protection Officer will then arrange for a copy of the data to be made and given to the applicant. The applicant must not ask another member of staff to show them the data or ask anyone else for a copy of the data. All communications must go through the Operations Manager or acting Data Protection Officer. A response will be provided promptly and in any event within 30 days of receiving the request to do so. If the data subject wishes to view the images on site, as opposed to a copy being sent, the viewing should take place in a closed office with only the relevant individuals present

The Data Protection Act gives the Operations Manager or acting Data Protection Officer the right to refuse a request for a copy of the data particularly where such access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders.

All such requests will be referred to the Operations Manager or acting Data Protection Officer

If it is decided that a data subject access request is to be refused, the reasons will be fully documented and the data subject informed in writing, stating the reasons. Requests will not be complied with where there are insufficient details supplied relating to the date and time of the recording. Correspondence is to be sent to the requester advising them of this.

If it is not possible to disguise the images, an external company may be contracted to facilitate this. This will need to be recorded

Retaining Information and Processing Images

It is important that images are not retained any longer than is considered necessary for the purposes for which they were processed. Therefore, unless the images are required for evidential purposes in legal proceedings, they will not be retained beyond 30 days.

In order to protect the security of the CCTV system, a number of technical and organisational measures have been put in place, including:

  • Administrative measures include the obligation of all outsourced personnel having access to the system (including those maintaining the equipment and the systems) being individually security cleared
  • All staff, including outside contractors must sign non-disclosure and confidentiality agreements
  • Access rights to users are granted only to those where it is strictly necessary for them to carry out their work

Request to prevent processing; An individual has the right to request a prevention of processing where this is likely to cause substantial and unwarranted damage or distress for that or another individual

All such requests should be addressed in the first instance the Operations Manager or acting data protection officer, who will provide a written response within 30 days of receiving the request setting out their decision on the request. A copy of the request and the response will be retained

Signage

It is essential that legible CCTV Recording in Use signs are displayed in a prominent place where they will be clearly seen by staff, people supported by Kilmurry Lodge Hotel, and the public.

The Signs should contain the following information:

  • Identify Kilmurry Lodge Hotel as responsible for the surveillance
  • Purpose of surveillance
  • Contact details

Access Requests from An Garda Siochana

In line with Section 8 of the Data Protection Acts 1988/2003, An Garda Siochana are entitled to view personal information about individuals, if its is for the following purposes:

  • For the prevention or detection of crime
  • For the apprehension or prosecution of offenders
  • When it is required urgently to prevent injury or other damage to the health of a person, or serious loss or damage to property
  • When it is required by, or under any enactment, or by rule of law or order of a court

Requests must be made on the official Garda Data Protection Form

Compliance Monitoring

The contact point for members of the public wishing to enquire about the system will be the Operations Manager or the acting data protection officer. They can be contacted at

Kilmurry Lodge Hotel

Dublin Road,

Castletroy,

Limerick

V94 WTC9

 

Or info@kilmurrylodge.com

 

Upon request enquiries will be provided with:

  • A summary of this statement policy
  • A subject access request form if required or requested

 

All documented procedures will be kept under review and a report periodically made. The effectiveness of the system in meeting its purposes will be kept under the review of management and the proprietors.

Appendix 1

Authorised access to the Control Room or ‘Comms Room’

  • Proprietors
  • Operations Manager or acting data protection officer
  • Duty Managers
  • CCTV support & maintenance personal
  • IT Support

Appendix 2

Those authorised access to the recordings in order to achieve the purpose of the system

  • Proprietors
  • Operations Manager or acting data protection officer
  • Duty Managers
  • CCTV support & maintenance personal
  • IT Support
  • Staff in connection with disciplinary matters which directly concern them
  • Customers or guests from the general public should the Operation Manager or acting Data protection officer deem it appropriate to do so (subject to the person’s written request and consent)