Worksop Workspace

Worksop Workspace

CCTV notice

Effective from 2026-05-29. Last updated 2026-06-20.

CCTV Policy

Worksop Workspace · Operations · Legal & Compliance · Phase 1 reference

Important — what this doc is and isn't

This is the policy that governs Worksop Workspace's use of CCTV. CCTV in a workplace is a high-impact form of monitoring under UK GDPR — handled badly, it's both illegal and a serious trust violation. Handled correctly, it's a legitimate security control that members generally support.

This policy applies to any CCTV operated by Worksop Workspace. The building's landlord may operate separate cameras at building entrances; those are covered by the landlord's own policy.

1. Why we have CCTV

CCTV is in place at Worksop Workspace for the following purposes:

  • Security of the building — deterring and detecting unauthorised access, theft, vandalism, and forced entry
  • Safety of members, visitors, and staff — supporting incident response (slip / trip / fall, medical emergency, conflict)
  • Investigation of complaints and incidents — providing an evidence record after the event, where relevant
  • Insurance and regulatory — supporting our property and liability cover, and any required investigations

We do not use CCTV for:
  • Monitoring staff productivity
  • Monitoring member behaviour generally
  • Marketing or any commercial purpose
  • Sharing with third parties except as set out in §7

2. Lawful basis

The processing of personal data via CCTV is based on legitimate interest under Article 6(1)(f) of UK GDPR. A Legitimate Interest Assessment (LIA) and a Data Protection Impact Assessment (DPIA) have been completed and are held in Drive at `06-legal-and-compliance/cctv/`.

The interests are: protecting people, property, and the operation of the space. The necessity is: alternative measures (signage, presence of staff, locks) reduce risk but don't replace the after-the-event evidence and deterrent value of CCTV.

The balancing test concluded that the legitimate interest is not overridden by the rights of those captured, provided that:

  • The cameras are clearly signposted
  • Cameras do not cover private areas (toilets, private offices' interiors)
  • Footage is retained no longer than necessary
  • Access is restricted

This document codifies those provisions.

3. What is covered

CCTV in scope:

| Location | View | Field of view |
|---|---|---|
| Main entrance | Inside, facing the door | Anyone entering or leaving |
| Reception | Reception desk and front-of-house | The transactional space; not the hot-desk seating |
| Hot desk area | High wide-angle, ceiling-mounted | Communal area only |
| Kitchen / refreshments | Counter and kettle area | Public-facing |
| Rear fire exit | Inside, facing the door | Egress only |
| Car park (if applicable) | External, facing access points | Building approach |

What is not covered:

  • Toilet interiors and approaches
  • Inside private offices
  • Inside the meeting room
  • Personal lockers
  • Any area where members have a reasonable expectation of privacy

This list reflects Phase 1. Adding any new camera requires a fresh DPIA entry and a policy update.

4. Signage

A1-sized notice at the main entrance: "CCTV in operation for security purposes. Operator: Worksop Workspace. Contact: hello@worksopworkspace.co.uk."

A smaller notice in the kitchen and hot-desk area: "You are in an area covered by CCTV."

Signs are placed:

  • Before a person enters the camera's field of view
  • Clearly visible at normal eye level
  • Identifying us as the operator and a contact for queries
  • Stating the purpose (security)

5. Retention

Footage is retained for 30 days from recording, then overwritten on a rolling basis by the recording system.

Exceptions where footage may be retained longer:

  • An ongoing investigation or complaint — retained until resolution + 30 days
  • A request from the police or another lawful authority — retained as instructed
  • A live insurance claim — retained until claim resolution
  • A live SAR or other data subject request — retained while the request is open

Retained footage is exported, encrypted, and stored separately (Drive's restricted CCTV folder) with a clear note of why and an expected destruction date.

6. Who can access footage

| Person | What they can do |
|---|---|
| Connor (director) | View live; download for stated reasons; authorise exports |
| Future named CCTV operator (if appointed) | Same as Connor |
| All other staff | Cannot view live or recorded footage as a routine. May escalate a request to Connor. |
| Members | Their own image only — via a Subject Access Request |
| Third parties (police, insurer, legal counsel, courts) | Per §7 |

Every access to footage is logged: who, when, why, what was viewed or exported.

7. Sharing with third parties

We share footage only:

  • With the police when responding to a request relating to a specific crime (a written or formal request; not a verbal "can you have a look")
  • With insurers where relevant to a claim involving us
  • With our legal advisers when needed for advice or proceedings
  • With courts where required by an order
  • With the affected person if they make a SAR for their own image

We don't share footage with other members. We don't share footage on social media or in marketing.

8. Member rights

A member captured on CCTV has the same rights as for any personal data:

  • Access — they can request a copy of footage of themselves. We provide it, redacting other people's faces where reasonably practicable.
  • Erasure — limited; we can't erase footage selectively without compromising the integrity of the record. Where we can (e.g. by deleting a clip not held for investigation), we will.
  • Objection — to the processing. We re-do the LIA in light of the objection.
  • Complaint — to the ICO if they think we've handled their data badly.

SARs covering CCTV come through the standard route — hello@worksopworkspace.co.uk. We respond within one month.

9. Audio recording

We do not record audio. The CCTV system is video-only. This is a deliberate choice — audio recording in a coworking space would be a much higher-impact form of monitoring and is rarely justifiable.

10. System operation and security

  • The recorder is on a network-isolated subnet
  • Access is password-protected with MFA
  • The system is patched within 30 days of vendor security updates
  • Annual penetration / configuration review
  • Footage is encrypted at rest where the device supports it
System details (model, network config, account credentials, vendor) are held in Drive at `08-technology-and-it/cctv-system.md`.

11. Covert surveillance

Covert (hidden) surveillance is not used as a matter of policy. It would require a specific incident-driven exception, a refreshed DPIA, and explicit advice from a competent data protection adviser. We do not anticipate using it.

12. Workplace monitoring (when we have staff)

Once we have staff, the CCTV becomes a form of workplace monitoring as well as a security control. We will:

  • Tell staff in writing what CCTV exists and where
  • Confirm that CCTV is not used for performance monitoring
  • Apply the same access and retention controls
  • Allow staff to raise concerns confidentially

13. Review

Reviewed annually (next: 15 May 2027) and after:

  • Any material change to the camera positions or system
  • Any incident involving CCTV
  • Any change in UK data protection law
  • Any complaint about CCTV use

14. Version history

| Version | Date | Author | Change |
|---|---|---|---|
| Draft v1 | 15 May 2026 | Connor + AI | First version |

Worksop Workspace · A space to drop your shoulders.
30 Carlton Road, Worksop S80 1PH · hello@worksopworkspace.co.uk · worksopworkspace.com

Source: operations/legal-and-compliance/cctv-policy.md