Policy Summary:

The Forbidden Fruit has in place a Closed-Circuit Television (CCTV) surveillance system. This policy details the purpose, use and management of the CCTV system and details the procedures to be followed in order to ensure that The Forbidden Fruit complies with relevant legislation and Codes of Practice where necessary. This policy and the procedures therein detailed, applies to all of The Forbidden Fruits CCTV systems including covert installations capturing images of identifiable individuals for the purpose of viewing and or recording the activities of such individuals. CCTV images are monitored and recorded in strict accordance with this policy.


  1. Introduction
  2. Purpose
  3. Scope
  4. Definitions
  5. Policy statement
  6. Location and signage
  7. Monitoring and recording
  8. Covert surveillance
  9. Facial Recognition
  10. Live Streaming
  11. Data Protection
  12. Retention of images
  13. Complaints Procedure
  14. Review Procedure
  15. Responsibilities
  16. Approval and review
  17. Revision history
  18. Appendix 1 – CCTV Template Signage


1. The Forbidden Fruit uses closed circuit television (CCTV) images for the prevention, identification and reduction of crime and to monitor The Forbidden Fruits buildings in order to provide a safe and secure environment for Staff, Patrons and Visitors, and to prevent the loss of or damage to The Forbidden Fruits contents and property.

2. The CCTV system is owned by The Forbidden Fruit Bar LTD, 22 Grand Parade, St Leonards on Sea, East Sussex TN37 6DN and managed by The Forbidden Fruit and/or its appointed agents. The Forbidden Fruit is the system operator, and data controller, for the images produced by the CCTV system, and is registered with the Information Commissioner’s Office, Registration number ZB195667.

3. The CCTV system is operational and is capable of being monitored for 24 hours a day, every day of the year.


1. This Policy governs the installation and operation of all CCTV cameras at The Forbidden Fruit.

2. CCTV surveillance is used to monitor and collect visual images for the purposes of:

· protecting the buildings and assets, both during services (externally) or office hours, and after hours;

· promoting the health and safety of Staff, Patrons and Visitors;

· reducing the incidence of crime and anti-social behaviour (including theft and vandalism);

· supporting the Police in a bid to deter and detect crime;

· assisting in identifying, apprehending and prosecuting offenders; and

· ensuring that the rules are respected so that the site/s can be properly managed.


1. This policy applies to The Forbidden Fruit, and also to any separate legal entities owned and controlled by them which occupy premises controlled by the CCTV system.

2. Where a system is jointly owned or jointly operated, the governance and accountability arrangements are agreed between the partners and documented so that each of the partner organisations has clear responsibilities, with clarity over obligations and expectations and procedures for the resolution of any differences between the parties or changes of circumstance.

3. This policy is applicable to, and must be followed by, all staff including consultants and contractors. Failure to comply could result in disciplinary action, including dismissal.

4. All staff involved in the operation of the CCTV System will be made aware of this policy and will only be authorised to use the CCTV System in a way that is consistent with the purposes and procedures contained therein.

5. All systems users with responsibility for accessing, recording, disclosing or otherwise processing CCTV images will have relevant skills and training on the operational, technical and privacy considerations and fully understand the policies and procedures.


CCTV – closed circuit television camera. A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes and where access to their content is limited by design only to those able to see it.

Covert surveillance – observation, and/or recording, carried out without the subject’s knowledge, and may be done using camera’s or devices that are not visible to the subject.

Data controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of CCTV images.

Data Protection Act 2018 (DPA) – UK data protection framework, regulating the processing of information relating to individuals.

Facial/ automated recognition – the use of camera technology to identify individuals’ faces and to make automated matches. General Data Protection Regulations 2016 (GDPR) – European Union data protection framework, regulating the processing of information relating to individuals.

ICO CCTV Code of Practice 2017 – recommendations on how the legal requirements of the Data Protection Act 1998 can be met when using CCTV, issued by the Information Commissioner’s Office. The guidance will be updated to comply with current legislation.

Security Industry Authority (SIA) – the organisation responsible for regulating the private security industry in the UK, under which private use of CCTV is licensed. It is an independent body reporting to the Home Secretary, under the terms of the Private Security Industry Act 2001.

Surveillance Camera Code of Practice 2013 – statutory guidance on the appropriate and effective use of surveillance camera systems issued by the Government in accordance with Section 30 (1) (a) of the Protection of Freedoms Act 2012.

System Operator – person or persons that take a decision to deploy a surveillance system, and/or are responsible for defining its purpose, and/or are responsible for the control of the use or the processing of images or other information obtained by virtue of such system.

System User – person or persons who may be employed or contracted by the system operator who have access to live or recorded images or other information obtained by virtue of such a system.

Policy Statement:

12. The Forbidden Fruit will operate its CCTV system in a manner that is consistent with respect for the individual’s privacy.

13. The Forbidden Fruit complies with Information Commissioner’s Office (ICO) CCTV Code of Practice 2017 to ensure CCTV is used responsibly and safeguards both trust and confidence in its continued use.

14. The CCTV system will be used to observe the areas under surveillance in order to identify incidents requiring a response. Any response should be proportionate to the incident being witnessed.

15. The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy.

16. Cameras will be sited so they only capture images relevant to the purposes for which they are installed. In addition, equipment must be carefully positioned to:

· cover the specific area to be monitored only;

· keep privacy intrusion to a minimum, including the use of digital obscuration where used in sensitive areas;

· ensure that recordings are fit for purpose and not in any way obstructed (e.g. by foliage);

· minimise risk of damage or theft.

17. CCTV will not be used for the purposes of streaming live services held in the venue. See Paragraph 2 on “Live Streaming”.

18. Interior CCTV will not record areas set as sensitive such as cubicles where one would not expect to be filmed. Where CCTV is used to cover the washroom areas digital obscuration is to be used.

19. Exterior CCTV, or cameras in areas that are not used in a sensitive nature will remain in constant operation.

Location and Signage:

1. Cameras are sited to ensure that they cover the premises as far as is possible. Cameras are installed throughout the site/s including roadways, buildings, premises, within buildings and externally in vulnerable public facing areas.

2. The location of equipment is carefully considered to ensure that images captured comply with data protection requirements. Every effort is made to position cameras so that their coverage is restricted to The Forbidden Fruits premises, which may include outdoor areas.

3. Signs are placed at all pedestrian and vehicular entrances in order to inform staff, visitors and members of the public that CCTV is in operation.

4. The signage indicates that monitoring and recording is taking place, for what purposes, the hours of operation, who the system owner is and where complaints/questions about the systems should be directed.

Monitoring and Recording:

1. Cameras are monitored in a secure private office, which is linked with Charlie Colfield & Sam Deighan who are able to respond to incidents identified on CCTV monitors.

2. For security purposes, a fixed and secure lockbox/cabinet is used for monitoring and viewing CCTV images, and the data can be accessed via a wireless device. The box may be hidden in an open space, and the data broadcasted over a private server and made available via a live stream to the operator.

3. Images are recorded on secure servers and are viewable by Sam Deighan and Charlie Colfield. Additional staff may be authorised by Sam or Charlie to monitor cameras sited within their own areas of responsibility on a view only basis.

4. Where our CCTV solutions are using Cloud-based storage they will ensure that such storage is located in the European Economic Area (EEA), and that all relevant security and data protection measures are in place.

5. Recorded material will be stored in a way that maintains the integrity of the image and information to ensure that metadata (e.g. time, date and location) is recorded reliably, and compression of data does not reduce its quality.

6. Viewing monitors should be password protected and switched off when not in use to prevent unauthorised use or viewing.

7. The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate.

8. All images recorded by the CCTV System remain the property and copyright of The Forbidden Fruit.

Covert Surveillance:

1. Covert surveillance is the use of hidden camera’s or equipment to observe and/or record the activities of a subject which is carried out without their knowledge.

2. The Forbidden Fruit will not engage in covert surveillance.

Facial Recognition:

1. Where cameras are used to identify people’s faces, The Forbidden Fruit will ensure that we use high quality cameras to make sure we are capturing the individual accurately enough to fulfil the intended purpose. The results of this automatic matching will be monitored by a trained individual to ensure that there haven’t been any mismatches.

2. Any use of such automated technologies must involve some level of human interaction and should not be done on a purely automated basis.

Live Streaming:

1. CCTV is not suitable for live streaming of services, as it is intended solely for safety and security purposes.

2. The Forbidden Fruit live stream services must use additional filming equipment and/or devices. This is indented for the use of the Stage Camera Only and is linked to a separate viewing device which is set to only show the specific Stage Camera. No other CCTV can be displayed on the viewing device other than the Stage Camera.

Data Protection:

1. In its administration of its CCTV system, The Forbidden Fruit complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and in accordance with The Forbidden Fruits Data Protection Policy.

2. The CCTV system is subject to a Data Protection Impact Assessment. Any proposed new CCTV installation is subject to a Data Protection Impact Assessment identifying risks related to the installation and ensuring full compliance with data protection legislation. This will include consultation with relevant internal and external stakeholders.

3. Where existing CCTV systems are in operation as of January 2024, The Forbidden Fruit will endeavour to carry out a full Data Protection Impact Assessment on any upgrade or replacement of the system or within a 3-year period from the date of the implementation of GDPR, whichever is sooner.

Applications for disclosure of images

1. Requests by individual data subjects for images relating to themselves via a Subject Access Request should be submitted to Sam Deighan (Data Protection Officer for The Forbidden Fruit) together with proof of identification. Further details of this process are detailed on The Forbidden Fruits website by clicking here OR can be obtained by contacting gdpr@tffhastings.co.uk or calling 01424 864184.

2. In order to locate the images on the system sufficient detail must be provided by the data subject in order to allow the relevant images to be located and the data subject to be identified.

3. Where The Forbidden Fruit is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual.

4. A request for images made by a third party should be made to gdpr@tffhastings.co.uk.

5. In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation.

6. Such disclosures will be made at the discretion of Sam Deighan (Data Protection Officer for The Forbidden Fruit), with reference to relevant legislation and where necessary, following advice from suitable sources.

7. Where a suspicion of misconduct arises and at the formal request of the Investigating Officer or Supervising Manager, Sam or Charlie may provide access to CCTV images for use in staff disciplinary cases.

8. A log of any disclosure made under this policy will be held by The Forbidden Fruit itemising the date, time, camera, requestor, reason for the disclosure; requested; lawful basis for disclosure; date of decision and/or release, name of authoriser.

9. Before disclosing any footage, consideration should be given to whether images of third parties should be obscured to prevent unnecessary disclosure.

10. Where information is disclosed, the disclosing officer must ensure information is transferred securely.

11. Images may be released to the media for purposes of identification. Any such decision to disclose will be taken in conjunction with the Police and/or other relevant law enforcement agencies.

12. Surveillance recordings must not be further copied, distributed, modified, reproduced, transmitted or published for any other purpose.

Retention of images:

1. Unless required for evidentiary purposes, the investigation of an offence or as required by law, CCTV images will be retained for a minimum of 31 calendar days from the date of recording. Images will be automatically overwritten or destroyed by continuous recording.

2. Where an image is required to be held in excess of the retention period Sam Deighan will be responsible for authorising such a request, and recordings will be protected against loss or held separately from the surveillance system and will be retained for 6 months following date of last action and then destroyed after this time.

3. Images held in excess of their retention period will be reviewed on a three-monthly basis and any not required for evidentiary purposes will be deleted.

4. Access to retained CCTV images is restricted to Sam Deighan and other persons as required and as authorised by Sam Deighan.

Complaints Procedure:

1. Complaints concerning The Forbidden Fruits use of its CCTV system or the disclosure of CCTV images should be made to gdpr@tffhastings.co.uk.

2. The complaints procedure is available on The Forbidden Fruits website here: Terms & Conditions – TFFHastings

3. When requested, anonymised information concerning complaints will be provided to the Surveillance Commissioner.

Review Procedure:

1. There will be an annual review of the use of the CCTV system to ensure it remains necessary, proportionate and effective in meeting the stated purposes.

63. As part of the review of the The Forbidden Fruit will assess:

· whether the location of cameras remains justified in meeting the stated purpose and whether there is a case for removal or relocation;

· the monitoring operation, e.g. if 24 monitoring in all camera locations is necessary or whether there is a case for reducing monitoring hours;

· whether there are alternative and less intrusive methods for achieve the stated purposes


64. The Forbidden Fruit is responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring and ensuring compliance with this policy.

65. The Forbidden Fruit is responsible for ensuring that adequate signage is erected in compliance with the ICO CCTV Code of Practice.

66. Sam Deighan (The Forbidden Fruits Data Protection Officer) is responsible for authorising the disclosure of images to data subjects and third parties and for maintaining the disclosure log

Approval and Review:

Approved By: Charlie Colfield (on behalf of The Forbidden Fruit)

Policy Owner:  Sam Deighan, Data Protection Officer

Policy Author: Sam Deighan, Data Protection Officer

Date: 30/01/2024

Review Date: 30/01/2025

Revision History:

  • V1.0 – Document created and adapted from previous CCTV Statement