The Bere Ferrers Social Club

Privacy, GDPR and CCTV policies

Privacy Policy   

The BFS Club

1. Who are we?

The Bere Ferrers Social Club (The BFS Club) collects, uses and is responsible for certain personal information about you. This means that we are responsible as ‘controller’ of that personal information for the purposes of General Data Protection Regulation which applies to us accordingly. We are committed to protecting and respecting your privacy. This policy, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Our address is Fore Street, Bere Ferrers, Yelverton PL20 7JJ.

Our website is www.thebfsclub.co.uk that is owned and operated by The BFS Club.

2. Your personal data – what is it?

Under the UK General Data Protection Regulation (‘UK GDPR’), personal data is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’), by reference to an identifier such as a name, telephone number, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

3. Who is the data controller?

The BFS Club is the data controller. This means that we are responsible for your personal data once we collect it, we decide how your personal data is processed and for what purposes and how long we store it for.

4. Personal Data we collect:

• Name
• Date of Birth
• Address
• Email address
• Telephone number (mobile and/or landline)
• Bank details
• Booking and purchasing information e.g. events
• Customer feedback

5. Lawful Processing

The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever personal data is to be processed:

The BFS Club processes your data under the basis of legitimate interest, in order to enable you to become or continue being a member of the Club, whether this be temporary or permanent,

6. How do we process your personal data?

The BFS Club complies with its obligations under the Data Protection Act (the Act) and the UK GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data, as well as providing data protection training to our staff.

We use your personal data for the following purposes:

• Where we engage with users for membership and dining. We may collect and process personal data in order to satisfy a membership obligation.

• Personal data from our users, which covers both potential and prior users to manage the membership and other facilities of the BFS Club, is held securely in our internal systems. This information is entered into the system after contact is made between a staff member of The BFS Club and an individual

• We collect personal data as part of the administration, management, and promotion of our business activities.

• We have a contact form on our website where we may collect your name, email address and telephone number. We also ask to collect your opt-in consent to keep you up to date with our news.

• When you make a phone call or send an e-mail to seek information about our services

• Through our use of the Cookies on our website (please read out Cookie Policy here)

• When you register for events

7. Sharing your personal data

We will only share personal data with others when we are legally required to do so.

Personal data held by us may be transferred to:

• Third party organisations that otherwise assist us in providing goods, services, or information.
• Auditors and other professional advisers
• Law enforcement or regulatory agencies or those required by law or regulations.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

8. Third Party Websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

9. Protecting your personal data

The data that we collect from you will be processed at our servers in the USA.

Data Security

To help protect the privacy of data and personally identifiable information you transmit through use of our website, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those who need to know that information to provide benefits or services to you.

10. How long do we keep your personal data?

We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically six years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our clients. In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

11. Data Rights

Your data subject rights are listed below:

• the right of access.
• the right to rectification.
• the right to erasure or right to be forgotten.
• the right to restriction of processing.
• the right to be informed.
• the right to data portability.
• the right to object.
• the right not to be subject to a decision based solely on automated processing.

If you wish you exercise any of the above rights, please contact us at secretary@thebfsclub.co.uk

or write to The Data Controller. The BFS Club, Fore Street, Bere Ferrers, Yelverton PL20 7JJ

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

13. Changes to this privacy policy

This privacy policy was last updated on 26/09/2023. We reserve the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to us will be deemed to signify your acceptance to the variations.

14. Complaints

For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

Contact details

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)

General Data Protection Policy   

1. Introduction

1.1 This policy covers all activities of the BFS CLUB, where personal data is controlled or processed as defined by the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”).

1.2 Protecting personal data is vital not only to maintain the trust placed in THE BFS CLUB by its members but also to demonstrate The BFS CLUB’s commitment to data protection. As such, adherence to this policy and its intent is a mandatory obligation for BFS CLUB Trustees, Committee and contractors.

1.3 Should the BFS CLUB’s Trustees come to the view that data held by The BFS CLUB falls out of the scope of this policy, then written confirmation of such must be obtained from the Data Protection Officer (DPO) in advance of any potential divergence from full adherence to this policy.

2. Background

2.1 Background: The UK GDPR supersedes the EU General Data Protection Regulation (“EU UK GDPR”) (EU Regulation 2016/679), on the protection of natural persons relative to the processing of personal data and on the free movement of such data. The purpose of the UK GDPR is to protect the “rights and freedoms” of natural persons (i.e., living individuals) by ensuring that data controllers are accountable for ensuring that personal data is processed according to the six data processing principles.

2.2 Material scope: The UK GDPR applies to the processing of personal data wholly or partly by automated means (e.g., by computer) and to the processing other than by automated means of personal data (e.g., paper records) which form part of a filing system or are intended to form part of a filing system.

2.3 Territorial scope: The UK GDPR applies to all data controllers established in the UK that process the personal data of data subjects, in the context of that establishment. It also applies to controllers outside of the UK who process personal data to offer goods and services or monitor the behaviour of data subjects who are resident in the UK.

2.4 Terminology: A comprehensive list of terms used in the UK GDPR is at Appendix 1.

3. Policy statement

3.1 THE BFS CLUB is committed to compliance with all relevant EU and Member State laws in respect of personal data and to the protection of the “rights and freedoms” of individuals whose information has been collected and processed in accordance with the UK GDPR.

3.2 Compliance with the UK GDPR is described by this policy and other relevant policies, along with connected processes and procedures.

3.3 The UK GDPR and this policy apply to all personal data processing functions, including those performed on members’ personal data, and any other personal data which The BFS CLUB processes from any source.

3.4 The Club Secretary shall ensure that the Record of Processing Activities (“RoPA”) is reviewed annually in light of any changes to BFS CLUB’s processing activities and for any additional requirements identified by means of any data protection impact assessments (“DPIA”).

3.5 This policy applies to all BFS CLUB members wherever they work. Any breach of the UK GDPR will be dealt with under BFS CLUB’s Disciplinary Policy.

4. Roles and responsibilities

4.1 BFS CLUB is the data controller and/or data processor as defined in the UK GDPR.

4.2 The Trustees and all those in managerial or supervisory roles throughout BFS CLUB are responsible for developing and encouraging good information handling practices within their respective areas of responsibility.

5. Data protection principles

5.1 All processing of personal data must be conducted in accordance with the data protection principles as set out in Article 5 of the UK GDPR and as detailed below. BFS CLUB policies and procedures are designed to ensure compliance with the principles. Individual policies and procedures define the responsibilities of members in respect to their accountabilities.

5.2 Principle 1: Personal data must be processed lawfully, fairly, and transparently.

5.2.1 Lawful: Identify a lawful basis before you can process personal data. These are often referred to as the “conditions for processing”, for example consent or legitimate interests.

5.2.2 Fairly: For processing to be fair, the data controller has to make certain information available to the data subjects as practicable. This applies whether the personal data was obtained directly from the data subjects or from other sources.

5.2.3 Transparency: The UK GDPR includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are detailed and specific, placing an emphasis on making privacy notices understandable and accessible. Information must be communicated to the data subject in an intelligible form using clear and plain language. The specific information that must be provided to the data subject must, as a minimum, include:

a. the identity and the contact details of the controller and, if any, of the controller’s representative.

b. the contact details of the data controller.

c. the purposes of the processing for which the personal data are intended as well as the legal basis for the processing.

d. the period for which the personal data will be stored.

e. the existence of the rights to request access, rectification, erasure or to object to the processing, and the conditions (or lack of) relating to exercising these rights, such as whether the lawfulness of previous processing will be affected.

f. the categories of personal data concerned.

g. the recipients or categories of recipients of the personal data, where applicable.

h. where applicable, that the controller intends to transfer personal data to a recipient in a third country and the level of protection afforded to the data.

i. any further information necessary to guarantee fair processing.

5.3 Principle 2: Personal data can only be collected and processed for specific, explicit, and legitimate purposes.

5.3.1 Personal data collected must not be processed in a manner which is incompatible with the purpose for which it originally was collected.

5.4 Principle 3: Personal data must be adequate, relevant, and limited to what is necessary for processing.

5.4.1 The DPO is responsible for ensuring THE BFS CLUB does not collect information which is not strictly necessary for the purpose for which it is obtained.

5.4.2 All data collection forms (electronic or paper-based), including data collection requirements in new information systems, must include a privacy notice or link to a privacy notice that is approved by the DPO.

5.4.3 On a regular basis, the DPO will review all data collection methods to ensure that collected data continues to be adequate, relevant, and not excessive.

5.5 Principle 4: Personal data must be reasonably accurate, kept up to date in the context of the purposes for which it was collected, and retained in accordance with the Record Retention & Disposal (“RR&D”) Policy and associated Record Retention & Disposal (“RR&D”) Schedule.

5.5.1 Data stored by THE BFS CLUB must be reviewed and updated, as necessary. No data should be kept unless it is reasonable to assume that it is accurate.

5.5.2 The DPO is responsible for ensuring that all employees are trained appropriately in the importance of collecting accurate data and maintaining it.

5.5.3 The DPO is responsible for ensuring that appropriate procedures and policies are in place to keep personal data accurate and up to date, taking into account the volume of data collected, the speed with which it might change and any other relevant factors.

5.5.4 On at least an annual basis, the DPO will review the retention dates of all the personal data processed by THE BFS CLUB and will identify any data that is no longer required in the context of the registered purpose. This data will be securely deleted/destroyed in line with BFS CLUB procedures.

5.5.5 The DPO is responsible for responding to requests for rectification from data subjects within one month. This can be extended to a further two months for complex requests.

5.5.6 If, for legitimate reasons, the request is denied, the DPO must respond to the data subject to explain the reasoning and inform the data subject of their right to complain to the UK’s Information Commissioner’s Office and to seek judicial remedy. This activity does not preclude normal data quality improvement actions that are managed under business as usual.

5.5.7 The DPO is responsible for making appropriate arrangements, where third-party organisations may have been passed inaccurate or out-of-date personal data, to inform them that the information is inaccurate and/or out of date and is not to be used to inform decisions about the individuals concerned, and for passing any correction to the personal data to the third party where this is required.

5.6 Principle 5: Personal data processed must be kept for no longer than is necessary for the purpose for which it is processed.

5.6.1 Where personal data is retained beyond the period defined within the RR&D Schedule, it will be minimised, encrypted or pseudonymised where possible to protect the identity of the data subject in the event of a data breach. Prior to this happening a lawful basis to do so must be established and approved by the DPO, see section 5.6.3.

5.6.2 Personal data will be retained in line with the RR&D Schedule and, once its retention date is passed, it must be securely destroyed as set out in this procedure.

5.6.3 The DPO must specifically approve any data retention that exceeds the retention periods defined in RR&D Schedule and must ensure that the justification is identified clearly and in line with the requirements of the data protection legislation. This approval must be in writing.

5.7 Principle 6. Personal data must be processed in a manner that ensures appropriate security.

5.7.1 Where necessary, the DPO will ensure a risk assessment is completed taking into the account the processing operations of THE BFS CLUB.

5.7.2 In determining the appropriateness of the processing, DPO also should consider the extent of possible damage or loss that might be caused to members if a security breach occurs, the effect of any security breach on THE BFS CLUB and any likely reputational damage, including the possible loss of public trust.

5.7.3 THE BFS CLUB’s compliance with this principle is contained in its Information Security Management System (“ISMS”), which has been developed in line with ISO/IEC 27001:2013 and the ISP.

5.8 Accountability. As a data controller, THE BFS CLUB must be able to demonstrate compliance with the six data processing Principles detailed above. To this end, the DPO shall ensure that this policy is reviewed annually by the Trustees. This review shall determine the ongoing suitability of the policy that the policy is deployed effectively throughout THE BFS CLUB and that adequate resources are available to ensure its ongoing effectiveness.

6. Data subjects’ rights

6.1 Data subjects have the following rights regarding data processing, and the data that is recorded about them:

• The right to be informed – Article 12.

• The right of access – Article 15.

• The right to rectification – Article 16.

• The right to erasure (right to be forgotten) – Article 17.

• The right to restrict processing – Article 18.

• The right to data portability – Article 20.

• The right to object – Article 21.

• Rights in relation to automated decision making and profiling - Article 22.

6.2 THE BFS CLUB is mandated under Article 12 of the UK GDPR to facilitate the rights of data subjects for instance, responding to subject access requests as described in the Data Subject Access Request Procedure.

7. Basis of processing

7.1 THE BFS CLUB will determine the appropriate lawful basis of processing for all personal data obtained directly or indirectly from data subjects, including members.

7.2 Data subjects will be informed of the purpose for processing using privacy notice published on THE BFS CLUB website or by similar means.

7.3 Where personal data is obtained from third parties, the data subject will be sent a notice in compliance with Article 14 of the UK GDPR.

7.4 Where a special category of personal data, as defined by Article 9 of the UK GDPR, is processed, this shall be for one of the defined 10 exceptions as defined in the Article 9.

8. Security of data

8.1 All members are responsible for ensuring that any personal data which THE BFS CLUB holds and for which it is responsible is kept secure and is not, under any conditions, disclosed to any third party unless that third party has been specifically authorised to receive the personal data and, where required, signed an NDA.

8.2 New Trustees and Committee members, at all levels, as part of their induction process, are given guidance on where these documents can be found. Their need to comply with this policy is to be recorded.

9. Disclosure of data

9.1 THE BFS CLUB is under a lawful obligation to ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, government bodies, and in certain circumstances, the police.

9.2 All members should exercise caution when asked to disclose personal data held on another individual to a third party and will be required to attend specific training that enables them to deal effectively with the risk associated with any such disclosure of personal data.

9.3 Notwithstanding the foregoing it should be borne in mind that the disclosure of information is relevant to, and necessary for, the conduct of the business.

9.4 Requests to provide data for one of these reasons must be supported by appropriate paperwork and all such disclosures must be specifically authorised by the DPO.

10. Retention and disposal of data

10.1 The retention period for each category of personal data will be set out in the RR&D Policy along with the criteria used to determine this period including any statutory obligations to retain personal data. THE BFS CLUB’s data retention and disposal procedures (Storage Removal Procedure) as defined in the RR&D Schedule will apply in all cases.

10.2 Personal data must be disposed of securely in accordance with the sixth data processing principle – processed in an appropriate manner to maintain security, thereby protecting the “rights and freedoms” of data subjects.

10.3 Data is to be disposed of out in accordance with the secure disposal procedure.

11. Data transfers

11.1 All exports of data from within the European Economic Area (EEA) to non-European Economic Area countries (referred to in the UK GDPR as ‘third countries’) are unlawful unless there is an appropriate “level of protection for the fundamental rights of the data subjects”.

11.2 The transfer of personal data outside of the EEA is prohibited unless one or more of the specified safeguards, or exceptions apply:

• Adequacy decision

• Standard contract clauses (otherwise referred to as ‘Model contract clauses’)

• Binding corporate rules (“BCR”)

• International Agreements

• Derogation e.g., transfers made with the consent of the data subject.

11.3 In the absence of an adequacy decision, binding corporate rules and/or model contract clauses, a transfer of personal data to a third country or international organisation shall only take place on one of the following conditions:

• the data subject has consented explicitly to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards.

• the transfer is necessary for the performance of a contract between the data subject and the controller, or the implementation of pre-contractual measures taken at the data subject’s request.

• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person.

• the transfer is necessary for important reasons of public interest.

• the transfer is necessary for the establishment, exercise, or defence of legal claims.

• the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent.

12. Disciplinary Action

12.1 All committee members are to adhere to this policy and its intent. Failure to do so may result in disciplinary action being taken. Such action might include written or verbal warnings or instant dismissal in circumstances that amount to gross misconduct.

12.2 THE BFS CLUB reserves the right to take appropriate disciplinary action against contractors and self-employed service providers who fail to comply with this policy. Such actions include, but are not limited to, the termination of any contract with THE BFS CLUB.

12.3 Near misses /breaches may be reported to the Information Commissioner’s Office (ICO).

CCTV Policy   

Introduction

The BFS CLUB uses closed circuit television (CCTV) images to protect the Club’s property and to provide a safe and secure environment for staff and visitors to the Club’s premises. This policy sets out the details of how the BFS CLUB will collect, use and store CCTV images. For more information on your privacy rights associated with the processing of your personal data collected through CCTV images please refer to the Club's privacy notice and data protection policy.

The BFS Club’s CCTV facility, unless there are exceptional circumstances (see covert recording below), will only record images.  There is no audio recording i.e. conversations are not recorded on CCTV.

Purposes of CCTV

The BFS CLUB has carried out a data protection impact assessment and on the basis of its findings it considers it necessary and proportionate to install and use a CCTV system. The data collected from the system will assist in:

·         Prevention or detection of crime or equivalent malpractice.

·         Identification and prosecution of offenders.

·         Monitoring of the security of the BFS Club premises.

·         Ensuring that health and safety rules and BFS CLUB procedures are being complied with.

·         Identification of unauthorised actions or unsafe working practices that might result in disciplinary proceedings being instituted against staff and/or members and to assist in providing relevant evidence.

·         Promoting productivity and efficiency.

Location of cameras

Cameras are located at strategic points around the BFS CLUB’s premises, principally at the entrance and exit points. The BFS CLUB has positioned the cameras so that they only cover communal or public areas on the BFS CLUB’s premises and they have been sited so that they provide clear images.  No camera focuses, or will focus, on toilets or private offices. 

All cameras (with the exception of any that may be temporarily set up for covert recording) are also clearly visible.

Appropriate signs are prominently displayed so that members and other visitors are aware they are entering an area covered by CCTV. 

Recording and retention of images

Images produced by the CCTV equipment are intended to be as clear as possible so that they are effective for the purposes set out above.  Maintenance checks of the equipment are undertaken on a regular basis to ensure it is working properly and that the media is producing high quality images.

Images may be recorded either in constant real-time (24 hours a day throughout the year), or only at certain times, as the needs of the BFS CLUB dictate.

As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, once the hard drive has reached the end of its use, it will be erased prior to disposal. 

Images that are stored on, or transferred on to, removable media such as CDs or which are stored digitally are erased or destroyed once the purpose of the recording is no longer relevant.  In normal circumstances, this will be a period of 12 months].  However, where a law enforcement agency is investigating a crime, images may need to be retained for a longer period.

Access to and disclosure of images

Access to, and disclosure of, images recorded on CCTV is restricted.  This ensures that the rights of individuals are retained.  Images can only be disclosed in accordance with the purposes for which they were originally collected. 

The images that are filmed are recorded centrally and held in a secure location.  Access to recorded images is restricted to the operators of the CCTV system and to those line managers who are authorised to view them in accordance with the purposes of the system.  Viewing of recorded images will take place in a restricted area to which other employees will not have access when viewing is occurring.  If media on which images are recorded are removed for viewing purposes, this will be documented.

Disclosure of images to other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:

·         The police and other law enforcement agencies, where the images recorded could assist in the prevention or detection of a crime or the identification and prosecution of an offender or the identification of a victim or witness.

·         Prosecution agencies, such as the Crown Prosecution Service.

·         Relevant legal representatives.

·         Line managers involved with THE BFS CLUB disciplinary and performance management processes.

·         Individuals whose images have been recorded and retained (unless disclosure would prejudice the prevention or detection of crime or the apprehension or prosecution of offenders).

The Chairman of the BFS CLUB (or another senior committee officer acting in their absence) is the only person who is permitted to authorise disclosure of images to external third parties such as law enforcement agencies.

All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required.  If disclosure is denied, the reason will be recorded.

Individuals’ access rights

Under the UK’s data protection laws, including the General Data Protection Regulation (GDPR),  individuals have the right on request to receive a copy of the personal data that the BFS CLUB holds about them, including CCTV images if they are recognisable from the image. 

If you wish to access any CCTV images relating to you, you must make a written request to the THE BFS CLUB’s Data Protection Officer(DPO = The Club Secretary) . This can be done by using this email address secretary@thebfsclub.co.uk.  The BFS CLUB will usually not make a charge for such a request, but we may charge a reasonable fee if you make a request which is manifestly unfounded or excessive, or is repetitive. Your request must include the date and approximate time when the images were recorded and the location of the particular CCTV camera, so that the images can be easily located and your identity can be established as the person in the images. 

The BFS CLUB will usually respond promptly and in any case within one month of receiving a request. However, where a request is complex or numerous the BFS CLUB may extend the one month to respond by a further two months.

The BFS CLUB will always check the identity of the member making the request before processing it.

The Data Protection Officer (Club Secretary) will always determine whether disclosure of your images will reveal third party information, as you have no right to access CCTV images relating to other people.  In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy.

If the BFS CLUB is unable to comply with your request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, you will be advised accordingly.

Covert recording

The BFS CLUB is aware that covert recording can only be done in exceptional circumstances for example where the BFS CLUB suspects criminal activity taking place. On this basis the BFS CLUB will only undertake covert monitoring if it has carried out a data protection impact assessment which has addressed the following:

·           the purpose of the covert recording;

·           the necessity and proportionality of the covert recording;

·           the risks to the privacy rights of the individual(s) affected by the covert recording;

·           the time parameters for conducting the covert recording

·           the safeguards and/or security measures that need to be put in place to ensure the covert recording is conducted in accordance with the data protection laws, including the GDPR.

If after undertaking the data impact assessment the BFS CLUB considers there is a proportionate risk of criminal activity, or equivalent malpractice taking place or about to take place, and if informing the individuals concerned that the recording is taking place would seriously prejudice its prevention or detection, the BFS CLUB will covertly record the suspected individual(s). In doing this the BFS CLUB will rely on the protection of its own legitimate interests as the lawful and justifiable legal basis for carrying out the covert recording.

Before the covert recording commences the BFS CLUB will ensure that Club Chairman (or another senior committee member acting in their absence) agrees with the findings of the data protection assessment and provides written authorisation to proceed with the covert recording. 

Covert monitoring may include both video and audio recording.

Covert monitoring will only take place for a limited and reasonable amount of time consistent with the objective of assisting in the prevention and detection of particular suspected criminal activity or equivalent malpractice.  Once the specific investigation has been completed, covert monitoring will cease.

Information obtained through covert monitoring will only be used for the prevention or detection of criminal activity or equivalent malpractice.  All other information collected in the course of covert monitoring will be deleted or destroyed unless it reveals information which the BFS CLUB cannot reasonably be expected to ignore.

Implementation

The BFS CLUB’s Data Protection Officer (THE CLUB SECRETARY) is responsible for the implementation of and compliance with this policy and the operation of the CCTV system and they will conduct a regular review of the BFS CLUB’s use and processing of CCTV images and ensure that at all times it remains compliant with the laws regulating data protection and privacy.  Any complaints or enquiries about the operation of the THE BFS CLUB’s CCTV system should be addressed to the Club Secretary

Data Protection

The BFS CLUB will process the personal data collected in connection with the operation of the CCTV policy in accordance with its data protection policy and any internal privacy notices in force at the relevant time. Inappropriate access or disclosure of this data will constitute a data breach and should be reported immediately to the BFS CLUB’s Data Protection Officer in accordance with the BFS CLUB’s data protection policy. Reported data breaches will be investigated and may lead to sanctions under the BFS CLUB’s disciplinary procedure.