CCTV Policy

CCTV Policy


At Dolphin Square, we believe that CCTV and Body Worn Cameras (“BWC”) play a legitimate role in helping to maintain a safe and secure environment for all our staff, guests, customers, and potential customers, tenants, employees of its partners and suppliers and contractors. Images recorded by CCTV and BWC are 'Personal Data' (defined below) and, as such, must be processed in accordance with data protection laws.


We are committed to complying with our legal obligations in order to appropriately handle and protect Personal Data and ensure that the legal rights of staff, guests, customers, and potential customers, tenants, employees of partners and suppliers and contractors relating to their Personal Data, are recognised and respected.


This policy is intended to enable staff, guests, customers, and potential customers, tenants, employees of its partners and suppliers and contractors to understand how Dolphin Square uses CCTV and BWC, which departments are responsible for use of these technologies, the rights individuals have in relation to information captured, who has access to images captured and how individuals can raise any queries or concerns they may have.

 

1. Definitions


For the purposes of this policy, the following terms have the following meanings:


BWC: means body-worn cameras, as worn by our security personnel, that may capture information of identifiable individuals or information relating to identifiable individuals.


CCTV: means cameras, devices or systems including fixed CCTV and any other systems that may capture information of identifiable individuals or information relating to identifiable individuals.


Image Data: means any Data in respect of CCTV and BWC, e.g. video images, static pictures, etc.


Data: means any information which is stored electronically or in paper-based filing systems.


Data Subject: means any individuals who can be identified directly or indirectly from Personal Data, including Image Data. Data Subjects include staff, guests, customers, and potential customers, tenants, employees of its partners, suppliers and contractors, and members of the public.


Data Controller: is the organisation or authority which, determines how and for what purpose the Personal Data are processed. When operating CCTV and BWC, Dolphin Square is the relevant Data Controller and is responsible for ensuring compliance with the Data Protection Laws.


CCTV and BWC Users: are our employees (or employees of any Data Processors we appoint) whose work involves operating CCTV and processing Image Data. This will include those whose duties are to operate CCTV to record, monitor, store, retrieve and delete images. CCTV and BWC Users must protect the Image Data they handle in accordance with this policy.


Service Provider: is any organisation that is not a CCTV and BWC User (or other employee of a Data Controller) that processes Image Data or Personal Data on our behalf and in accordance with our instructions.


Data Protection Laws: means General Data Protection Regulation (EU) 2016/679, as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019;


Personal Data: is any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;


Processing: is any activity which involves the use of Image Data, whether or not by automated means. It includes collecting, obtaining, recording or holding Image Data, or carrying out any operation or set of operations on the Image Data including organising, structuring, amending, retrieving, using, disclosing or erasing or destroying it. Processing also includes transferring Image Data to third parties.


Site: means the Dolphin Square premises at Dolphin Square, Chichester Street, London, SW1V 3LX.

 

2. About this policy


2.1: This policy sets out why we use CCTV, how we will use CCTV and how we will process any Image Data recorded by CCTV to ensure that we are compliant with Data Protection Law.


2.2: We currently use CCTV to view and record areas of our Site, 24 hours per day, 7 days per week. We currently deploy BWC on an occasional basis, and only where necessary to record a specific event where they may be a threat to residents, guests or staff.


2.3: The images of individuals recorded by CCTV and BWC are Personal Data and, therefore, subject to the Data Protection Laws. Dolphin Square is the Data Controller of all Image Data captured at our Site.


2.4: This policy covers all staff, guests, visitors, customers, and potential customers, tenants, employees of its partners and suppliers and contractors and may also be relevant to members of the public visiting the Site.


2.5: The policy shall not apply to any personal cameras or other personal recording devices which shall be the responsibility of the person or company that owns or has access to the device in question.

 

3. Staff responsible


The Estate Security Manager has overall responsibility for ensuring compliance with Data Protection Laws and the effective operation of this policy. Day-to-day operational responsibility for CCTV and BWC and the storage of Image Data recorded is the responsibility of theEstate Security Team Leader. Should you have any queries on the use of CCTV, BWC or surveillance systems by us please contactThe Estate Security Manager by emailing dataprotection@dolphinsquare.co.uk.

 

4. Why we use CCTV and BWC


4.1: We currently use CCTV and BWC around our Site as outlined below. We believe that such use is necessary for the following legitimate purposes:


4.1.1 to prevent or detect crime on our Site and protect buildings and assets from damage, disruption, theft, vandalism and other crime, and to act as a deterrent against such crime;


4.1.2 for the personal safety of tenants, guests, staff, customers, and potential customers, employees of its partners, suppliers and contractors and other members of the public, against harassment, abuse and other harms;


4.1.3 for the health and safety of those using the pool, gym floor and other facilities, or when staff undertaking welfare checks;(d) to support law enforcement bodies in the prevention, detection and prosecution of crime; and


4.1.4 to support any internal investigations, for example, where relevant to a staff disciplinary procedure or breach of contract;


4.1.5 to support law enforcement bodies in the prevention, detection and prosecution of crime;


4.1.6 to assist in day-to-day management;


4.1.7 to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;


4.1.8 to assist in the defence of any civil litigation, including employment tribunal proceedings;


4.1.9 we may implement or use CCTV or BWC for purposes other than those specified above which we will notify you of from time to time.

5. BWC


5.1 We currently deploy BWC on an occasional basis, and only for the following purposes:


5.1.1 enhancing the safety of residents, members, staff and visitors;


5.1.2 preventing, deterring and recording incidents of crime, anti-social behaviour or serious disputes;


5.1.3 providing evidence in connection with incidents, complaints, insurance claims or legal proceedings; and


5.1.4 supporting staff safety during confrontational or high-risk interactions.


5.2 BWC will only ever be activated by our security personnel to start recording footage in the event of a perceived threat to property and tenants, guests, staff or other individuals on Site, or where perceived necessary where there is a risk to an individual's health or safety, such as welfare checks. Before activating BWC, security personnel will make a clear announcement that they are recording footage, and the BWC will be turned off once the threat is believed to have ended, or the incident is over.


5.3 BWCs are not used for:


5.3.1 routine monitoring of residents, members or guests;


5.3.2 general observation of leisure facility usage; or


5.3.3 monitoring staff performance.


5.4 Unless there are exceptional circumstances and recording is strictly necessary to prevent serious harm or to address a significant incident, we will not activate audio recording or activate BWC (video recording):


5.4.1 inside residential units;


5.4.2 in changing rooms, showers, toilets or similar facilities;


5.4.3 in private treatment or consultation rooms; or


5.4.4 in any other location where individuals have a high expectation of privacy.


5.5 If an individual objects to being recorded, we will consider whether recording remains necessary and proportionate in the circumstances


5.6 If the circumstances in clauses 5.4 and 5.5 apply, we will document the circumstances and the decision made.


6. Monitoring


6.1: The locations of the CCTV are chosen to minimise the viewing of spaces / individuals which are not relevant to the legitimate purpose of the monitoring as specified above.  CCTV cameras currently point at primary ingress and egress areas, common area spaces, primary thoroughfares, areas of congregation, and publicly accessible areas. Additional CCTV cameras also point to areas that utilise access control, such as the car park, storage spaces, and areas where regular business is conducted.


6.2: Currently, none of our CCTV records sound.


6.3: A live feed from the CCTV is monitored continuously by our staff on Site and images are only revisited in the event of an incident or if a request is made.


6.4: Security staff who help to keep our Site safe may be equipped with BWC when patrolling the site. BWC will only be activated to start recording where security personnel perceive there to be a present threat to individuals and / or our Site.


6.5: Any staff using CCTV and BWC will be given training to ensure that they understand how to use these technologies in a proportionate manner and understand the legal requirements relating to the processing of any Data gathered.


6.6 We will never engage in covert monitoring or surveillance (that is, where individuals are unaware that the monitoring or surveillance is taking place) unless, in highly exceptional circumstances, there are reasonable grounds to suspect that criminal activity or extremely serious malpractice is taking place and, after suitable consideration, we reasonably believe there is no less intrusive way to tackle the issue.


6.7 In the unlikely event that covert monitoring is considered to be justified, it will only be carried out with the express authorisation of the Data Protection Officer. The decision to carry out covert monitoring will be fully documented and will set out how the decision to use covert means was reached and by whom. The risk of intrusion on innocent workers will always be a primary consideration in reaching any such decision.


6.8 Only limited numbers of people will be involved in any covert monitoring.


6.9 Covert monitoring will only be carried out for a limited and reasonable period of time consistent with the objectives of making the recording and will only relate to the specific suspected illegal or unauthorised activity.

 

7. How we operate CCTV and BWC


7.1: Where CCTV is in use at our Site, we will ensure that signs are displayed at the entrance of the surveillance zone to alert staff, guests, customers, and potential customers, tenants, employees of its partners, suppliers and contractors that their image may be recorded. The signs will contain details of the organisation operating the system (where they are operated by a third party) and who to contact for further information.


7.2: We will ensure that live feeds from the CCTV are only viewed by appropriately authorised members of staff or third-party service providers whose role requires them to have access to such Image Data. Recorded images will only ever be viewed in  secure and restricted areas by our security staff or relevant elected employees for legitimate purposes.


7.3: BWC will only ever be activated by our security personnel to start recording footage in the event of a perceived threat to tenants, guests, staff or other individuals on Site, or where perceived necessary where there is a risk to an individual's health or safety, such as welfare checks. Before activating BWC, security personnel will make a clear announcement that they are recording footage, and the BWC will be turned off once the threat is believed to have ended, or the incident is over.  


8. How we protect the Data


8.1: In order to ensure that the rights of individuals recorded by our CCTV and BWC are protected, we will ensure that Image Data gathered from such systems is stored in a way that maintains its integrity and security. This may include encrypting the Data, where it is possible to do so.


8.2: We will ensure that any Image Data is only used for the purposes specified in section 4.1 above. We will not use Image Data for another purpose unless permitted by Data Protection Laws.


8.3: Where we engage Data Processors to process Data on our behalf, we will ensure contractual safeguards are in place to protect the security and integrity of the Data.

 

9. Retention and erasure of Data


9.1: Data recorded by our CCTV and BWC will be stored locally on servers at our Site. We will not retain this Data indefinitely but will permanently delete it once there is no reason to retain the recorded information. Exactly how long the Data will be retained for will vary according to the purpose for which it was recorded. For example, where images are being recorded for crime prevention purposes, Image Data will be kept only for as long as it takes to establish that a crime has been committed or where we are using the Image Data for staff disciplinary purposes, the images will be kept until the process is completed. In all other cases, recorded images will be kept for no longer than 30 days before being overwritten and permanently deleted.


9.2: At the end of its useful life and in any event within 7 years all Data stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs or hard copy photographs will be promptly disposed of as confidential waste.

 

10 Ongoing review of CCTV use


10.1: We will periodically review our ongoing use of existing CCTV and BWC at our Site to ensure that its use remains necessary and appropriate and in compliance with Data Protection Laws. Prior to introducing any new surveillance system, including placing a new CCTV camera on any location on the Site, we will carefully consider if they are appropriate by carrying out a data protection impact assessment (DPIA).


10.2: We will also carry out checks and deliver training to ensure that this policy is being followed by all staff.

 

11. Rights of Data Subjects


11.1 As Image Data will identify individuals, it will be considered Personal Data under applicable Data Protection Laws. Under Data Protection Laws, Data Subjects have certain rights in relation to the Personal Data concerning them (which are not absolute rights, and are subject to caveats in certain circumstances). These are as follows:

11.1.1 the right to access a copy of that Personal Data and the following information (this may include Image Data captured by our CCTV or BWC):


11.1.2 the purpose of the processing;


11.1.3 the types of Personal Data concerned;


11.1.4 to whom the Personal Data has or will be disclosed; and


11.1.5 the envisaged period that the Personal Data will be stored, or if not possible, the criteria used to decide that period;


11.1.6 the right to request any inaccurate Personal Data that we hold concerning them is rectified, this includes having incomplete Personal Data completed;


11.1.7 the right to request the Personal Data we hold concerning them is erased without undue delay, where it is no longer necessary for us to retain it in relation to the purposes it was collected;


11.1.8 the right to request restriction of our processing of Personal Data in certain circumstances;


11.1.9 the right to object to our processing of Personal Data where this is based on our legitimate interests, except where we are able to demonstrate compelling legitimate grounds for the processing which override the interests and freedoms of the data subject, or for the establishment, exercise or defence of legal claims;


11.1.10 the right to request Personal Data is provided to a Data Subject in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller (the right to data portability); and


11.1.11 the right to lodge a complaint with the Information Commissioner’s Office, if the Data Subject considers that our processing of the Personal Data relating to him or her infringes Data Protection Laws.

 

12. Service Providers


12.1 In order to operate CCTV and BWC across our Site we appoint service providers to provide us with maintenance services related to that CCTV, and also to assist with the management of internal IT infrastructure behind our surveillance systems. Such service providers act only on our instructions and on our behalf for the purposes listed in section 4.1 above. We require these service providers by contract to safeguard the privacy and security of Personal Data they process on our behalf.

 

13. Requests of disclosure by third parties


13.1: No images from our CCTV cameras will be disclosed to any third party (other than our third-party CCTV maintenance service providers), without express permission being given by the Data Protection Officer of our Site. In any event, Data will only be disclosed to a third party in accordance with Data Protection Laws.


13.2: In certain circumstances, we may allow law enforcement agencies, to view or remove CCTV footage where this is required in the detection or prosecution of crime, and where they can demonstrate a lawful basis under Data Protection Laws for the receipt of Data.


13.3: In addition, we may allow legal representatives and insurance companies and/or their loss adjustors, to view or remove CCTV footage where this is required for health and safety, or insurance claim purposes and where they can demonstrate a lawful basis under Data Protection Laws for the receipt of Data.


14. Complaints


14.1 If anyone has questions about this policy or any concerns about our use of CCTV or BWC, then they should contact The Estate Security Manager by emailing reception@dolphinsquare.co.uk.


14.2: Where this is not appropriate or matters cannot be resolved informally, please ask the reception team for a copy of our Data Protection complaints form and email the completed form to dataprotection@dolphinsquare.co.uk.  Employees of Dolphin Square should use the formal grievance procedure by contacting Human Resources.



CCTV Policy last updated May 2026