top of page

CCTV & Access-Control Policy

Granby Village Management Company Ltd
(Compliant with the UK GDPR and Data Protection Act 2018)

​

1. Purpose of this Policy

This policy explains how Granby Village Management Company Ltd (“the Company”) operates and manages its CCTV, ANPR/Car Registration logging and electronic access-control systems, including optional biometric authentication, across the Granby Village complex — including the leisure centre, pool, car park, and games room — in accordance with data-protection law.

The systems are used to:

  • Maintain the safety and security of residents, visitors, staff, and property;

  • Deter, detect, and investigate crime, antisocial behaviour, or vandalism;

  • Monitor and address breaches of the lease or building and Leisure Centre rules; and

  • Control and record access to communal and restricted areas.

​​

2. Scope

This policy covers all CCTV cameras (video + audio where fitted) and access-control systems within Granby Village, including:

  • Entrances, lobbies, corridors, stairwells, lifts, car parks, store rooms, bin stores, bin chutes rooms, plant rooms, and external perimeters;

  • The Leisure Centre areas (reception, gym, pool access, studio, and games room — not changing or toilet areas);

  • Doorways and gates controlling resident and visitor access either on foot or by transport.

  • Vehicle registration plate capture systems (automatic number-plate recognition – ANPR) at car parks/gates, including any linkage with access-control systems.

Privately installed cameras or locks inside individual apartments are outside this scope.

​

3. Roles and Responsibilities

  • Data Controller: Granby Village Management Company Ltd

  • Data Processor: Appointed managing agent or caretaker acting under instruction

  • Authorised Personnel: Only approved management or Directors may access recordings or logs

  • Residents: Must not access or distribute CCTV, audio, or access data without authorisation

​​

4. Legal Basis for Processing

Data Type Lawful Basis Notes

CCTV video, audio, and standard access logs Article 6(1)(f) – Legitimate Interests For safety, crime prevention, and rule enforcement

Voluntary biometric data (facial/fingerprint templates) Article 9(2)(a) – Explicit Consent Participation optional; non-reversible templates only

​

Data type: Vehicle registration plate data (timestamped)
Article 6(1)(f) – Legitimate interests (or Article 6(1)(a) if using consent) – for ensuring security of the car park and authorised access;

  • To control and record entry/exit of vehicles to the car park.

  • To automatically open gates for registered vehicles thereby enhancing convenience and security.

  • To deter unauthorised vehicles and support investigations of incidents.

​

A Legitimate Interest Assessment (LIA) confirms that audio/video recording and access logging are proportionate and respect privacy.
Audio recording is restricted to security-sensitive areas (e.g. entrances, reception desks, or when an incident is detected) and never used for routine monitoring or conversations.

​

5. Operation of the Systems

CCTV

  • Operate 24 / 7 where installed.

  • Cameras are located only where necessary and never in private areas (toilets, changing rooms, private flats).

  • Audio recording is recorded alongside the video as part of the intercom and CCTV system. Relevant signage is displayed in areas where video and audio recording is performed. 

  • All recordings are password-protected.

  • ANPR/Car Registrations data (date stamped) is captured by the car park cameras for residents, visitors, and contractors; and who gave the access to the vehicle. 

​​

Access Control

  • Entry uses registered key fobs, key cards, pin codes, mobile credentials, or optional biometric verification.

  • Each access event records date/time, door/area (e.g. gym, games room, car park), access method, name and user ID.

  • ANPR/Number (date stamped) plate information may be used to open gates automatically for the residents convenience. 

​​

Biometric Processing

  • Voluntary participation only.

  • System stores cryptographic templates, not images or raw fingerprints.

  • Templates encrypted at rest & in transit, deleted immediately upon withdrawal of consent or access termination.

​​

6. Viewing, Access & Audit Controls

  • Only authorised personnel may view or listen to recordings or retrieve access logs.

  • All system access is logged (user, reason, date, time).

  • Data reviewed only for legitimate purposes such as incident investigation, complaint resolution, or law-enforcement request.

  • The system will be reviewed annually (or immediately following any major change of technology or incident) to ensure compliance, effectiveness and proportionality, and to reassess any residual risks.

​​

7. Retention of Data

Data Type Retention Period Disposal Method

CCTV video + audio: 30 days (normally) Automatic secure overwrite / deletion

Access-control logs: 90 days Automatic secure overwrite

Captured registration/ANPR plate data will be retained for 90 days unless required for an investigation, after which it is securely deleted/overwritten.

Biometric templates: Active consent period only Immediate secure erasure on withdrawal (users can delete this themselves)

Longer retention is allowed only where an active investigation or legal proceeding requires it.

​

8. Disclosure & Sharing of Information

Data is shared only when necessary and proportionate.

​

Authorised Recipients

  • Police / law enforcement – on request or for crime investigation.

  • Granby Village Directors - May review relevant footage, audio, car registration logs or access logs to assess reported or suspected incidents and to assist in operational or disciplinary decision-making on behalf of the Management Company.

  • Managing Agent - The appointed managing agent may access CCTV, audio, and access-control data as a data processor, acting under the written instruction of Granby Village Residents’ Management Company Ltd.
    Access is restricted to authorised staff and used solely for legitimate building-management, maintenance, or incident-handling purposes.

  • Residents – Limited stills or access extracts may be shared internally to help identify individuals in unlawful security incidents, subject to redaction. Care Registration number plate details may be shared to help identify residents or guests. 

​​

Prohibited Sharing
No video, audio, or access data may be posted publicly or online unless required by law or authorised by the police.

​

9. Data-Subject Rights

Individuals recorded by CCTV, audio, car registrations stored or access-control systems have the right to:

  • Request access to their data;

  • Request correction or erasure (where applicable);

  • Withdraw biometric consent at any time;

  • Object to processing under legitimate interests;

  • Lodge a complaint with the Information Commissioner’s Office (ICO).

Contact: management@scanlanspm.com
Data Controller
Granby Village Management Company Ltd

​

10. System Maintenance & Review

  • Systems maintained and tested regularly for quality and security.

  • Audio recording functions checked to ensure activation only in permitted areas.

  • Leisure Centre and games-room cameras verified to exclude private zones.

  • Policy reviewed annually or after any major incident or technical change.

​​

11. Unauthorised Disclosure

Any unauthorised copying or distribution of CCTV, audio, or access data is strictly prohibited and may constitute a personal-data breach under the UK GDPR, leading to disciplinary, civil, or regulatory action.

​

12. Contact Details

Data Controller: Granby Village Residents’ Management Company Ltd
management@scanlanspm.com

Heading 2

bottom of page