Important information about Data Protection.

‍

This Policy applies to personal data collected by CCTV and or Electronic Access Control Systems (EACS) at sites managed by METRUS

‍

This information forms part of our privacy policy available at www.metrus.co.uk

Closed Circuit Television (CCTV) & Electronic Access Control Systems are in operation at some of the sites managed by METRUS

Where these systems are able to process Data which by itself or with other Data available to us can be used to identify you, this is known as Personal Data.

This data protection policy sets out how we use that personal data, you can contact us at www.metrus.co.uk if you have any questions Including site specific details of whether or not a particular site you are or are about to visit has a CCTV and or Electronic Access Control System installed, which does or could process your personal data and where and if data processors are operating for and on behalf of us at that site.

We take the security of your personal data very seriously and take a stringent approach to data protection including its secure storage and taking the appropriate technical, physical and organisational steps to protect it. We regularly evaluate whether it is necessary and proportionate to use CCTV systems at each of the sites for which we are responsible as Data Controllers. Each site that uses CCTV has had a privacy impact assessment conducted and annual audits are undertaken to ensure that correct legal procedures are followed.

We also conduct regular Legitimate Interest Assessments (LIA) and document them.

Prior to disclosing any CCTV footage, we seek the advice of a specialist data protection advisory service to protect your personal data from inappropriate or wrongful disclosure.

‍

Your data will not be processed or stored outside of the European Economic Area (EEA)

‍

The types of personal data we collect and use

CCTV, the lawful basis for processing personal data by the use of CCTV is: For the legitimate interest of the Data Controller or that of other persons or organisations.

We will use the data obtained from CCTV images for the purposes set out below

For the purposes of:

• Good property management
• Maintaining the security of the premises and the prevention and investigation of crime.
• To monitor goods and services.
• For health and safety.  
• For Protecting the rights, property and for the personal safety of the occupiers of the buildings, including the staff and the tenants, visitors to the buildings including, the tenant’s staff, visitors to the building or premises including members of the public and those of Metrus.
• When you exercise your rights under data protection law and make requests
• Based on your consent. When you request us to disclose your personal data to other people or organisations such as a
• company handling a claim on your behalf, or otherwise agreed to disclosures:
• For the security and wellbeing of equipment and vehicles

‍

RETENTION PERIOD

‍

CCTV recorded images

Recorded images will be kept for a limited period only usually a maximum of 30 days and are then erased.

The exception being where images are required for evidential purposes or another legally valid reason including responses to your legal rights (subject rights).

The Data will be collected directly during any visits you make to the site in question.

‍

Electronic Access Control System the Lawful Basis for Processing Personal Data via the use of an Electronic Access Control System is:

‍

For the legitimate interest of the data controller or that of other persons or organisations.

We will use your data for the purposes set out below

The data will be collected directly and may include a combination of the following Personal Data dependant on the system itself and its objectives.

Your name

Your photographic image

The company you work for

Your position within that company

Your vehicle registration number

Your address and contact details

The Access Control System may record the days / times that you enter and leave the premises.

This information will not be given to any third parties including your employer without first obtaining your permission and will not be used to make any automated decisions concerning your employment.

Prior to any of your data being entered or processed by or into an access control system you will be advised of the exact content of the required data and the purposes for which your data will be used.

You will have the right to question why the data is required and to object to anything that you do not want to be processed.

Where you give your consent to your personal data being processed you will have the right to withdraw that consent at any time.

‍

Retention Periods

‍

Your data will only be kept within the access control system for the duration of time during which you asked to use the system to gain entry and to leave the premises where it is installed.

Following which your Data will be deleted from the system, for example when and if you are no longer employed in the building or are not intending to re-visit the building again.

‍

We will process your personal data:

‍

As necessary to comply with a legal obligation, e.g:

‍

• When you exercise your rights under data protection law and make requests:
• For compliance with legal and regulatory requirements and related disclosures:
• For establishment and defence of legal rights:
• For activities relating to the prevention, detection and investigation of crime:
• To verify your identity.
• For the security of the premises
• For Health and Safety
• For the safety and security of tenants, their employees and members of the public
• For Good property/estate management

‍

Sharing of my personal data

‍

Subject to applicable data protection law we may share your personal data with:

‍

• Companies and other persons providing services to us:
• Courts and Law enforcement agencies to comply with legal requirements, and for the administration of justice:
• In an emergency or to otherwise protect our vital interests:
• To protect the security or integrity of our business operations and those of our tenants
• The tenants of the premises
• For Health and Safety

‍

Automated decision making and processing

‍

• Your data will not be used in order to make any automated decisions which may or could significantly affect you

‍

Your rights under applicable data protection law

‍

Your rights are as follows:

‍

• The right to be informed about the processing of your personal data:
• The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed.
• The right to object to processing of your personal data:
• The right to have your personal data erased (the “right to be forgotten”)
• The right to request access to your personal data and information about how we process it (Subject Access requests)
• The right to move, copy, or transfer your personal data (data portability) and
• Rights in relation to automated decision-making including profiling

‍

If you have any further questions, suggestions or requests not covered by this privacy policy please contact us or our specialist data protection advisors Datpro Limited, Errwood House, 212 Moss Lane, Bramhall, Cheshire, SK7 1BD or telephone 0161 480 4580

You also have the right to complain to the Information Commissioner’s office. It has enforcement powers and can investigate compliance with data protection law:

The contact details are as follows

Website www.ico.org.uk