CCTV Policy

Closed-Circuit-Television (CCTV) Policy

Twickel Dental Practice

1. Purpose

Twickel Dental Practice uses closed-circuit television (CCTV) for legitimate security and safety purposes.

The practice will operate CCTV in a way that is proportionate, lawful and respectful of the privacy rights of patients, staff, visitors and contractors.

CCTV images may identify individuals and are therefore personal data. The practice will handle CCTV images in accordance with the UK GDPR, the Data Protection Act 2018, ICO guidance and the practice's Data Protection Policy.

The ICO provides guidance for organisations using CCTV and video surveillance, including the need to consider purpose, transparency, retention, access and individuals' rights.

2. Purpose of CCTV

The practice uses CCTV to:

protect the practice premises and property
support the safety of patients, staff, visitors and contractors
deter criminal activity
assist with the prevention and detection of crime
support investigation of security incidents, where appropriate
help protect confidential records, equipment and practice assets.

CCTV is not used for routine monitoring of staff performance.

3. CCTV locations

CCTV cameras are located in selected areas of the practice where there is a legitimate security or safety reason.

Current CCTV locations include:

reception
hallways
waiting rooms
decontamination room
store room
other internal areas where security monitoring is reasonably required.

There is no CCTV coverage in the practice car park.

CCTV must not be placed in areas where individuals would reasonably expect a high level of privacy, such as toilets, changing areas or private staff welfare areas.

Camera locations will be reviewed periodically to ensure they remain necessary, proportionate and appropriate.

4. CCTV recording

The CCTV system is operational 24 hours a day, 7 days a week.

The CCTV system records images only.

The CCTV system does not record audio.

CCTV footage is retained for up to 30 days, unless it is required for a specific legitimate purpose, such as investigation of an incident, complaint, insurance matter, safeguarding concern, police request, legal matter or regulatory issue.

Footage that is no longer required will be automatically overwritten or securely deleted.

5. Ownership and responsibility

The Practice Owners are responsible for the operation and governance of CCTV at Twickel Dental Practice.

The data controllers for CCTV are:

Dr Mihail Drug-Ionescu
Dr Roxana Drug-Ionescu

The Information Governance Lead / Data Protection Lead is:

Dr Mihail Drug-Ionescu

Only authorised individuals may access, view, retrieve or disclose CCTV footage.

6. CCTV supplier and storage

The practice uses a CCTV system supplied and supported through Blink / Amazon, where applicable.

The CCTV supplier may process or store footage on behalf of the practice. Where a supplier processes CCTV footage or associated personal data, the practice will ensure that appropriate supplier terms, data protection terms or processing arrangements are in place.

The practice will take reasonable steps to ensure that CCTV footage is stored securely and that access is restricted to authorised individuals.

7. Lawful basis

The practice's lawful basis for using CCTV is normally legitimate interests, namely protecting the safety and security of the practice, patients, staff, visitors, property, confidential information and practice assets.

Where CCTV is used in connection with legal, regulatory, safeguarding, insurance or crime-prevention matters, additional lawful bases may also apply, depending on the circumstances.

The practice will ensure that CCTV use remains necessary and proportionate.

8. Signage and transparency

The practice will display appropriate signage to inform patients, staff, visitors and contractors that CCTV is in operation.

Signage should be clear and visible, and should normally include:

that CCTV is in use
the purpose of CCTV
who is responsible for CCTV
how to contact the practice about CCTV matters.

The practice's Privacy Notice should also explain the use of CCTV where appropriate.

9. Use of CCTV footage

CCTV footage may be reviewed or used where there is a legitimate reason, such as:

security concerns
suspected theft, vandalism or criminal activity
safety incidents
unauthorised access
protection of practice property or confidential information
investigation of complaints or incidents
safeguarding concerns
insurance matters
legal or regulatory matters
requests from police, courts or other lawful authorities.

CCTV footage will not be used casually, unnecessarily or for purposes unrelated to the reasons for which the system is operated.

10. Sharing CCTV footage

CCTV footage will only be shared where there is a lawful and legitimate reason.

This may include sharing with:

police
courts or tribunals
insurers
legal advisers
regulatory bodies
safeguarding authorities
individuals exercising their data protection rights, where appropriate.

The practice will consider the privacy rights of other individuals who may appear in the footage. Where appropriate, footage may be edited, redacted or still images used to reduce unnecessary disclosure.

A record should be kept of any CCTV footage disclosed to a third party.

11. Requests from individuals

Individuals may request access to CCTV footage of themselves. This is a subject access request and will be handled in line with the practice's Data Protection Policy and Information Governance Procedures.

The ICO states that organisations should usually respond to subject access requests without delay and within one month. In most circumstances, a fee cannot be charged.

Before releasing CCTV footage, the practice will consider:

whether the person making the request can be identified in the footage
whether other individuals are visible
whether disclosure would affect another person's rights
whether footage needs to be edited or redacted
whether an exemption applies
whether the footage is still available within the retention period.

12. Requests from police or other third parties

Requests from police, courts, solicitors, insurers or other third parties should be referred to the Practice Owners or Data Protection Lead.

Before disclosing CCTV footage, the practice will:

verify the identity and authority of the person or organisation making the request
consider the lawful basis for disclosure
consider whether disclosure is necessary and proportionate
consider the rights of any individuals shown in the footage
disclose only the minimum necessary footage
transfer footage securely
keep a written record of the disclosure.

If unsure, the practice may seek advice from the ICO, indemnity provider or legal adviser before disclosure.

13. Access and security

Access to CCTV footage is restricted to authorised individuals only.

Authorised individuals must:

access footage only for legitimate practice purposes
keep login details confidential
not share CCTV access with unauthorised individuals
not download, copy or save footage unless necessary and authorised
ensure footage is transferred securely where disclosure is lawful
not use CCTV footage for personal reasons
report any suspected unauthorised access or breach immediately.

Unauthorised access to CCTV footage may be treated as a confidentiality or data protection breach.

14. Staff and workplace privacy

CCTV is used for security and safety purposes. It is not used for routine staff-performance monitoring.

However, CCTV footage may be reviewed where there is a legitimate reason, such as a security incident, serious complaint, health and safety incident, suspected misconduct, unauthorised access, theft, violence, safeguarding concern or other serious matter.

Any review of CCTV involving staff will be proportionate, limited to the matter being investigated and handled confidentially.

15. Maintenance and checks

The CCTV system will be checked periodically to ensure that:

cameras are functioning
footage is being recorded where intended
image quality is adequate for the stated purposes
date and time settings are accurate where possible
retention settings are appropriate
cameras are not covering unnecessary or inappropriate areas.

Any faults should be reported to the Practice Owners.

16. Data breaches involving CCTV

Any suspected data breach involving CCTV must be reported immediately to:

Dr Mihail Drug-Ionescu
or
Dr Roxana Drug-Ionescu

Examples may include:

unauthorised access to footage
footage sent to the wrong person
footage downloaded or copied without authority
CCTV account compromise
loss of exported footage
unnecessary disclosure of third-party images
CCTV footage retained longer than necessary without reason.

The practice will investigate and manage any CCTV breach in line with the Data Protection Policy and Information Governance Procedures.

The ICO confirms that personal data breaches that meet the reporting threshold must be reported without undue delay and within 72 hours of becoming aware of the breach.

17. Complaints

Any concern or complaint about CCTV should be raised with the Practice Owners or Data Protection Lead.

The practice will review the concern and respond appropriately.

Individuals also have the right to complain to the Information Commissioner's Office if they are unhappy with how their personal data has been handled.

18. Review

This policy will be reviewed periodically, or sooner if:

CCTV equipment changes
camera locations change
supplier arrangements change
data protection guidance changes
the practice introduces audio recording, which would require separate assessment
CCTV is introduced in additional areas
a CCTV-related incident occurs.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_157127007_1	1 minute	Set by Google to distinguish users.
_gat_UA-157127007-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.

Book Your Appointment Today

Dental Treatments

Facial Aesthetics

Physiotherapy