Privacy Policy

Use of CCTV for staff and visitors to our Buildings

What is the purpose of this policy?

Covéa Insurance Services Limited (the Company) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are committed to protecting the privacy and security of your personal information and we are required under data protection legislation to notify you of the information contained in this privacy policy.

This privacy policy applies to visitors to our offices and car parks that may be captured by our CCTV systems, which are installed for security purposes. It makes you aware of how and why your personal data will be used and how long it will usually be retained for in accordance with the General Data Protection Regulation (UK-GDPR). We may update this policy at any time, to reflect changes in our practices or data protection law.

It is important that you read this policy, together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy policy. If you have any questions about this privacy policy or how we handle your personal information, please contact the DPO at dataprotection@coveainsurance.co.uk. 

Use of CCTV

Covéa Insurance has CCTV in operation in all of its main sites, which will capture images of visitors and staff who are on the premises and car parks. Where cameras are in use there will be signs in place to inform you of this.

Data Protection Principles

We will comply with data protection principles which say that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. Static and moving images, and vehicle registration numbers are captured on CCTV and may help identify an individual. We may also incidentally capture data classed as special category data, although we do not set out to do so.

Our legal basis for processing your personal data

We use the legal basis under UK-GDPR of legitimate interest, it is in our legitimate interest to process personal data on CCTV for the purposes shown below.

How we will use your personal information

We will only use your personal information when the law allows us to.

We install and monitor CCTV and process the personal data captured by it for the following purposes –

  • To ensure the health and safety of employees, business partners and other visitors to our buildings
  • To assist in the deterrence, detection and prevention of crime
  • To create a safer environment
  • To assist with any disciplinary investigations, if appropriate to do so
  • To assist with the defence of legal or insurance claims made against us

Change of purpose 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to  do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data sharing

We may share CCTV footage and your data contained within it if asked to do so by police or other law enforcement bodies, or by insurance companies in respect of claim incidents captured by the cameras.

Generally footage is for internal purposes only and we do not routinely share footage or the data contained within it with any external organisation.

Where the data is processed

All data is processed on our premises, and is not processed outside the UK.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to view it. They will only  process your personal information for the purposes outlined above.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will retain CCTV footage for up to 35 days before deleting via overwriting of the storage device.

Rights of access, correction, erasure and restriction

UK-GDPR gives you certain rights over your data, the following are relevant for the data captured on CCTV –

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

If you want to exercise any of the above rights, please contact us via dataprotection@coveainsurance.co.uk

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Further and full information about your rights under data protection law can be found here.

Changes to this privacy policy

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

How to contact us

We have appointed a Data Protection Officer who is responsible for overseeing of how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you please write to us at: dataprotection@coveainsurance.co.uk.

You also have a right to complain to the Information Commissioners Office if you believe we have not processed your data in accordance with data protection law – http://www.ico.org.uk/concerns.