CCTV Fair Processing Notice

This Fair Processing Notice provides information regarding how the Controller processes data collected via the use of Closed-Circuit Television (CCTV).

Guernsey Water will use CCTV for the following purposes:

·         To protect the public water supply.

·         To protect Guernsey Water sites, buildings, and assets.

·         To provide a safe and secure environment for staff, visitors and the public.

·         To assist in the prevention of crime and assist law enforcement agencies in apprehending offenders.

·         To assist with the operational running of sites in relation to water levels, water quality, and any other areas that represent an operational risk.

·         To monitor any site or station during a communications failure.  

Guernsey Water assumes the role of the registered Data Controller (‘the Controller’) for all personal data captured through CCTV within their respective sites.  

The Controller acknowledges its obligations as per the Data Protection Law (Bailiwick of Guernsey) 2017 (‘the Law’), which provides a number of requirements for processing activities involving personal data.

The Controller further acknowledges the general principles of processing and the rights of data subjects. Further information in relation to these provisions is provided within this fair This Fair Processing Notice provides information regarding how the Controller processes data collected via the use of Closed-Circuit Television (CCTV).

Guernsey Water will use CCTV for the following purposes:

  • To protect the public water supply.
  • To protect Guernsey Water sites, buildings, and assets.
  • To provide a safe and secure environment for staff, visitors and the public.
  • To assist in the prevention of crime and assist law enforcement agencies in apprehending offenders.
  • To assist with the operational running of sites in relation to water levels, water quality, and any other areas that represent an operational risk.

·         To monitor any site or station during a communications failure.  

Guernsey Water assumes the role of the registered Data Controller (‘the Controller’) for all personal data captured through CCTV within their respective sites.  

processing notice and the general Fair Processing Notice - Guernsey Water; or by visiting www.gov.gg/dp.

  1. Lawfulness, fairness and transparency

    Personal data must be processed lawfully, fairly and in a transparent manner.

    The Controller collects imagery via CCTV cameras located throughout various sites both public and restricted access and for the purposes listed in the section 1.

    The information the Controller processes about you in relation to their CCTV system will include biometric data. More information about how the Controller processes your data can be found here Fair Processing Notice - Guernsey Water

    In some circumstances, personal data held by the Controller may be transferred to another Controller within the States of Guernsey or another associated third party. The Controller will only share data when there is a lawful basis to do so. The Controller will not transfer data outside of the European Economic Area unless satisfied that personal data will be afforded an equivalent level of protection.

  2. Purpose limitation

    Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected.

    The Controller acknowledges its responsibility with regards to this data protection principle and therefore the Controller maintains that it will not further process personal data in a way which is incompatible to its original reason for processing as specified above, unless required to do so by law. Personal data will not be transferred to a recipient in an unauthorised jurisdiction (as per the definition within the Law).

  3. Minimisation

    Personal data processed must be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.

    The Controller maintains that it will only process the personal data collected in relation to their CCTV systems in accordance with the Law and will not process the data any further in relation to the original reason for processing unless the controller is required to do so by law.

  4. Accuracy

    Personal data must be accurate, kept up-to-date (where applicable) and reasonable steps must be taken to ensure that personal data that is inaccurate, erased or corrected without delay.

    The Controller will ensure that all personal data that it holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay.

  5. Storage Limitation

    Personal data processed must not be kept in a form that permits identification of a data subject for any longer than is necessary for the purpose for which it is processed.

    The Controller will retain information on data subjects for as long as it is necessary to deliver a specific service unless there is a legal obligation to retain the data beyond this period. Footage is retained for around 30 days unless specific circumstances dictate otherwise.

    Personal data will be destroyed when professional guidance advises it is acceptable to do so, or it is no longer required or relevant.

    The Controller will regularly review data to ensure it is still required and it is lawful for them to continue to retain. When the data is no longer required, The Controller will securely destroy the data in accordance with the Law.

  6. Integrity and confidentiality

    Personal data must be processed in a manner that ensures its appropriate security, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

    Access to data is tightly controlled and protocols are enforced to ensure employees only have access to data required to undertake their role. Access is monitored and effectively managed by the Controller.

    The Controller adopts the information security standards of the States of Guernsey.

  7. Accountability

    The Controller is responsible for and must be able to demonstrate compliance with the data protection principles.

    The Controller has appropriate security measures in place to prevent CCTV from being accidently lost, processed or accessed in an unauthorised manner. The Controller limits access to CCTV footage to those with a lawful basis to process the data.

A data subject has the right to be advised as to whether a Controller is processing personal data relating to them and, if so, that individual is entitled to one free copy of their personal data, known as a Subject Access Request (SAR).

Should you wish to exercise your right of access or find further information regarding your rights as a data subject, please visit www.gov.gg/dp or contact those listed in section 5 of this notice.

The contact details of the Controller are as follows:

The Data Guardian, Guernsey Water

Address: Brickfield House, St Andrew, GY1 3AS

Tel: 01481 229500

Email: customer.service@water.gg

Data Protection Officer, STSB:

Address: Sir Charles Frossard House, La Charroterie, St Peter Port, Guernsey, GY1 1FH

Tel: 01481 220012

Email: data.protection@gov.gg

This website uses cookies to enhance your browsing experience.