CCTV Policy

This section sets out the appropriate actions and procedures which Grange Hotels follows in respect of the use of CCTV (closed circuit television) surveillance systems (“CCTV Systems”) at our premises.

Please note that all properties are monitored by CCTV 24 hours a day. Grange Hotels reserves the right for its employees and contractors to review footage as required and by entering onto our sites you consent to your image being recorded and reviewed. Recorded CCTV footage will be stored securely and retained in compliance with relevant laws. Grange Hotels, managed by Globalgrange Limited, is registered as a Data Controller with the ICO, Registration Number: Z6248372.

In drawing up this policy, due account has been taken of the following:

  1. Relevant Data Protection legislation(s);
  2. The CCTV Code of Practice produced by the Information Commissioner (“Code of Practice”); and
  3. General Data Protection Regulation (GDPR)

This policy will cover all employees and persons providing a service to Grange Hotels, visitors and all other persons whose image(s) may be captured by our CCTV Systems.

In processing CCTV surveillance data, our staff will consider carefully the type of personal data being processed and in particular whether there is any personal data which falls within the definition of “sensitive personal data” or “special category personal data” as defined in law. Such data includes:

  • Ethnic origin or race;
  • Political opinion;
  • Religious and philosophical beliefs;
  • Trade Union membership;
  • Health – mental or physical;
  • Sexual life or sexual orientation
  • Genetic data; and
  • Biometric data for the purpose of uniquely identifying a natural person.

We will also ensure that the personal data is only processed in accordance with the following requirements:

  • It will be processed fairly, lawfully and in a transparent manner;
  • It will only be collected for specified, explicit and legitimate purposes and not further processed in any manner incompatible with those purposes;
  • It will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • It will be accurate and, where necessary, kept up to date;
  • It will not be kept for longer than is necessary for the purposes for which the personal data are processed; and

It will be processed in a manner that ensures appropriate security of the personal data.

Initial Assessment Procedures

Grange Hotels has the legal responsibility for the day-to-day compliance with the requirements of this policy.

The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for the prevention or detection of crime or disorder, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), interest of public and employee Health and Safety, protection of public health and the protection of the Our property and assets.

Prior to any camera installation, we ensure that the installation complies with this policy and that the use of any camera is justified, necessary and proportionate. The Data Protection Officer (DPO) will regularly assess whether the use of any camera and the CCTV System as a whole continues to be justified, necessary and proportionate.

Siting the Cameras

The location of the equipment is carefully considered, because the way in which images are captured needs to comply with relevant laws.

All cameras are located in prominent positions within public and staff view and do not infringe on sensitive areas. All CCTV surveillance is automatically recorded and any breach of this siting policy will be detected via controlled access to the CCTV System and auditing of the CCTV System.

We have signs in place at main entry points informing people that CCTV is in operation and images are being monitored and recorded for the purposes of crime prevention and public safety.

Quality of the Images

The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained regularly.

Processing the images

Images which are not required for the purpose(s) for which the equipment is being used will not be retained for longer than is necessary. While images are retained, it is essential that their integrity be maintained, whether it is to ensure their evidential value or to protect the rights of people whose images may have been recorded. Access to and security of the images is controlled in accordance with relevant laws.

All images are digitally recorded and stored securely within the system’s hard drives. Images are stored for a minimum of 14 days, and stored for no more than 31 days.

Where the images are required for evidential purposes or disciplinary proceedings, a copy file will be moved to an access controlled confidential location on the network and held until completion of the investigation. Viewing of images within the system is controlled by the CCTV Officer or a person nominated to act on their behalf. Only persons trained in the use of the equipment and authorised by the DPO can access data.

Access to and disclosure of images to third parties

Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved and the continuity of evidence remains intact should the images be required for evidential purposes e.g. a police enquiry or an investigation being undertaken as part of an internal procedure.

Access to the medium on which the images are displayed and recorded is restricted to the DPO, the CCTV Officer, staff authorised by them and third parties as authorised from time to time for specific purposes. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected.

Access to images by individuals

GDPR gives any individual the right to request access to CCTV images which contain their personal data.

Individuals who request access to images must submit this formally in writing, with sufficient details to identify the section of footage with which they are concerned and to enable Grange Hotels to satisfy itself that the person making the request is the data subject of that specific recording. Upon receipt of the request, the CCTV Officer, or another member of staff authorised by the DPO, will determine whether disclosure is appropriate and whether there is a duty of care to protect the images of any third parties. If the duty of care cannot be discharged then the request can be refused.

A written response will be made to the individual, giving the decision (and if the request has been refused, giving reasons) within 30 days of receipt of the request.


The Information Commissioner’s Office has the power to bring enforcement actions against companies where it considers that there’s been a breach of one or more of the Data Protection principles.

If you have any complaints relating to this CCTV policy or our use of your personal data, please contact us: The Data Protection Officer, Grange Hotels, 58 Rochester Row, London, SW1P 1JU or by email to

Please visit to read more about our privacy policy.

You also have the right to make a complaint to the Information Commissioner’s Office. Further information can be found at