Our Policies
Privacy Policy
PRIVACY POLICY
COMPANY DETAILS
Main Data Controller: Coastline Gaming Ltd
Registered Address: St Mary's Road, Buncrana, Co Donegal, F93 K6KP
Associated Entities: Empire Amusements Ltd, Coastline Digital, Slotbox N.V Ltd
1. INTRODUCTION
Welcome to our website. This Privacy Policy applies to all websites and services operated by Coastline Gaming Ltd ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites or use our services.
By accessing our websites or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our websites or use our services.
2. INFORMATION WE COLLECT
We may collect several types of information from and about users of our websites or services, including:
2.1 Personal Information
Contact Information: Name, email address, postal address, phone number.
Account Information: Username, password, account preferences.
Payment Information: Credit card details, billing address (note: payment information is processed by our third-party payment processors).
Identity Verification Information: Date of birth, identification documents, proof of address (as required by applicable gambling regulations).
Profile Information: Profile picture, biographical information.
2.2 Non-Personal Information
Usage Data: Information about how you use our websites and services, including pages visited, time spent, games played, betting history, referring/exit pages.
Device Information: IP address, browser type, operating system, device type.
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies.
3. HOW WE COLLECT YOUR INFORMATION
We collect information through:
3.1 Direct Interactions
When you create an account or profile on our websites.
When you subscribe to our newsletters or communications.
When you use our services, make deposits, or withdrawals.
When you contact us through our websites, by email, or by phone.
When you participate in surveys, promotions, or contests.
3.2 Automated Technologies
When you visit our websites, we automatically collect certain information using cookies and similar technologies.
When you use our services, we collect usage data to improve our services.
3.3 Third Parties
Service providers.
Analytics providers.
Advertising partners.
Social media platforms.
Identity verification services.
4. HOW WE USE YOUR INFORMATION
We may use the information we collect for various purposes, including:
4.1 Provide, Operate, and Maintain Our Services
To process transactions, deposits, and withdrawals.
To create and maintain your account.
To provide customer support and respond to inquiries.
To verify your identity in accordance with gambling regulations and anti-money laundering requirements.
4.2 Improve and Personalize Our Services
To analyze how our services are used.
To develop new products, services, features, and functionality.
To personalize your experience.
4.3 Communication
To communicate with you about our services, updates, and promotions.
To respond to your questions, comments, and requests.
To provide important notices and updates.
4.4 Marketing and Advertising
To deliver relevant content and advertisements.
To measure the effectiveness of advertisements.
To send promotional materials that may be of interest to you.
4.5 Legal Compliance and Protection
To comply with applicable laws, regulations, and gambling licenses.
To enforce our Terms of Service and other agreements.
To protect against fraudulent, unauthorized, or illegal activity.
To prevent problem gambling and implement responsible gambling measures.
5. HOW WE SHARE YOUR INFORMATION
We may share your information with:
5.1 Within Our Group of Companies
Your information is shared between Coastline Gaming Ltd, Coastline Digital, Slotbox N.V Ltd, and our casino websites as stipulated in our Terms and Conditions that you agree to when signing up to our services.
5.2 Service Providers
We may share your information with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, identity verification, and customer service.
5.3 Business Partners
We may share your information with our business partners to offer certain products, services, or promotions.
5.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or gambling regulatory authority).
5.5 Business Transfers
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
5.6 With Your Consent
We may share your information with third parties when we have your consent to do so.
6. DATA RETENTION
We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations (including those required by our gambling licenses), resolve disputes, and enforce our agreements.
7. YOUR PRIVACY RIGHTS
Depending on your location, you may have certain rights regarding your personal information, including:
7.1 Access
You may request access to your personal information.
7.2 Correction
You may request that we correct inaccurate or incomplete information.
7.3 Deletion
You may request that we delete your personal information, subject to our legal obligations to retain certain information.
7.4 Restriction
You may request that we restrict the processing of your personal information.
7.5 Data Portability
You may request a copy of your personal information in a structured, commonly used, and machine-readable format.
7.6 Objection
You may object to the processing of your personal information.
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
8. COOKIES AND SIMILAR TECHNOLOGIES
8.1 What Are Cookies
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners.
8.2 How We Use Cookies
We use cookies for various purposes, including:
Essential Cookies: Necessary for the operation of our websites.
Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our websites.
Functionality Cookies: Enable our websites to remember choices you make.
Targeting Cookies: Record your visit to our websites, the pages you have visited, and the links you have followed.
8.3 Managing Cookies
Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies.
9. DATA SECURITY
We have implemented appropriate technical and organizational measures to protect your personal information from accidental loss, unauthorized access, use, alteration, and disclosure. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
10. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.
We will take appropriate measures to ensure that your personal information remains protected according to this Privacy Policy.
11. CHILDREN'S PRIVACY
Our services are not intended for individuals under the age of 18 (or the legal gambling age in your jurisdiction, whichever is higher). We do not knowingly collect personal information from underage individuals. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us.
12. THIRD-PARTY LINKS
Our websites may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
14. CONTACT US
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Coastline Gaming Ltd
St Mary's Road
Buncrana
Co Donegal
F93 K6KP
Email: info@coastlinegaming.com
Phone: 0749361239
15. ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS
15.1 European Economic Area (EEA), United Kingdom, and Switzerland
If you are located in the EEA, United Kingdom, or Switzerland, the following additional information applies:
Legal Basis for Processing: We process your personal information based on one or more of the following legal bases:
Your consent
Performance of a contract
Compliance with a legal obligation
Protection of vital interests
Public interest
Legitimate interests
Data Protection Officer: You can contact our Data Protection Officer at [Insert DPO Email Address].
Supervisory Authority: You have the right to lodge a complaint with a supervisory authority.
Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell.
Right to Delete: You have the right to request the deletion of your personal information.
Right to Opt-Out: You have the right to opt-out of the sale of your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
15.2 Other Jurisdictions
We comply with applicable privacy laws in all jurisdictions where we operate. If you are located in a jurisdiction with specific privacy requirements, please contact us for more information.
Data Policy
DATA PROTECTION POLICY
Last Updated: March 24, 2025
COMPANY DETAILS
Main Data Controller: Coastline Gaming Ltd
Registered Address: St Mary's Road, Buncrana, Co Donegal, F93 K6KP
Associated Entities: Coastline Digital, Slotbox N.V Ltd
1. INTRODUCTION
Coastline Gaming Ltd ("the Company," "we," "our," or "us") is committed to protecting the privacy and security of personal data that we collect, process, and store. This Data Protection Policy outlines our approach to data protection and the measures we implement to ensure compliance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws.
This policy applies to all employees, contractors, consultants, partners, and third parties who have access to or process personal data on behalf of Coastline Gaming Ltd, Coastline Digital, Slotbox N.V Ltd, and all associated casino websites.
2. DEFINITIONS
For the purposes of this policy:
Personal Data: Any information relating to an identified or identifiable natural person ('data subject').
Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, combination, or erasure.
Data Controller: The natural or legal person that determines the purposes and means of processing personal data.
Data Processor: A natural or legal person that processes personal data on behalf of the controller.
Data Subject: An individual who is the subject of personal data.
3. DATA PROTECTION PRINCIPLES
We adhere to the following data protection principles:
3.1 Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner. We provide clear information to data subjects about how their personal data is processed.
3.2 Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
3.3 Data Minimization
We limit the collection of personal data to what is necessary in relation to the purposes for which it is processed.
3.4 Accuracy
We take reasonable steps to ensure that personal data is accurate and kept up to date.
3.5 Storage Limitation
We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.
3.6 Integrity and Confidentiality
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3.7 Accountability
We take responsibility for and can demonstrate compliance with data protection principles.
4. DATA COLLECTION AND PROCESSING
4.1 Legal Basis for Processing
We process personal data only when we have a valid legal basis, including:
Consent: The data subject has given consent to the processing.
Contractual Necessity: Processing is necessary for the performance of a contract.
Legal Obligation: Processing is necessary for compliance with a legal obligation, including gambling regulations and anti-money laundering requirements.
Vital Interests: Processing is necessary to protect the vital interests of the data subject or another person.
Public Interest: Processing is necessary for the performance of a task carried out in the public interest.
Legitimate Interests: Processing is necessary for the legitimate interests pursued by the company or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.
4.2 Data Collection Notices
When collecting personal data directly from data subjects, we provide clear information about:
The identity and contact details of the data controller (Coastline Gaming Ltd).
The purposes of the processing and its legal basis.
The recipients or categories of recipients of the personal data, including our associated entities.
The period for which the personal data will be stored.
The existence of data subject rights.
The right to withdraw consent at any time (if applicable).
The right to lodge a complaint with a supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement and the possible consequences of failure to provide such data.
The existence of automated decision-making, including profiling (if applicable).
4.3 Data Sharing Between Casino Websites
As clearly stated in our Terms and Conditions that users agree to when signing up, personal data may be shared between all casino websites owned and managed by Coastline Gaming Ltd, Coastline Digital, and Slotbox N.V Ltd. This sharing is done to:
Provide a unified gaming experience across our platforms
Implement consistent responsible gambling measures
Prevent fraud and money laundering
Enhance security and identity verification
Improve our services and offerings
5. DATA SUBJECT RIGHTS
We respect and uphold the rights of data subjects under applicable data protection laws, including:
5.1 Right to Information
Data subjects have the right to be informed about the collection and use of their personal data.
5.2 Right of Access
Data subjects have the right to request a copy of their personal data that we process.
5.3 Right to Rectification
Data subjects have the right to request the correction of inaccurate personal data or the completion of incomplete personal data.
5.4 Right to Erasure (Right to be Forgotten)
Data subjects have the right to request the deletion of their personal data under certain circumstances.
5.5 Right to Restriction of Processing
Data subjects have the right to request the restriction of processing of their personal data under certain circumstances.
5.6 Right to Data Portability
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
5.7 Right to Object
Data subjects have the right to object to the processing of their personal data under certain circumstances.
5.8 Rights Related to Automated Decision Making and Profiling
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.
6. DATA PROTECTION MEASURES
6.1 Technical Measures
We implement appropriate technical measures to ensure data protection, including:
Encryption: Personal data is encrypted during transmission and at rest where appropriate.
Access Controls: Strict access controls are in place to limit access to personal data on a need-to-know basis.
Authentication: Multi-factor authentication is used for access to systems containing sensitive personal data.
Firewalls and Intrusion Detection: Network security measures are implemented to protect against unauthorized access.
Regular Updates: Systems and software are regularly updated to address security vulnerabilities.
Backups: Regular backups are performed to prevent data loss.
6.2 Organizational Measures
We implement appropriate organizational measures to ensure data protection, including:
Policies and Procedures: Clear policies and procedures are established for handling personal data.
Training: Regular training is provided to employees on data protection and security.
Data Protection Impact Assessments: Assessments are conducted for high-risk processing activities.
Data Minimization: Collection of personal data is limited to what is necessary.
Data Protection by Design and Default: Data protection considerations are integrated into new systems and processes from the outset.
Vendor Management: Third-party service providers are carefully selected and contractually obligated to maintain appropriate security measures.
7. DATA BREACH MANAGEMENT
7.1 Detection and Reporting
We have procedures in place to detect, report, and investigate personal data breaches. All employees are required to report any suspected data breaches immediately.
7.2 Response Plan
Our data breach response plan includes:
Containment and recovery measures.
Assessment of risks and impact.
Notification procedures for affected individuals and authorities.
Documentation of the breach and remedial actions taken.
7.3 Notification
We will notify relevant supervisory authorities of a data breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
We will notify affected data subjects without undue delay when a data breach is likely to result in a high risk to their rights and freedoms.
8. DATA PROTECTION IMPACT ASSESSMENTS
We conduct Data Protection Impact Assessments (DPIAs) when processing is likely to result in a high risk to the rights and freedoms of data subjects, particularly when using new technologies. DPIAs help us identify and minimize data protection risks.
9. INTERNATIONAL DATA TRANSFERS
We transfer personal data to countries outside the jurisdiction in which it was collected only when adequate safeguards are in place, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding Corporate Rules (BCRs).
Adequacy decisions by the European Commission.
Explicit consent from the data subject.
10. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or internal policy requirements. Our data retention schedules specify the appropriate retention periods for different categories of data, with special consideration for gambling regulation requirements.
11. DATA PROCESSOR MANAGEMENT
11.1 Selection of Data Processors
We select data processors that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure processing meets the requirements of applicable data protection laws.
11.2 Data Processing Agreements
We enter into data processing agreements with all data processors, which include:
The subject matter and duration of the processing.
The nature and purpose of the processing.
The type of personal data and categories of data subjects.
The obligations and rights of the data controller.
Requirements for appropriate technical and organizational security measures.
Confidentiality commitments.
Assistance with data subject rights and data breach notifications.
Deletion or return of personal data at the end of the service.
Audit rights.
12. ROLES AND RESPONSIBILITIES
12.1 Management
Senior management at Coastline Gaming Ltd is responsible for:
Ensuring that this policy is implemented throughout the organization.
Allocating resources for data protection compliance.
Promoting a culture of data protection awareness.
12.2 Data Protection Officer (DPO) / Privacy Officer
Our Data Protection Officer is responsible for:
Monitoring compliance with data protection laws and this policy.
Advising on data protection impact assessments.
Cooperating with supervisory authorities.
Acting as a point of contact for data subjects and supervisory authorities.
Providing guidance and training on data protection.
12.3 IT Department
The IT department is responsible for:
Implementing and maintaining technical security measures.
Ensuring systems are designed with data protection in mind.
Responding to technical aspects of data breaches.
12.4 All Employees
All employees of Coastline Gaming Ltd, Coastline Digital, and associated entities are responsible for:
Complying with this policy and data protection laws.
Reporting data breaches or suspected breaches.
Participating in data protection training.
Handling personal data with care and in accordance with policies and procedures.
13. TRAINING AND AWARENESS
We provide regular training and awareness programs to ensure that all employees understand:
The principles of data protection.
Their responsibilities regarding data protection.
How to identify and report data breaches.
How to respond to data subject requests.
Specific requirements related to gambling regulations and data protection.
14. MONITORING AND COMPLIANCE
14.1 Regular Audits
We conduct regular audits to assess compliance with this policy and applicable data protection laws.
14.2 Policy Review
This policy is reviewed annually or when significant changes occur in data protection laws or our processing activities.
15. ENFORCEMENT
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. For contractors, consultants, and third parties, it may result in termination of contracts and services.
16. RELATED POLICIES AND PROCEDURES
This policy should be read in conjunction with the following related policies:
Privacy Policy
Information Security Policy
Data Breach Response Procedure
Data Subject Rights Procedure
Data Retention Policy
Responsible Gambling Policy
17. CONTACT INFORMATION
For questions about this policy or data protection matters, please contact:
Data Protection Officer
Coastline Gaming Ltd
St Mary's Road
Buncrana
Co Donegal
F93 K6KP
Email: info@coastlinegaming.com
Phone: 0749361239
CCTV Policy
Introduction
Closed-Circuit Television (CCTV) Monitoring Equipment is used by the Company for a number of purposes and will be used in accordance with the terms set out in this document. This use may involve the recording of personal data of individuals, including their recognisable images.
The Company is obliged to protect such data in accordance with provisions contained in the General Data Protection Regulation (GDPR) which came into effect on 25th May 2018 and the Data Protection Act 2018.
Purpose
The Company has developed a number of general policies and procedures to protect personal data. Provisions contained in these documents apply to the operation of the CCTV systems by the Company. The purpose of this policy is to support these documents by outlining specific provisions to assist the Company to fulfil its data protection obligations regarding the operation of CCTV systems including, but not limited to, arrangements relating to the location, control and security of CCTV systems, recording by CCTV systems and access to their recordings.
Scope
This policy applies to:
All use of CCTV that involve the recording of personal data.
All employees of the Company.
All CCTV service providers contracted by the Company.
Responsibilities
The Company accepts primary responsibility for ensuring there is no breach of security and that these Guidelines are complied with and has day-to-day responsibility for the management of the monitoring equipment.
Any breach of these Guidelines or any aspect of confidentiality or security will be dealt with in accordance with established disciplinary procedures.
Definitions
In this policy, the following words shall have the following meanings:
"Act"
means the Data Protection Act 2018.
"Directive"
means Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
"the Data Protection Regulations"
means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
"the Law"
means all or any of:
(a) the Data Protection Regulation,
(b) the Act,
(c) the Data Protection Act 1988,
(d) the Data Protection Act 2003,
(e) regulations made under the Act,
(f) Directive.
"data controller", "data processor", "data subjects", "personal data", "process", "processed" and "processing" shall have the meanings respectively, as defined in the Act. Note that "process" and "processing" are defined to include simple events like receiving data into our system or storing it. Processing is not limited to "doing something with it".
Purpose of CCTV
Data obtained through the use of CCTV systems shall be limited and proportionate to the purposes for which it was obtained.
The company uses CCTV for the following purposes.
Safeguarding of all persons and property located on company premises and its environs.
Assist in the prevention and detection of crime or disorder
Reduce the fear of crime or disorder
CCTV footage may be used in the context of disciplinary proceedings involving employees (to protect the vital interests of the Company, employees, customers and affected individuals).
Securing public order and safety by facilitating the deterrence and detection of anti-social behaviour.
CCTV footage is not disclosed to third parties except where disclosure is required by law (such as for the purpose of preventing, detecting or investigating alleged offences) and in such instance's disclosure is based on a valid request.
CCTV will not be used by the Company for any other purposes other than those outlined in this policy document.
CCTV Locations
CCTV will be deployed, as appropriate, either permanently or from time to time, throughout the property, including external and internal spaces within the building, car parks, pathways and grounds.
CCTV will not be deployed where persons have a reasonable expectation of privacy.
Cameras shall be positioned in such a way as to prevent or minimise recordings of persons or property other than those that are intended to be covered by the CCTV system.
CCTV Signage
Signage indicating that CCTV is in use is displayed prominently throughout the property and includes the following information:
Notice that CCTV is in operation.
Details of who to contact regarding the CCTV system.
CCTV Retention
Data recorded on CCTV systems shall be kept for no longer than is considered necessary.
Normally data recorded on CCTV systems will not be retained by the Company beyond a maximum of 28 days.
Data recorded on CCTV systems may, however, be retained by the Company beyond a maximum of 28 days in circumstances where the data is required for evidential purposes and/or legal proceedings
CCTV Register
A CCTV Register shall be maintained by the Company, this register shall contain, at a minimum, the following information:
Location of each CCTV system.
Purpose of each CCTV system.
Type of signage at each CCTV location.
Location of signage at each CCTV location.
Details of employees authorised to access the CCTV system.
Retention period for CCTV recordings.
CCTV service provider details
Security Arrangements for CCTV
For reasons of security and confidentiality, access to the CCTV Monitoring equipment is restricted. Only those members of employees, trained specifically will be allowed to operate any of the equipment.
Employees will be specifically selected for the role and will be trained in the use of the equipment. Each employee will be personally issued with a copy of this policy. They will be fully conversant with the contents of this document, which may be updated from time to time, and which he/she will be expected to comply with at all times. Monitoring shall be conducted by a trained employee. An authorised employee will be present at all times when the monitoring equipment is in use
Unauthorised access by employees is prohibited. Managers should enforce this requirement at all times and with due care.
Public access to the designated location of the CCTV monitoring equipment will be prohibited except for lawful, proper and sufficient reasons and only with the authority of a Manager.
Access to CCTV Recordings
Access to CCTV recordings may be provided to the following:
Data Subjects.
An Garda Síochána.
Other Third Parties.
Access by Data Subjects
Data protection legislation provides data subjects with a right to access their personal data. This includes their recognisable images and other personal data captured by CCTV recordings. Access requests are required to be submitted in writing in physical or electronic format e.g. by letter or e-mail and will be processed in accordance with provisions contained in the Company's Access Request Policy and Procedures.
Where it is deemed necessary or appropriate the Company may request the provision of additional information to confirm the identity of person submitting a data subject access request.
It would not suffice for a data subject to make a general access request for a copy of CCTV recordings. Instead, it will be necessary that data subjects specify that they are seeking to access a copy of CCTV recordings that have captured their recognisable images and/or other personal data between specified dates, at certain times and at specific areas.
The provision of access to a data subject to CCTV recordings of his/her recognisable images and/or other personal data will normally involve providing a copy of the recording in video format. In circumstances where the recording is technically incapable of being copied, or in other exceptional circumstances, stills may be provided as an alternative to video footage.
Where recognisable images and/or other personal data of other parties other than the data subject appear on the CCTV recordings, these will be pixelated or otherwise redacted on any copies or stills provided to the data subject. Alternatively, unedited copies of the CCTV recordings may be released provided consent is obtained from those other parties whose recognisable images and/or other personal data appear on the CCTV recordings.
If the CCTV recording is of such poor quality as to not clearly identify recognisable images and/or other personal data relating to the data subject, then the recording will not be considered as personal data and may not be released by the Company.
If the CCTV recording no longer exists on the date that the Company receives an access request, it will not be possible to provide access to a data subject. CCTV recordings are usually deleted in accordance with provisions contained in this policy.
Access by Data Subjects
There is a distinction between a request by An Garda Síochána to view CCTV recordings and to obtain copies of such recordings. In general, a request made by An Garda Síochána to simply view CCTV recordings should be accommodated as it does not raise any concerns from a data protection perspective.
Requests from An Garda Síochána for copies of CCTV recordings are required to be submitted in writing on An Garda Síochána headed paper and signed by an appropriate ranking member of An Garda Síochána. The request should specify the details of the CCTV recordings required and cite the legal basis for the request being made.
In order to expedite a request in urgent situations, a verbal request from An Garda Síochána for copies of CCTV recordings will suffice. However, such a verbal request must be followed up with a formal written request from An Garda Síochána.
Access by Other Third Parties
Access by third parties such as public bodies, private organisations and individuals other than the data subject to CCTV recordings will only be provided in circumstances that are permitted by data protection legislation.
Access Log
An Access Log shall be maintained by the Company. This log shall maintain a record of all requests made by the following to view/obtain copies of CCTV recordings and the outcome of such requests:
Data Subjects
An Garda Síochána
Other Third Parties
Data Protection Impact Assessment
A Data Protection Impact Assessment shall be carried out, in accordance with data protection legislative requirements, before any installation of a new CCTV system or upgrade to an existing CCTV system if, in the opinion of the Company, the installation or upgrade is likely to result in a high risk to the rights and freedoms of individuals
Supporting Policies, Procedures & Guidelines
The company shall adhere to all relevant CCTV Guidelines/Codes of Practice issued by the Data Protection Commission and/or other statutory bodies.
Monitoring and Review
Provisions contained in this policy document shall be subject to on-going monitoring and review.
Complaints to the Data Protection Commission
Data subjects may make a complaint to the Data Protection Commissioner in the following circumstances:
If they experience a delay outside of the prescribed timeframe for making a decision on an access request or if they are dissatisfied with a decision by the Company on their access request.
If they consider that the Company's processing of their personal data is contrary to their data protection rights.