CCTV Policy
Aug 2023
Server Room Environments Ltd is committed to ensuring that clients know their data will be kept private and secure. The Projects Director, who is Data Protection Lead, requires all employees to apply information security in accordance with the established policies and procedures of the organization.
For the purpose of protecting physical assets in the office, and for the preservation of information security (e.g. in hard copy form or that which can be found on laptops), Server Room Environments has installed a CCTV camera with limited scope in order to protect the premises.
No desk of any employee is in scope (therefore, there is no possibility of being filmed when sitting at a desk: no employee privacy is threatened).
A sign regarding the use of CCTV has been put up and is prominently displayed.
The lawful basis upon we rely for the recording of images (only after office hours) is consent – in alignment with Article 6 of the UK GDPR (specifically 1. (a) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). All employees have provided their consent for the premises to be protected in this manner.
The Projects Director, as the information security lead, has ultimate responsibility for the CCTV.
The data will not be shared with any third party.
If any images are recorded, they will be kept only for so long as to ascertain that the camera was not activated by any illegal activity. Once this has been ascertained, the images are then immediately deleted. The only purpose for which the images would be retained for a longer time would be in the interests of aiding law enforcement.
This policy is reviewed annually by the directors and management team or sooner if appropriate.
For other policies see our Integrated Management System page.
Ref: IMS-5.2-CCTV Policy