This document provides guidelines for applying data privacy principles to the operation of closed-circuit television (CCTV) surveillance systems at Bloomberry Resorts and Hotels, Inc. and Sureste Properties, Inc. (collectively, the “Company”).
CCTV surveillance refers to camera surveillance systems that capture images or information relating to individuals.
The Company aims to provide a safe and secure environment to protect its Team Members and guests. To this end, the Company operates a CCTV surveillance system:
- to increase personal safety and reduce the fear of crime;
- to protect and manage the safety of its facilities and assets;
- to aid investigation of security-related incidents;
- to support government authorities in deterring and detecting crime, and provide assistance in identifying, apprehending and prosecuting offenders;
- to comply with the Philippine Amusement and Gaming Corporation‘s (PAGCOR) surveillance requirements;
- to provide ancillary services in support of the Company’s goals.
CCTV SYSTEM AND OPERATION
- CCTV surveillance involves the collection, recording, processing, and possible disclosure of images of individuals.
- The Company’s CCTV surveillance system may be comprised of a range of fixed-position cameras, Pan-Tilt-Zoom cameras, monitors, multiplexers, digital recorders, public information signs, and other related equipment.
- Cameras will be located at various places and may be relocated from time to time. CCTV may provide coverage for:
- lobbies and hallways;
- hotel areas;
- gaming floor areas;
- areas where cash, high-value equipment, and high-value information are stored or handled;
- areas with high-risk equipment or processes. e.g. server Room;
- parking area;
- other areas as required by the business.
- The public shall be notified of CCTV surveillance operations through signage installed at various entry points.
- Any incident, misconduct, commotion or event which requires action and is detected or recorded by CCTV shall be dealt with in accordance with Company policies or procedures..
- Suspected criminal activity recorded on CCTV may be forwarded to government authorities, as needed.
- The placement of CCTV equipment shall not unreasonably intrude on the privacy of individuals:
- CCTV cameras shall not be placed in private bathrooms or pantries;
- CCTV footage shall only be viewed by authorized personnel and for authorized purposes, in accordance with Company policies.
- Surveillance personal and other authorized persons may view real-time and recorded data that cover areas that they manage in accordance with procedures outlined in the next section.
- Any or all cameras and sound recorders may operate 24 hours per day, 7 days per week, depending on the discretion of the Admin Manager and Security Officer-in-charge in consultation with the DPO.
CCTV FOOTAGE ACCESS, STORAGE AND USE
- CCTV footage is stored in secure hard drives or similar storage device.
- Access to servers or hard drives containing CCTV footage is governed by the Company’s IT policies.
- CCTV footage shall be recorded on the hard drive for no more than 30 days (or shorter as the business or regulatory need arises) before being overwritten in a continuous recording cycle. Where an incident or suspected incident has been identified, relevant portion of the footage is to be retained for that incident.
- Any written request by an individual for a copy of the footage identifying them personally will be referred to the Head of the Surveillance Department and Data Protection Officer for consideration. Refer to Access Request Form for the application form. Any response to a request will include considerations of the ease of access to the footage, and the need to protect other people’s privacy. If a request for a copy of the footage is unable to be granted without unreasonably breaching others’ privacy, a written description may be provided of activities in the footage pertaining to the individual requesting the information or a viewing of footage may be arranged.
- The Data Protection Office and Head of Surveillance Department shall allow access to relevant CCTV footage to the following personnel and reasons only:
- Company’s authorized personnel who have requested footage under the terms of this policy;
- Contractors on site specifically working on the CCTV equipment at the request of the Surveillance Department;
- Government authorities as authorized by a final court order;
- Individuals who have formally requested information pertaining to themselves at the authorization and direction of the Data Protection Officer and as authorized by the Head of the Surveillance Department.
- The Company will take reasonable steps to ensure that public disclosure of CCTV footage does not occur (i.e., not upload footage to internet, not publish still images in newspapers, not circulate it widely by email) unless otherwise required for legal or regulatory compliance and upon authorization from Management.
- The Company shall take reasonable steps to check CCTV images are accurate, complete, relevant and not misleading before using them.
- All access requests to CCTV footage and images shall be logged.
- Any complaint about the CCTV footage in relation to data privacy shall be received in accordance with the Company’s formal complaints process.
- Any such complaint shall be forwarded to the Data Protection Officer for consideration and action.
COPIES OF POLICY