Please can we follow the below process when requesting CCTV images from Managed sites, this is to adhere to the Data Protection Policy and the law.
*See separate guidance for L&T site at the bottom of the article
Please advise site that;
If the Delivery note/EPOD has been signed for as a clean delivery it is unlikely that credit will be issued but we will try to appeal this.
Then, highlight that we are requests they share CCTV footage to support the claim with our supplier but that carries certain GDPR risks. The following advice therefore is intended to mitigate that concern.
As a reminder, there is no acceptable simple way of sites being able to share CCTV due to controls in place, other than exceptions noted in the Data Protection Manual e.g. Incidents to the Insurance Team. Under no circumstances should CCTV be sent on phones, What’s App etc.
The process to follow would be to mimic our normal insurance claim process, that being for the site to make a burnt copy of footage and to send it via recorded delivery , along with the CCTV log form, and a covering note explaining the purpose to;
Customer Contact Centre Managers
Stonegate Group,
3 Monkspath Hall Road
Shirley
Solihull
B90 4SJ
Our stakeholders for viewing footage as of 17 October 2023 are Jake Savage, Pauline Douglas and Emma Percival. These team members will then work with our suppliers to appeal any shortfalls separately.
L&T Guidance
Request that Publicans send CCTV to the same address included in this article. Request their permission for us to share the footage with our supplier and do not share until that has been confirmed.
Please ensure the Publican is aware that the images that they provide will be shared with a third party. If there are sensitive images or images which they do not wish to share, the onus is on the Publican to remove these before sharing with us (Stonegate Group).
The GDPR onus is on the publican rather than Stonegate to adhere to the Data Protection Policy and the law.
The publican will be the Data Controller (person or legal entity that determines the purpose of the processing of personal data and how the data is processed and Data Processor (the person or legal entity that processes data on behalf of the data controller.)
The following information is provided to manage expectations should we need to explain the need here for our managed sites. This detail provides the 'why' as to the controls set in place here.
There may be times when information needs to be shared with suppliers and the following guidance should be used
- A supplier would need an NDA (non-disclosure agreement) in place, as agreed contractually with the Commercial Team
- The options in declining order of acceptability are as follows:
- CCTV /images can be viewed internally by appropriate senior PST person e.g. Supply Chain Manager. Whatever information is needed to be confirmed with a supplier, can simply be validated by Senior Manager, that imagery proof has been verified.
- Exceptionally, if supplier needs evidence, then approach should be for PST Manager to use screen shots/pictures (as opposed to CCTV) and share these as evidence. These can be obtained internally from site via email to PST Manager. Need to ensure any faces are obscured and not falling foul of data protection issues.
- If CCTV does need to be reviewed by supplier, and this is approved by PST Manager, then as long as NDA in place, the supplier could view the CCTV at site accompanied by the GM. Under no circumstances can supplier take a copy of the CCTV by whatever means.
Comments
0 comments
Article is closed for comments.