Privacy Policy

1. OUR PRIVACY PROMISE

We promise to collect, use and store your personal data in a safe and secure way.

We promise to only use your personal data for the specific purposes stated.

We promise to keep you informed about how we use your information and who we give it to.

This privacy notice tells you what to expect when Attitude Hospitality Management Limited (“Attitude”) collects personal information about you and how we use that data, who that data may be sent to and how you can amend data you have submitted to us.

Attitude is committed to protecting your personal information when you use our services. Whenever you provide such information, we will only use your information in line with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Data Protection Act 2017 (DPA). Your information will be kept in a secure environment and access to it will be restricted according to the 'need to know' principle.


2. OUR PRIVACY POLICY 

"Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. 

This privacy policy forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this policy.

Our privacy policy applies to our website www.hotels-attitude.com,  and to personal information supplied over the telephone, by e-mail, fax or letter, SMS, through representatives, through online medium or channels and any other means.

This includes collecting unique online identifiers such as IP addresses, which are numbers that uniquely identify a specific computer or other network device on the internet. For more information, see our section on ‘cookies’ below.



3. WHO ARE WE

Attitude Hospitality Management Ltd (AHML) is a private company incorporated on June 2, 2008 and domiciled in Mauritius. Its registered office is situated at The Junction Business Hub, Block C, Calebasses Branch Road, Calebasses.

AHML is a subsidiary of Attitude Hospitality Ltd (AHL) and provide Management services to all the hotels within the AHL group.

AHML as the Management entity, shall be responsible for handling your personal information, inputted on this website and for reservation and marketing purpose. Given that the contractual relationship will primarily be with the hotels, the responsibility for handling and keeping your personal information will rest on both the hotel and AHML.

This policy applies:

1. To all data processing at Attitude i.e. those operating under Attitude brand name and/or any other brand owned by Attitude. 

2. To all reservation websites, including brand sites namely www.hotels-attitude.com, 

4. PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

The seven principles below are applicable within our organisation throughout the world.

1. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

2. Legitimacy: We will collect and process your personal data only for the purposes described in this Policy.

3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

4. Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.

5. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information.

6. Confidentiality and security: We will ensure reasonable technical and organisational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.

7. Sharing and international transfer: We may share your personal data within our organisation or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Policy. We will take appropriate measures to guarantee security when sharing or transferring such data.

5. WHAT PERSONAL DATA IS COLLECTED?

At various times, we will be obliged to ask you, as our guest, for information about you and/or members of your family to provide you the best of our personalised service.

Contact details (for example, last name, first name, telephone number, email)

Personal information (for example, date of birth, nationality)

Information relating to your children (for example, first name, date of birth, age)

Your credit card number (for transaction and reservation purposes)

Your arrival and departure dates

Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests)

Your questions/comments, during or following a stay in one of our establishments and any communication you sent to us.

Your itemized spending during your stay being room charged.

We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation or character certificate. 

However, in limited cases, we might need to collect sensitive data to provide you with a better service and meet your needs, such as your food preferences, allergies, health conditions, current medication and/ or any physical conditions that affect your mobility. In these cases, the sensitive information will be those volunteered by you and which you have unequivocally agreed to communicate to us.

Where a reservation is made on behalf of a child who is under the age of 16 years, we shall not process the latter’s Personal Information, unless express consent is given by the parent or guardian of that child. Where the reservation is made by the child’s parent or guardian, we will request for relevant documentation to demonstrate a parent-child relationship. Where the reservation is not made by the child’s parent or guardian, we will request for written documentation to be issued from the child’s parent or guardian to signify their consent to us processing the child’s Personal Information.


6. WHEN IS PERSONAL DATA COLLECTED?

Personal data will be collected on a variety of occasions, including:

1. Hotel activities:

o Booking a room

o Checking-in and paying

o Eating/drinking at the hotel bar or restaurant during a stay

o Other activities such as SPA, Kids Club, Water Sports etc.

o Requests, complaints and/or disputes.

2. Participation in marketing programs or events:

o Signing up for loyalty programs

o Participation in guest surveys (for example, the Guest Satisfaction Survey)

o Online games or competitions

o Subscription to newsletters, in order to receive offers and promotions via email.

3. Transmission of information from third parties:

o Tour operators, travel agencies, reservation systems, and others

o Profiling

4. Internet activities:

o Connection to our organisation websites (IP address, cookies)

o Online forms (online reservation, questionnaires, our organisation pages on social networks, network login devices such as Facebook login etc.).

5. Closed Circuit Television Systems and Other Security Systems:

o Closed circuit Tv (CCTV) images. There is a CCTV Policy in place which standardize the use and monitoring of CCTV at Attitude.


7. HOW WILL ATTITUDE USE THE INFORMATION IT COLLECTS ABOUT ME?

We collect your personal data for a number of purposes including the following:

1. Meeting our obligations to our guests 

2. Managing the reservation of rooms and accommodation requests:

3. Creation and storage of legal documents in compliance with accounting standards.

4. Managing your stay at the hotel:

o Monitoring your use of services (telephone, bar, etc.)

o Managing access to rooms

5. Improving our hotel service, especially:

o Processing your personal data in our guest marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes

o Adapting our products and services to better meet your requirements

o Customizing commercial offers and the promotional messages we send to you through various channels

o Informing you of special offers and any new services created by our organisation or one of our subsidiaries.

o Carrying out surveys and analyses of questionnaires and guest comments

o Managing claims/complaints

6. Managing our relationship with guests before, during and after your stay:

o Providing details for the guest database

o Segmentation operations based on reservation history and guest travel preferences with a view to sending targeted communications

o Predicting and anticipating future behaviors

o Developing statistics and commercial scores, and carrying out reporting

o Providing context data for the offer push tool when a guest visits a Group website or makes a reservation

o Knowing and managing the preferences of new or repeat guests

o Sending you newsletters, promotions and tourist, hotel or service offers, or offers from partners, or contacting you by telephone

o Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys

o Taking into account the right to object

7. Use a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your guest profile, and to allow us to send you personalised offers.

8. Securing and enhancing your use of Attitude websites, especially:

o Improving navigation

o Implementing security and fraud prevention.

9. Conforming to local legislation and applicable international legislation (for example, storing of accounting documents).


8. DISCLOSURE OF PERSONAL INFORMATION

To provide you with the best-individualised service, we have to share your personal data with internal and external recipient subject to the following conditions:

a. Within Attitude, in order to offer you the best service, we can share your personal data and give access to authorised personnel from the Group, including:

Hotel staff

Reservation staff using Attitude’s reservation tools 

IT departments

Commercial partners and marketing services

Medical services if applicable

Insurance services if applicable

Legal services if applicable

Generally, any appropriate person within Attitude entities for certain specific categories of personal data.

b. With service providers and partners: your personal data will be sent to a third party for the purposes of supplying you with services and improving your stay, for example:

1. External service providers:

Diving Centres and Boathouse service providers

Taxi Drivers

Shops

Exhibitors

Kite Surfs

Baby sitters

Entertainment groups

c. Local authorities: We will also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

Attitude does not routinely disclose personal information to other organisations unless:

Required by law.

Use or disclosure is permitted by this policy.

We believe it necessary to provide you with a service or product which you have requested or are contracted to.

To protect the rights, property or personal safety of any member of the public or a guest of Attitude or the interests of Attitude.

You give your consent.

9. INTERNATIONAL TRANSFERS

For the purposes set out in Clause 7 of this policy, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection in accordance with section 36 of the DPA 2017.

Consequently, in addition to the implementation of this Policy, Attitude employs appropriate measures to ensure secure transfer of your personal data to an Attitude entity or to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected.

As part of the hotel operation, your data will be sent to other service providers outside Mauritius and European Union. 

In addition, personal information that you submit for publication on the website will be published on the Internet and may be available, via the Internet, around the world. Attitude cannot prevent the use of such information by others. By submitting your personal data, you expressly agree to these transfers, storing, processing and publishing.

However, any such transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.


10. DATA SECURITY

Attitude takes appropriate technical and organisational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures (such as firewalls) and organisational measures (such as a user ID/password system, means of physical protection etc.).

In the course of processing or transmitting your credit card CVV number Attitude will observe and fully comply with best security practices as mentioned above but not limited to encryption and secure protocol for a secure communication. 

Attitude will endeavour to take all reasonable steps to keep secure any information which we hold about you, whether electronically or in hard copy, and to keep this information accurate and up to date. We also require our employees and data processors to respect the confidentiality of any personal information held by Attitude.


11. COLLECTION OF OTHER INFORMATION

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:

Browser and device information

App usage data

Information collected through cookies, pixel tags and other technologies

Demographic information and other information provided by you

Aggregated information

If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the required purposes and disclose Personal Information as detailed in this Policy. We and our third party service providers may collect Other Information in a variety of ways, including:

Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this information to ensure that the Online Services function properly.

Through your use of the Apps: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.

Using cookies:.

“Our website uses cookies. 

 

What is a cookie? 


Cookies are small data files that your browser places on your computer or device.  Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you. 

 

Why do we use cookies? 


We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. The cookies we use are Session cookies which allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new page you visit. The Session Cookies only last until you close your browser. 

 

How are third party cookies used? 


For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third-party websites for data regarding their use of cookies.  

 

How do I reject and delete cookies? 


We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third-party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies. 


You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For data on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.” 

Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services and response rates. We also use Google Analytics which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. These services may collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. 

IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Online Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Online Services. We may also derive your approximate location from your IP address.

By aggregating information: Aggregated Personal Information does not personally identify you or any other user of the Services (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).                                                                                               

12. HOW LONG WILL ATTITUDE KEEP MY INFORMATION

We retain your personal data only for the period necessary for the purposes and in accordance with our Data Retention Policy and with the provisions of applicable laws. (For example financial information is kept for 7 years and client information is retained for 10 years)


13. WHAT RIGHT DO I HAVE OVER MY PERSONAL INFORMATION

“Under the data protection laws, you have rights including: 

 

Your right of access - You have the right to ask us for copies of your personal information.  

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.  

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances. 

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

Your right not to be subject to automated decision-making including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you. However, this right shall not apply where the decision is: (a) necessary for entering into, or performing, a contract between you and Attitude;(b) authorised by a law to which Attitude is subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (c) based on your explicit consent.” 


14. HOW TO CONTACT US

To exercise your rights, please contact the Attitude Data Protection Officer using the following contact details:

Data Protection Officer

Attitude Hospitality Management Ltd.

The Junction Business Hub,

Block C, Calebasses Branch Road

Calebasses

Republic of Mauritius

Email: dpo@hotels-attitude.com


For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver's license or passport, along with your request. In some cases we may also request an administrative fee to cover the cost of access.

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to complain to the Data Protection Office under the DPA 2017 and the European Data Protection Supervisor or any supervisory authority under the GDPR.


15. UPDATES

We may modify this policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels.

Attitude operates in a dynamic business environment.  Over time, aspects of our business may change as we respond to changing market conditions. This may require our policies to be reviewed and revised. Attitude reserves the right to change its privacy policy at any time and notify you by posting an updated version of the policy on our website.

The amended policy will apply between us whether or not we have given you specific notice of any change.


CCTV Policy

ATTITUDE’S CCTV POLICY

1. Introduction 

1.1. Attitude has in place a CCTV surveillance system (hereinafter as the “CCTV system”) across its premises. This Policy details the purpose, use and management of the CCTV system and details the procedures to be followed in order to ensure compliance with relevant legislation. 

1.2 Attitude will have due regard to the Data Protection Act 2017, and any other relevant and subsequent legislation. 

2. CCTV System overview 

2.1 The CCTV system is owned by Attitude and managed by Attitude. Under the Data Protection Act 2017, Attitude is the ‘data controller’ for the images produced by the CCTV system. Attitude is registered with the Data Protection Office and the registration number is C7831. The CCTV system operates to meet the requirements of the Data Protection Act 2017 and any guidance issued thereunder. 

2.2 The Data Protection Officer, Mr. Dominique Lee, is responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring and ensuring compliance with this Policy. 

2.3 The CCTV system operates across Attitude’s premises. Attitude has endeavored to select locations for the installation of cameras, which are least intrusive to protect the privacy of individuals. Cameras places so as to record external areas are positioned in such a way as to prevent or minimise recording of passers-by or of another person’s private property. The relevant details of the location of the cameras are as follows: perimeters, entrance and exit points of buildings, garden alleys and other sensible places such as reception, bars, and safe’s location.  

2.4 Adequate signs are prominently placed at relevant locations in order to inform staff, visitors and members of the public that CCTV is in operation. The signage indicates the specific purposes(s) for which the CCTV is placed at each location, that the system is managed by the Attitude, and a 24-hour contact number for Attitude is provided. 

2.5 The Data Protection Officer is responsible for ensuring that adequate signage is erected in compliance with the Data Protection Act 2017. 

2.6 Cameras are sited to ensure that they cover the Attitude’s premises as far as is possible.

2.7 The CCTV system is operational and is capable of monitoring for 24 hours a day, every day of the year. 

2.8 Any proposed new CCTV installation shall be subject to a Data Privacy Impact Assessment.

2.9 Attitude shall not engage in any cover surveillance unless a judge’s order has been obtained by any authority. 



3. Purposes of the CCTV system 

3.1 The principal purposes of Attitude’s CCTV system are as follows: 

a. to allow for the prevention, reduction, detection and investigation of crime and other incidents; 

b. to enhance the security of its premises and its associated equipment at all times;

c. to ensure the health and safety of staff and visitors in compliance with all relevant legislation; 

d. to assist in the investigation of any criminal offence or suspected breaches of the Attitude’s rules and regulations by staff or visitors; and 

e. to ensure the protection of the client’s data held by Attitude. 

f. to ensure that the rules and regulations of Attitude are respected so that Attitude can be property and efficiently managed.

3.2 The CCTV system will be used to observe the Attitude’s premises in order to identify incidents requiring a response. Any response should be proportionate to the incident being witnessed. 

3.3 Attitude seeks to operate its CCTV system in a manner that is consistent with respect for the individual’s privacy and it shall not be used to monitor an employee’s performance nor shall any information obtained in violation of this Policy be used in a disciplinary procedure against an employee. 

4. Monitoring and Recording 

4.1 Cameras are monitored in the Control Room, which is a secure area, staffed 24 hours a day. The Control Room is equipped with a radio system linking it with uniformed Security Officers who provide foot and mobile patrols and are able to respond to incidents identified on CCTV monitors.

4.2 Images are recorded centrally on servers located securely in Attitude and are viewable in specific areas by all Security staff. Additional staff may be authorised by the Head of Security to monitor cameras sited within their own areas of responsibility on a view only basis. 

4.3 The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate. 

4.4 All images recorded by the CCTV System remain the property and copyright of Attitude. 

5. Compliance with Data Protection Legislation

 

5.1 In its administration of its CCTV system, Attitude complies with the Data Protection Act 2017. Due regard is given to the data protection principles embodied in the Data Protection Act 2017. These principles require that personal data shall be: 



a)  processed lawfully, fairly and in a transparent manner; 

b)  collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 

c)  adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

d)  accurate and, where necessary, kept up to date; 

e)  kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed; and 

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. 

6. Applications for disclosure of images 

6.1 Requests by individual data subjects for images relating to themselves “Subject Access Request” should be submitted in writing to the Attitude’s Data Protection Officer at Attitude Hospitality Management Ltd, The Junction Business Hub, Block C, Calebasses Branch Road, Calebasses, Republic of Mauritius

6.2 In order to locate the images on the Attitude’s system, sufficient detail must be provided by the data subject in order to allow the relevant images to be located and the data subject to be identified. 

6.3 Where Attitude is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual, or if masking of the other individual is not possible. Any refusal to comply with a Subject Access Request shall be communicated, in writing, within one month of the receipt of the request.   

6.4 In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation. 

6.5 Such disclosures will be made at the discretion of the Data Protection Officer, with reference to relevant legislation and where necessary, following legal advice. 

6.6 Where a suspicion of misconduct arises and at the formal request of the Management of Attitude, the Data Protection Officer may provide access to CCTV images for use in staff disciplinary cases. 

6.7 The Data Protection Officer may provide access to CCTV images when sought as evidence in relation to disciplinary cases and/or criminal investigations and/or any other investigation sanction by the courts or authorities. 

6.8 A record of any disclosure made under this Policy will be held on the CCTV management system, itemising the date, time, camera, requestor, authoriser and reason for the disclosure. 

7. Retention of images 

7.1 Unless required for evidential purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 180 days from the date of recording or for longer than is necessary for the purposes for which the images were obtained and, in particular, it will be retained for a longer period where the image identifies an issue and must, therefore, be retained specifically in the contest of an investigation/prosecution of that issue. Images will be automatically overwritten after this point. 

7.2 Where an image is required to be held in excess of the retention period referred to in 7.1, the Data Protection Officer will be responsible for authorising such a request. 

7.3 Images held in excess of their retention period will be reviewed on a 6-month basis and any not required for evidential purposes will be deleted. 

7.4 Access to retained CCTV images is restricted to the Data Protection Officer, the Security personnel and other persons as required and authorised by the Data Protection Officer. Such access will be password-protected and authorised pursuant to this Policy and as required by law. Where necessary, any transmission and storage of images shall be in encrypted form.

7.5 The CCTV images will be stored in a secure and restricted environment with a log of access kept so as to allow for an audit trail to monitor all those having access to the said images. Regular audits of the system security will be carried out.

8. Complaints procedure 


8.1 Complaints concerning Attitude’s use of its CCTV system or the disclosure of CCTV images should be made in writing to the Data Protection Officer at Attitude Hospitality Management Ltd, The Junction Business Hub, Block C, Calebasses Branch Road, Calebasses, Republic of Mauritius


9. Monitoring Compliance 

9.1 All staff involved in the operation of the Attitude’s CCTV System will be made aware of this Policy and will only be authorised to use the CCTV System in a way that is consistent with the purposes and procedures contained therein. 

9.2 All staff with responsibility for accessing, recording, disclosing or otherwise processing CCTV images will be required to undertake data protection training. 

9.3 In additional to all security measures stated in this Policy, Attitude has implemented all other appropriate security and organisational measures to prevent any unauthorised access, alteration, disclosure, accidental loss and destruction of personal data in its control, in this case, the images captured by the CCTV system.

9.4 Any breach of the present Policy shall not be tolerated and severe disciplinary sanction will be taken against any member of staff, who breaches any aspect of the Policy.

10. Policy review 

10.1 Attitude’s usage of CCTV and the contents of this Policy shall be reviewed annually by the Data Protection Officer, in conjunction with the Security Department, with reference to the relevant legislation or guidance in effect at the time. Further reviews will take place as required.