Privacy Policy 

At Norden Farm, we understand that privacy is important and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website and we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. By visiting www.nordenfarm.com and providing personal data to us, you are accepting and consenting to the practices described in this policy.

 Current status: AcceptedCurrent status: Denied

 

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings: 

“Our Site” means www.nordenfarm.com.
“We/Us/Our” means Norden Farm, partnership.
“Account” means an account required to access and/or use certain areas and features of Our Site;
“Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, as defined by the General Data Protection Regulation (GDPR) EU Regulation 2016/679.
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 13, below.
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and of EU Regulation 2016/679 General Data Protection Regulation.

2. Information About Us

Our Site is owned and operated by Norden Farm, partnership.

Registered address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK.

VAT Number: 186 3682 27

Data Protection Partner: Ms CJ Ramm.

Email address:

Telephone number: 01929 480098

Postal address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK

3. What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

4. What Are My Rights?

Under the Data Protection Legislation, you have the following rights which we will always work to uphold:

I.          The right to be informed about our collection and use of your personal data. This privacy policy should tell you everything you need to know, but you can always contact us to find out more or to ask any details. Please find our contact details in Part 15.

II.         The right to access the personal data we hold about you. Please find details of this in Part 12.

III.         The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 15 to do this.

IV.         The right to ask us to delete or otherwise dispose of any of your personal data that we hold.

V.         The right to restrict the processing of your data.

VI.         The right to object to us using your personal data for particular purposes.

VII.         The right to withdraw consent. If we are relying on your consent as the legal basis for using your personal data, you are free to withdraw this consent at any time. Please contact us using the details in Part 15 to do so.

VIII.         The right to data portability. If you have provided personal data to us, we are using it with your consent or for the performance of a contract. You can ask us for a copy of that personal data to re-use with another service or business in many cases. Please see Part 12 for more information.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed.

5. What Data Do You Collect and How?

Depending upon your use of Our Site, we may collect and process the information you give us. This may arise from you providing information when making a booking on Our Site, or by corresponding with us by phone, email, in writing or in person. This also includes information you provide when you change or update your personal details or contact preferences.

Information held is likely to include your name, date of birth, contact details, card and payment details, information about people travelling with you, information about your booking and any additional information we may need to help meet your specific requirements.

6. How Do You Use My Personal Data?

We require the collation, processing and storage of certain personal data in order to carry out our business purpose. Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The lawful reason for collecting, processing and storing this data is that as a guest, you enter into a contract with us until your stay is complete. The data collected will be used to administer the agreement between us and you, the guest. We may also use this data for statistical purposes when we evaluate our range of products and services, to manage customer service queries, and for no other reason without your express permission.

We will not send any marketing communications, or any other form of communication other than for specific business purpose without your express consent. You will not be sent any unlawful marketing or spam. If you consent to receive marketing communications, you can opt out at any time, either by using the opt-out feature on our newsletter, or by contacting us directly. Please see Part 15 for information on how to contact us.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

7. How Long Will You Keep My Personal Data?

We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner. If you do not want us to store your data for this amount of time, then please call us and request that we remove your data.

8. How Do You Store or Transfer My Personal Data?

We appoint third party service providers, to help us manage efficient systems within the business. We will only transfer your information to service providers who help manage our systems where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy laws.

We store or transfer some or all of your personal data in countries that are not part of the European Economic Area (EEA). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. We take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK.

We will take all reasonable steps to ensure that your data is kept secure and in accordance with this privacy policy.

9. Do You Share My Personal Data?

We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:

I.          We may share your personal data with our service providers and agents who perform services on our behalf such as payment processers and data management firms.

II.         We may share your personal data to fraud prevention agencies for the purposes on preventing fraud or loss.

III.         In some circumstances, we may be legally required to share certain personal data, for legal or regulatory purposes.

IV.         In some circumstances, we may be legally required to share certain personal data, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority

V.         If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.

If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.

If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 8.

10. How Can I Control My Personal Data?

I.                  In addition to your rights under the Data Protection Legislation, set out in Part 4, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails.

II.                  You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications from us that you have consented to receiving.

11. Can I Withhold Information?

You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict our use of Cookies. For more information, please see Part 13.

12. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal address shown in Part 15.

13. How Do You Use Cookies?

Our Site may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of Our Site and to provide and improve our products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.

By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on Our Site for website performance and analytics. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.

All Cookies used by and on Our Site are used in accordance with current Cookie Law.

The following Cookies may be placed on your computer or device:

I.          Strictly Necessary Cookies- A Cookie falls into this category if it is essential for the operation of Our Site, supporting functions such as logging in, shopping baskets and payment transactions

II.         Analytics Cookies- It is important for us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather information, helping us to improve Our Site and your experience of it.

III.         Functionality Cookies- These Cookies enable us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies.

IV.         Targeting Cookies- It is important for us to know when and how often you visit Our Site, and which parts of it you have used (including pages you have visited and which links you have visited). As with Analytics Cookies, this information helps us to better understand you and in turn, make Our Site and advertising more relevant to your interests.

V.         Third-Party Cookies- Third-Party Cookies are not placed by us; instead they are placed by third parties that provide services to us and/or you. Third-Party Cookies may be used by advertising services to provide tailored advertising to you on Our Site, or by third parties providing analytic services to us (these Cookies work in the same way as analytics Cookies described above).

VI.         Persistent Cookies- Any of the above types of Cookies may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.

VII.         Session Cookies- Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser, at which time they are deleted.

The following Cookies may be placed on your computer or device:

Cookie Notice for GDPR

Functional

Usage

We use Cookie Notice for GDPR for cookie consent management.

Sharing data

This data is not shared with third parties.

Functional

Name
cookie_notice_accepted
Expiration
persistent
Function
Checks if cookies can be placed

HAProxy

Functional

Usage

We use HAProxy for website performance optimization.

Sharing data

This data is not shared with third parties.

Functional

Name
SERVERID*
Expiration
session
Function
Load balancing functionality

Tawk

Purpose pending investigation

Usage

We use Tawk for chat support.

Sharing data

For more information, please read the Tawk Privacy Statement.

Purpose pending investigation

Name
TawkConnectionTime
Expiration
Function
Name
__tawkuuid
Expiration
Function
Name
TawkWindowName
Expiration
Function

Elementor

Statistics

Usage

We use Elementor for content creation.

Sharing data

This data is not shared with third parties.

Statistics

Name
elementor
Expiration
persistent
Function
Count and track pageviews

Elfsight

Purpose pending investigation

Usage

Sharing data

This data is not shared with third parties.

Purpose pending investigation

Name
eapps-instagram-feed-red-like-time
Expiration
persistent
Function

Google Fonts

Marketing/Tracking

Usage

We use Google Fonts for display of webfonts.

Sharing data

For more information, please read the Google Fonts Privacy Statement.

Marketing/Tracking

Name
Google Fonts API
Expiration
none
Function
Request user IP address

YouTube

Marketing/Tracking, Functional, Statistics

Usage

We use YouTube for video display.

Sharing data

For more information, please read the YouTube Privacy Statement.

Marketing/Tracking

Name
GPS
Expiration
session
Function
Store location data

Functional

Name
VISITOR_INFO1_LIVE
Expiration
6 months
Function
Estimate bandwidth

Statistics

Name
YSC
Expiration
session
Function
Store a unique user ID
Name
PREF
Expiration
1 year
Function
Track visits across websites

Facebook

Marketing/Tracking, Functional

Usage

We use Facebook for display of recent social posts and/or social share buttons.

Sharing data

For more information, please read the Facebook Privacy Statement.

Marketing/Tracking

Name
actppresence
Expiration
1 year
Function
Manage ad display frequency
Name
_fbc
Expiration
2 years
Function
Stores last visit
Name
fbm*
Expiration
1 year
Function
Store account details
Name
xs
Expiration
3 months
Function
Store a unique session ID
Name
fr
Expiration
3 months
Function
Ad delivery
Name
_fbp
Expiration
3 months
Function
Track visits across websites
Name
datr
Expiration
2 years
Function
Provide fraud prevention
Name
sb
Expiration
2 years
Function
Store browser details
Name
*_fbm_
Expiration
1 year
Function
Store account details

Functional

Name
wd
Expiration
1 week
Function
Determine screen resolution
Name
act
Expiration
90 days
Function
Keep users logged in
Name
c_user
Expiration
90 days
Function
Store a unique user ID
Name
csm
Expiration
90 days
Function
Provide fraud prevention
Name
presence
Expiration
session
Function
Track if the browser tab is active

Twitter

Functional, Marketing/Tracking

Usage

We use Twitter for display of recent social posts and/or social share buttons.

Sharing data

For more information, please read the Twitter Privacy Statement.

Functional

Name
local_storage_support_test
Expiration
persistent
Function
Load balancing functionality

Marketing/Tracking

Name
metrics_token
Expiration
persistent
Function
Stores if the user has seen embedded content

Miscellaneous

Purpose pending investigation

Usage

Sharing data

Sharing of data is pending investigation

Purpose pending investigation

Name
euCookie
Expiration
Function
Name
eapps-*-click-expiration
Expiration
Function
Name
eapps-*-view-expiration
Expiration
Function
Name
twk_*
Expiration
Function
Name
_ga
Expiration
Function
Name
complianz_consent_status
Expiration
365 days
Function
Name
_gid
Expiration
Function
Name
complianz_policy_id
Expiration
365 days
Function
Name
_gat
Expiration
Function
Name
tablesorter-savesort
Expiration
Function
Name
undefined
Expiration
Function
Name
wistia
Expiration
Function
Name
wistia-video-progress-oegnwrdag1
Expiration
Function
Name
loglevel
Expiration
Function
Name
wp-autosave-1
Expiration
Function
Name
wp-saving-post
Expiration
Function
Name
pum-500
Expiration
Function
Name
cid
Expiration
Function
Name
rank-math-option-search-index
Expiration
Function
Name
rank-math-option-sitemap-index
Expiration
Function
Name
elementor-panel-size-height
Expiration
Function
Name
in-move
Expiration
Function
Name
elementor-panel-size-width
Expiration
Function
Name
rank-math-option-general-index
Expiration
Function
Name
rank-math-option-titles-index
Expiration
Function
Name
fbv_tree
Expiration
Function
Name
cmplz_toggle_data_id_0
Expiration
365 days
Function
Name
cmplzDashboardDefaultsSet
Expiration
365 days
Function
Name
cmplzFormValues
Expiration
365 days
Function
Name
cmplz_toggle_data_id_2
Expiration
365 days
Function
Name
cmplz_toggle_data_id_3
Expiration
365 days
Function
Name
cmplz_toggle_data_id_4
Expiration
365 days
Function
Name
cmplz_layout
Expiration
365 days
Function
Name
cmplz_toggle_data_id_1
Expiration
365 days
Function
Name
e_globals
Expiration
Function
Name
e_site-editor
Expiration
Function
Name
cmplz_stats
Expiration
365 days
Function
Name
cmplz_consent_status
Expiration
365 days
Function
Name
cmplz_preferences
Expiration
365 days
Function
Name
fbv_close_buy_pro_dialog
Expiration
Function
Name
cmplz_policy_id
Expiration
365 days
Function
Name
cmplz_functional
Expiration
365 days
Function
Name
cmplz_statistics-anonymous
Expiration
365 days
Function
Name
cmplz_statistics
Expiration
365 days
Function
Name
cmplz_marketing
Expiration
365 days
Function
Name
cmplz_choice
Expiration
365 days
Function
Name
newsletter_tab
Expiration
Function
Name
cmplz_banner-status
Expiration
365 days
Function
Name
wphe-editor-height
Expiration
Function
Name
wphe-editor-width
Expiration
Function
Name
e_favorites
Expiration
Function
Name
AIOT-rml1
Expiration
Function
Name
cmplz_consenttype
Expiration
365 days
Function

Our Site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how Our Site is used. This, in turn, enables us to improve Our Site and the products and services offered through it.

The analytics services used by Our Site uses Analytics Cookies to gather the required information. You do not have to allow us to use these Cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable us to continually improve Our Site, making it a better and more useful experience for you.

Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.

In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

The links below provide instructions on how to control Cookies in popular browsers:

                        I.          Google Chrome- https://support.google.com/chrome/answer/95647?hl=en-GB

                       II.         Microsoft Internet Explorer- https://support.microsoft.com/en-us/kb/278835

                     III.         Microsoft Edge- https://support.microsoft.com/en-gb/products/microsoft-edge (please note that there are no specific instructions at this time, but Microsoft Support will be able to assist)

                    IV.         Mozilla Firefox- https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences

                      V.         Safari (macOS)- https://support.apple.com/en-gb/guide/safari/sfri11471/mac

                    VI.         Safari (iOS)- https://support.apple.com/en-gb/HT201265

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

14. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This Privacy Policy was last updated in January 2020.

15. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of: Ms C J Ramm):

Email address:

Telephone number: 01929 480098

Postal Address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK

 

Norden Farm CCTV Policy

At Norden Farm we believe that CCTV plays a legitimate role in helping to maintain a safe and secure environment for all our staff, guests, customers, tenants, and employees of our partners and suppliers and contractors.

Images recorded by CCTV are Personal Data and as such must be processed in accordance with data protection laws. We are committed to complying with our legal obligations in order to appropriately handle and protect Personal Data and ensure that the legal rights of everyone relating to their Personal Data, are recognised and respected.

This policy is intended to enable staff, guests, customers, tenants, and employees of our partners and suppliers and contractors to understand how Norden Farm uses CCTV, who is responsible for our CCTV use, the rights individuals may have in relation to CCTV, who has access to CCTV images and how individuals can raise any queries or concerns they may have.

 

  1. Definitions

For the purposes of this policy, the following terms have the following meanings:

CCTV: means cameras, devices or systems including fixed CCTV and any other systems that capture information of identifiable individuals or information relating to identifiable individuals.

CCTV Data: means any Data in respect of CCTV, e.g. video images, static pictures, etc.

Data: means any information which is stored electronically or in paper-based filing systems.

Data Subject: means any individuals who can be identified directly or indirectly from CCTV Data (or other Data in our possession). Data Subjects include staff, guests, customers, tenants, employees of our partners, suppliers and contractors, and members of the public.

Data Controller: is the organisation or authority which, determines how and for what purpose the Personal Data are processed. When operating CCTV, Norden Farm is the relevant Data Controller and is responsible for ensuring compliance with the Data Protection Laws.

CCTV users: are those of our employees (or employees of any Data Processors which we appoint) whose work involves processing CCTV Data. This will include those whose duties are to operate CCTV to record, monitor, store, retrieve and delete images. Data users must protect the CCTV Data they handle in accordance with this policy.

Service Provider: is any organisation that is not a CCTV user (or other employee of a Data Controller) that processes CCTV Data or Personal Data on our behalf and in accordance with our instructions.

Data Protection Laws: means:

  1. a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the “GDPR”) and any equivalent or implementing legislation;
  2. b) all other applicable laws, regulations or court judgements relating to the processing of personal data, data privacy, electronic communications, marketing and/or data security; and
  3. c) any and all legally binding guidelines, recommendations, best practice, opinions, directions, decisions, or codes issued, adopted or approved by the European Commission, the Article 29 Working Party, the European Data Protection Board, the UK’s Information Commissioner’s Office and/or any other supervisory authority or data protection authority from time to time in relation to the processing of personal data, data privacy, electronic communications, marketing and/or data security;

in each case as from time to time in force and as from time to time amended, extended, consolidated, re-enacted, replaced, superseded or in any other way incorporated into law and all orders, regulations, statutes, instruments and/or other subordinate legislation (including the Data Protection Bill 2017 when in force) made under any of the above in any jurisdiction from time to time.

Processing: is any activity which involves the use of CCTV Data, whether or not by automated means. It includes collecting, obtaining, recording or holding CCTV Data, or carrying out any operation or set of operations on the CCTV Data including organising, structuring, amending, retrieving, using, disclosing or erasing or destroying it. Processing also includes transferring CCTV Data to third parties.

Site: means the entire Norden Farm estate located at Norden Farm, Corfe Castle, Dorset, BH20 5DS and more specifically Norden Farm Campsite, Norden Farm Shop, Norden Farm Cottage, Norden House and all other residential and non-residential fixed structures, residential and non-residential mobile structures, farm buildings, storage areas, driveways, pathways and open land situated on the estate.

 

  1. About this policy

2.1: We currently use CCTV to view and record individuals at our Site, 24 hours per day, 7 days per week. This policy sets out why we use CCTV, how we will use CCTV and how we will process any CCTV Data recorded by CCTV to ensure that we are compliant with Data Protection Law.
2.2: The images of individuals recorded by CCTV are Personal Data and therefore subject to the Data Protection Laws. Norden Farm is the Data Controller of all CCTV Data captured at our Site.
2.3: This policy covers all staff, guests, customers, tenants, and employees of our partners and suppliers and contractors and may also be relevant to members of the public visiting the Site.

 

  1. Staff responsible

Ben Barton, Site Manager, has overall responsibility for ensuring compliance with Data Protection Laws and the effective operation of this policy. Should you have any queries on the use of CCTV or surveillance systems by us please contact Ben Barton, Site Manager.

 

  1. Why we use CCTV

4.1: We currently use CCTV around our Site as outlined below. We believe that such use is necessary for the following legitimate business purposes:

(a) for the personal safety of staff, guests, customers, tenants, employees of our partners, suppliers and contractors and other members of the public and to act as a deterrent against crime;
(b) to prevent or detect crime and protect buildings and assets from damage, disruption, theft, vandalism and other crime;
(c) to support law enforcement bodies in the prevention, detection and prosecution of crime; and
(d) to monitor traffic flow on the estate.

We may implement or use CCTV for purposes other than those specified above which we will notify you of from time to time.

 

  1. Monitoring

5.1: The locations of the CCTV are chosen to minimise the viewing of spaces/individuals which are not relevant to the legitimate purpose of the monitoring as specified above.
5.2: Currently, none of our CCTV records sound.
5.3: A live feed from the CCTV is monitored continuously and images are only revisited in the event of an incident or if a request is made.
5.4: Any staff using CCTV will be given training to ensure that they understand and observe the legal requirements relating to the processing of any Data gathered.

 

  1. How we operate CCTV

6.1: Where CCTV is in use at our Site, we will ensure that signs are displayed at the entrance of the surveillance zone to alert staff, guests, customers, tenants, and employees of our partners, suppliers and contractors that their image may be recorded. The signs will contain details of the organisation operating the system (where they are operated by a third party) and who to contact for further information.
6:2: We will ensure that live feeds from the CCTV are only viewed by appropriately authorised members of staff or third-party service providers whose role requires them to have access to such CCTV Data. Recorded images will only ever be viewed by our staff in the Manager’s Office which is a secure and restricted area.
6:3: No surveillance cameras will be placed in areas where there is an expectation of privacy (for example, in changing rooms, toilets) unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.

 

  1. How we use the Data

7.1: In order to ensure that the rights of individuals recorded by our CCTV are protected, we will ensure that CCTV Data gathered from such systems is stored in a way that maintains its integrity and security. This may include encrypting the Data, where it is possible to do so.
7.2: We will ensure that any CCTV Data is only used for the purposes specified in section 4.1 above. We will not use CCTV Data for another purpose unless permitted by Data Protection Laws.
7.3: Where we engage Data Processors to process Data on our behalf, we will ensure contractual safeguards are in place to protect the security and integrity of the Data.

 

  1. Retention and erasure of Data

8.1: Data recorded by our CCTV will be stored locally on servers at our Site. We will not retain this Data indefinitely but will permanently delete it once there is no reason to retain the recorded information. Exactly how long the Data will be retained for will vary according to the purpose for which it was recorded. For example, where images are being recorded for crime prevention purposes, CCTV Data will be kept only for as long as it takes to establish that a crime has been committed or where we are using the CCTV Data for staff disciplinary purposes, the images will be kept until the process is completed. In all other cases, recorded images will be kept for no longer than 60 days before being overwritten and permanently deleted.
8.2: At the end of its useful life and in any event within 7 years all Data stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs or hard copy photographs will be promptly disposed of as confidential waste.

 

  1. Ongoing review of our use of CCTV

9.1: We will periodically review our ongoing use of existing CCTV at our Site to ensure that its use remains necessary and appropriate and in compliance with Data Protection Laws.
9.2: We will also carry out checks to ensure that this policy is being followed by all staff.

 

  1. Rights of Data Subjects

10.1 As CCTV Data will identify individuals, it will be considered Personal Data under applicable Data Protection Laws. Under Data Protection Laws, Data Subjects have certain rights in relation to the Personal Data concerning them. These are as follows:
(a) the right to access a copy of that Personal Data and the following information (this may include CCTV Data captured by our CCTV):
(i) the purpose of the processing;
(ii) the types of Personal Data concerned;
(iii) to whom the Personal Data has or will be disclosed; and
(iv) the envisaged period that the Personal Data will be stored, or if not possible, the criteria used to decide that period;
(b) the right to request any inaccurate Personal Data that we hold concerning them is rectified, this includes having incomplete Personal Data completed;
(c) the right to request the Personal Data we hold concerning them is erased without undue delay, where it is no longer necessary for us to retain it in relation to the purposes it was collected;
(d) the right to request restriction of our processing of Personal Data in certain circumstances; and
(e) the right to lodge a complaint with the Information Commissioner’s Office, if the Data Subject considers that our processing of the Personal Data relating to him or her infringes Data Protection Laws.

 

  1. Service providers

11.1 In order to operate CCTV across our Site we may appoint service providers to provide us with maintenance services related to that CCTV. Such service providers will act only on our instructions and on our behalf for the purposes listed in section 4.1 above. We will require these service providers by contract to safeguard the privacy and security of Personal Data they process on our behalf.

 

  1. Requests of disclosure by third parties

12.1: No images from our CCTV cameras will be disclosed to any third party (other than our third-party CCTV maintenance service providers), without express permission being given by the Site Manager. Data will only be disclosed to a third party in accordance with Data Protection Laws.
12.2: In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.

 

  1. Complaints

13.1: If anyone has questions about this policy or any concerns about our use of CCTV, then they should speak to Ben Barton in the first instance.

August 10, 2022