AD HOC UK SECURITY LTD provide security services to property and land. At Ad Hoc, we respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This privacy notice will inform you how on how we look after your personal data, your privacy rights and how the law protects you.
We are a security company, whose normal activities can be summarised as:
I. Installing CCTV and / or alarm systems on property or land in order to prevent crime
II. Deploying security guards on site to protect properties or land in order to prevent crime
III. To deploy security patrols to visit sites periodically in order to prevent crime
1. IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
This privacy notice aims to give you information on how Ad Hoc collects and processes your personal data if you are filmed on our CCTV systems and why your data is recorded and retained for any period of time.
It is important you fully read this privacy notice, so that you are fully aware of our policy.
WHO WE ARE
Ad Hoc UK Security Ltd, whose registered office is Unit 20 & 21, Angel Gate, City Road, London, EC1V 2PT, is the data controller and so responsible for your personal data. We are a wholly owned subsidiary of Ad Hoc International BV (our Dutch parent company) and are affiliated with Ad Hoc Property Owners Limited, Ad Hoc Licensee Limited and Ad Hoc Property Management Limited within the Ad Hoc Group (collectively referred to as Ad Hoc, “we”, “us”, or “our” in this privacy notice).
We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice. If you have questions about this privacy notice, including any requests to exercise your legal rights, please contact the data protection officer whose details are on the final page of this privacy notice.
2. WHAT DATA DO WE COLLECT ABOUT YOU?
Personal data, or personal information, means any information about an individual from which you can be identified. It does not include data where the identity has been removed (anonymous data). Ad Hoc obtains information via its CCTV systems and this data is stored on secure recording systems for periods of time ranging from 1 week to 4 weeks. These time periods are determined by the degree of risk to the land or property our systems are protecting. After the specified recording period, the recorded data will be overwritten with new recorded data.
The data we may collect about you is:
– Visual identity (your face) – our CCTV systems may record your facial image if you broach into the view of the camera(s), but we are not able to automatically identify any individual from the images we record. This information may be passed to law enforcement, subject to the correct protocols being followed, for the purpose of crime prevention and detection
– Vehicle registration plates – our CCTV systems do not have automatic number plate recognition where we can identity an individual by the number plate. This information may be passed to law enforcement, subject to the correct protocols being followed, for them to use in any crime prevention or detection
– NOTE: Where our camera systems are installed overlooking private dwellings, we ‘mask’ our cameras to block any visibility of the premises, including their private gardens, in both live and recorded footage. Where our cameras overlook public areas and roadways, we may consider masking, however due to the wider benefits of this surveillance that has, on several occasions, benefitted law enforcement, we are not likely to mask these areas. For any public space surveillance, only SIA licensed persons are permitted to view any footage, whether they be Ad Hoc staff or monitoring station professionals
3. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with external third parties as set out in the Glossary for the purposes set out in the table.
5. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit your personal data to those employees, agents, contractors and other third parties who have a relevant security clearance, licensing and certification and a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. CCTV images are encrypted and sent and received digitally via a secure VPN network. We have put in place procedures to deal with any suspected data breach and will notify any applicable regulator of a breach where we are legally required to do so.
6. CONDUCTING PRIVACY IMPACT ASSESSMENTS CODE OF PRACTICE
Prior to installation of any CCTV system, Ad Hoc will undertake an assessment of the site and part of this assessment is to determine the impacts on privacy rights and data protection regulations. The use of CCTV should be proportionate, justified and fit for purpose and that recording timescales should be tailored to the needs of that site.
Where Ad Hoc uses third parties to process its data, Ad Hoc shall have legal agreements in place with each third party ensuring that information is only processed according to our requirements. The contracts shall include guarantees about security, storage and the use of properly trained staff.
7. NOTIFICATION OF CCTV AND RECORDING
Where a CCTV system is installed, signage will be placed around the site stating “CCTV IN OPERATION, 24 HOUR RECORDING IN PROGRESS”. The purpose of the CCTV system is to prevent and detect crime, and this is achieved by licensed and other authorised parties having access to live and recorded footage.
The footage is of such quality that it may be used in legal proceedings. The live or recorded footage is not intended to capture the general public and in most cases the CCTV will be viewing private land and “areas of interest” only, but in some cases the CCTV view will infringe upon public spaces if there is a legitimate need to do so.
Where our CCTV systems are in place, there is a need to secure the site and therefore a “legitimate interest” in recording personal data for the purposes of prevention and detection of crime. In every case Ad Hoc shall carefully
choose the location of the CCTV unit with consideration to data protection and legitimate recording and retention of personal data.
Ad Hoc may use audio alert when installing CCTV systems. The purpose is to communicate with a possible intruder to warn them away from the site. This communication will not be recorded and is not designed to be audible to the general public. During the site assessment it will be determined whether audio is suitable and appropriate for that site.
9. REGULATION OF INVESTIGATORY POWERS ACT (RIPA) 2000 & REGULATION OF INVESTIGATORY POWERS (SCOTLAND) ACT (RIPSA) 2000
This generally relates to “covert” or “directed” surveillance. Ad Hoc rarely works with such systems. There are legal procedures that should be followed if such systems are utilised and Ad Hoc and the owners shall liaise with each other to ensure that relevant procedures are followed and achieved prior to use.
10. DATA RETENTION AND DATA SHARING
We will only retain your data for as long as the CCTV system has been programmed to retain recorded images in line with the needs and purpose of the system in place. Otherwise, images that are passed to law enforcement or local authorities are retained at their discretion. If any data is passed to law enforcement or local authorities, they then become the data controller for the copy they have and they will retain the data until such a time they deem it fit to destroy that data. Ad Hoc reserves the right to retain the same data as long as there is legitimate reason to do so.
When Ad Hoc shares data with third parties, such as law enforcement agencies or local authorities, it shall ensure that personal data is delivered to those parties safely and securely, with due consideration to all individuals captured on the required footage. Furthermore, any sharing of information shall be subject to protocols and processed with appropriate audit trails.
11. REVIEW OF PROCESSES
Ad Hoc shall regularly review its processes to its CCTV operation and any associated regulations and codes of practice.
12. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data to your personal data. These rights are discussed as below:
• Request access to your data
• Request correction of your personal data
• Request erasure of your personal data
• Right to withdraw request
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer.
13. NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
14. TIME LIMIT TO RESPOND
You are entitled to receive a copy of your personal data within one calendar month of request, subject to the request being valid. Occasionally it may take longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
15. WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
Performance of Contract means processing your data where it is necessary for the performance of the purpose of prevention of crime.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
EXTERNAL THIRD PARTIES
a) Service Providers / Suppliers acting as processors based in the EU, including third party CCTV monitoring companies who are adequately accredited to process any personal data.
b) Professional advisors acting as joint controllers including lawyers, auditors and insurers based in the EU who provide consultancy legal and insurance services
c) UK Law Enforcement agencies who may request CCTV footage in order to prevent and detect crime
d) Local Authorities who may request CCTV footage in order to prevent and detect crime
YOUR LEGAL RIGHTS
You have the right to:
• Request access to your personal data (commonly known as a “data subject access request”. This enables you to receive a copy of your personal data that we hold about you and to check that we are lawfully processing it
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data that we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us
• Request erasure of your personal data. This enables you to ask us to delete or remove any personal data where there is no good reason for us to continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
• Withdraw consent at any time where we are relying on consent to process your personal date. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent
17. CONTACT DETAILS
AD HOC UK SECURITY LTD is the controller and processor of data for the purposes of the DPA 18 and GDPR. If you have any questions about our privacy notice or information we hold about you, please contact our:
Data Protection Officer:
Ad Hoc UK Security Ltd
Unit 20 & 21, Angel Gate, City Road, London, EC1V 2PT
You have the right to make a complaint at any time to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues (www.ico.org,uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.