GDPR & CCTV Policy
Bcash Greece Inc – Video Surveillance Policy
1. INTRODUCTION
1.1. Purpose
This CCTV Usage Policy establishes the guidelines for the use of closed circuit television (CCTV) within all of the relevant properties of Bcash Greece Inc.
The CCTV equipment, a Cloud-hosted video system (Video-as-a-Service) is in use for the following purpose:
- Prevention, investigation and detection of crime.
- Apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings).
- Visitor, contractor and employee safety.
- Monitoring the security of premises.
1.2. Scope
This Policy applies to all areas controlled by Bcash Greece Inc.
This Policy applies to all Bcash Greece Inc employees, contractors, operators and visitors.
This Policy is guided by and supports the relevant requirements of the General Data Protection Regulation (GDPR).
2. REQUIREMENTS
2.1. Siting and usage
Data shall not be used for purposes other than as stated above.
Cameras shall be sited such that they will only monitor those spaces which are intended to be covered.
Yi Technology (“processor”) shall be aware that they are only able to process your data to achieve the purpose for which Bcash Greece Inc installed them. Our Video Surveillance system is cloud-based; your data is temporarily stored on the processor’s cloud storage.
The cameras shall be limited / restricted in their movement so that they cannot be manipulated beyond their intended coverage zones.
Clearly visible and legible signs shall be placed in the common areas making people aware that they are entering a zone that is covered by surveillance equipment.
2.2. Image quality
- We shall procure technology that provides the best images suited to our purposes for usage of Video Surveillance System.
- The equipment shall be checked on initial installation and shall perform to required standard.
- The media on which the images are captured shall be cleaned so that images are not recorded on top of images recorded previously.
- The media on which the images have been recorded shall not be used when it has become apparent that the quality of images has deteriorated.
- The system shall record such features as the location of the camera and date and time reference.
- These features shall be checked daily for accuracy and a record shall be kept.
- We shall carry out constant, real time recording.
- Cameras shall be properly maintained and serviced.
- A maintenance log shall be maintained.
- Damaged equipment shall be replaced within 5 working days.
2.3. Image processing
- Generally, data shall be retained for a period of 15 days, after which it must be deleted automatically.
- Specifically, if data is in use for investigation or evidential purposes then the data shall be retained for as long as required by the investigation.
- If the data is retained for evidential proposes, it shall be retained in a secure place to which access is controlled.
- Monitors displaying images from areas in which individuals have an expectation of privacy shall not be viewed by anyone other than authorised operators of the equipment.
- Access to and viewing of the recorded images is restricted to the manager or designated member of staff, who will decide whether to allow requests for access by third parties in accordance with our documented disclosure procedure.
- The removal and return of media for viewing purposes, shall be documented.
- All operators and employees with access to images shall be aware of the procedure for accessing the images.
- The removal and return of media for use in legal proceedings shall be documented.
2.4. Access by, and disclosure of images to third parties
- Access to recorded images is restricted to accredited employees or operators.
- All access to storage media shall be documented.
- Disclosures shall be governed by a disclosure agreement, unless such disclosure is required by law.
- All requests for access or for disclosure shall be documented. If access or disclosure is denied then the reason shall be documented.
- Disclosure to third parties is limited to the following circumstances:
- Law enforcement agencies where the images recorded would assist in a specific criminal enquiry.
- Prosecution agencies.
- Relevant legal representatives.
- People whose images have been recorded and retained (unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings).
- No disclosures shall be made to the media unless under direction of our communications policy and in accordance with the requirements of the relevant agency.
- Images are NOT to be made widely available - such as on the Internet.
Take into consideration that a high possibility exists that third parties, Bcash Greece Inc contractors, to have their own video surveillance systems installed. These should be designated by a separate sticker.
2.5. Data subject access
All relevant employees or CCTV equipment operators must be able to recognize a request for access and shall be familiar with and follow our data subject access request procedure. You are kindly asked to send your requests to the following address: compliance@bcash.eu
2.6. Records storage and retention
All relevant employees or CCTV equipment operators shall be familiar with and shall follow our policies and procedures on records retention and storage.
3. Inquiries - Data Protection Authority
If our video surveillance policy does not meet your data protection standards, we welcome your questions/requests at compliance@bcash.eu
If you desire to file a complaint against, the Greek competent authority is Data Protection Authority, Kifisias Avenue 1-3, Athens, Greece. contact@dpa.gr | +30 210 6475 600
www.dpa.gr