My Account
Search
    Advanced search

    Tattersalls CCTV policy

    Last updated: 01.01.26

    1. Policy Statement

    Tattersalls Limited (Tattersalls) recognises the legitimate role of CCTV and Surveillance Systems in helping to maintain a safe, secure environment for staff and visitors while respecting individuals’ privacy rights.

    This policy applies to all employees, officers, consultants, self-employed contractors, casual workers, agency workers, volunteers and interns. It also applies to anyone visiting our premises or using our vehicles.

    All recorded images are classified as personal data and are processed strictly in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and ICO guidance.

    2. Definitions

    • CCTV: Fixed or mobile camera systems recording visual and/or audio data of individuals and property.
    • Data Subject: All living individuals about whom we hold personal information which was obtained via CCTV or our Surveillance Systems
    • Data Controller: Tattersalls, responsible for determining the purposes and means of processing personal data.
    • Data Processor: Any third party authorised by Tattersalls to process CCTV or Surveillance Systems data on its behalf in accordance with a written contract with Tattersalls.
    • Footage: videos or images from CCTV or other Surveillance Systems which contain Personal Data.
    • Personal Data: Data relating to a living individual who can be identified from that data (or other data in our possession). This will include video and still images of identifiable individuals.
    • Processing: Any activity which involves the use of Personal Data. It includes the collection, storage, viewing, disclosure, erasure, transfer, or other handling of Personal Data.
    • Surveillance Systems: Devices or systems used to monitor or record images or information relating to individuals.

    3. About This Policy

    This policy outlines Tattersalls’ use of CCTV and Surveillance Systems in relation to Personal Data, the purposes for collection, how recorded data is processed and protected, and procedures for individuals to exercise their rights over their Personal Data.

    4. Roles and Responsibilities

    • Board of Directors: Overall responsibility for policy effectiveness and legal compliance.
    • Park Paddocks Director and Maintenance Manager: Daily operation and oversight of secure storage of CCTV and Surveillance Systems
    • Bloodstock Sales Director: Maintenance and review of this policy.
    • All staff are required to comply with this policy and applicable law when handling CCTV data.

    5. Lawful Basis and Purposes for CCTV

    Tattersalls’ lawful basis for CCTV and Surveillance Systems use is its legitimate interests—including:

    • Crime prevention and detection
    • Protection of property and assets
    • Safety of staff, visitors, and the public
    • Health and safety management; and
    • Resolution of disputes during or arising out of auctions
    • Each deployment of CCTV and Surveillance Systems is subject to a Data Protection Impact Assessment (DPIA) to ensure necessity and proportionality.

    6. Operation and Monitoring

    • CCTV and Surveillance Systems operate only in designated public areas (eg. Sales Ring, Sales Office, Tattersalls shop etc.) and never in private spaces.​
    • Camera locations are chosen to minimise intrusion.
    • Audio recording is disabled except where a justified, documented DPIA concludes clear necessity.
    • Only authorised staff/contractors may access live or recorded footage.
    • Signage, clearly visible at all entrances to surveillance zones, states that CCTV is in use, the justified purpose, and who to contact for further information.

    7. Data Security and Access

    • Footage is stored securely and accessed only by authorised personnel.
    • Given the large amount of data generated by surveillance systems, we may store footage using a cloud computing system. We will take all reasonable steps to ensure that any cloud service provider maintains the security of our information, in accordance with industry standards.
    • We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.
    • All access to footage (viewing, downloading, disclosure) is logged.

    8. Data Retention and Erasure

    • Non-sales footage is retained for no more than 60 days unless a valid, documented reason exists for longer retention (e.g. ongoing investigation); exceptions are individually logged.
    • Footage which is related to sales is retained for 7 years (unless a valid, documented reason exists for longer retention (e.g. ongoing investigation);
    • All other footage will be deleted once there is no reason to retain it. Exactly how long such Personal Data will be retained will vary according to purpose for which it is held.
    • All Personal Data is securely and permanently deleted at the end of its retention period (as set out above)—physical media is disposed of as confidential waste.

    9. Privacy Impact Assessment

    A DPIA is conducted for any significant change to CCTV or Surveillance System use or location, balancing legitimate aims with privacy impact and ensuring proportionality.

    10. Covert Surveillance

    Covert monitoring may only occur in highly exceptional circumstances (e.g. suspicion of serious crime), subject to written authorisation by the Managing Director and/or the Board of Directors and after considering all less intrusive alternatives; all instances of covert surveillance are fully documented and strictly time-limited consistent with the objectives of the covert surveillance and will only relate to the circumstances giving rise to its need.

    11. Review of CCTV Use

    This policy, and Tattersalls’ CCTV and Surveillance System operations, are reviewed annually or when significant legislation or technological changes occur.

    12. Requests for Disclosure

    • Personal Data may be disclosed (including allowing law enforcement agencies to view and remove footage) where required for legal purposes, including requests under lawful authority (police/ legal proceedings) or to support a client’s legitimate legal requirements.
    • We will maintain a record of all disclosures of footage.

    13. Data Subject Rights

    Individuals may request access to footage in which they appear (Subject Access Request), request erasure, or challenge footage accuracy. Subject Access Requests are processed within one calendar month, with possible lawful exceptions. Tattersalls may obscure images of third parties to protect their privacy.

    Contact Details/Policy Approval:

    The Park Paddocks Director (contact details on Tattersalls’ website) is responsible for privacy queries and subject access requests.

    Where this policy requires the approval of the Board of Directors, approval may be granted either by the full Board or, in circumstances where urgent action is required, by a quorum of available Directors, in accordance with the company’s Articles of Association.

    This website uses cookies

    We use cookies to improve your experience and to provide us with insight into how people use our website. To find out more, read our cookie policy