Principle & statement of intent

Bumbles 1 is securely monitored by a CCTV surveillance system. We currently do not have CCTV at our Rosetta Setting, Bumbles by the Park or B in the Park but may install this in the future. Bumbles own the CCTV equipment and it can only be accessed by the Management Team. The Management team are responsible for the operation of the system for ensuring compliance with this policy. The owner has overall responsibility for the data recorded on our CCTV system.

The purpose of the CCTV system is for the security of the premises; the prevention, detection and investigation of criminal activity; trespass and vandalism and the safety of the children, staff and visitors to the premises.

This policy was formed in accordance with the Information Commissioner’s Office (ICO) using their document, In the picture: A data protection code of practice for surveillance cameras and personal information and protects the images captured following the Data Protection Act (1998) and GDPR law (2018).


We recognise that the use of CCTV has become a common feature of our daily lives and while its use is generally accepted, we have certain duties and responsibilities to those whose images are caught on camera.

Bumbles complies with the ICO’s CCTV Code of Practice to ensure it is used responsibly and safeguards both trust and confidence in its continued use. The use of CCTV and the associated images is covered by the Data Protection Act 1998. This policy outlines Bumbles use of CCTV and how it complies with the Act and is associated with the Bumbles Data Protection policy, the provisions of which should always be adhered to.

The System is comprised of fixed position cameras, a monitor and a digital hard drive recorder.

Cameras are located at strategic points on the premises; main entrance – on the ramp, front hallway, back hallway, front garden and side garden. There are currently NO cameras in our play rooms. No camera is hidden from view and all will be prevented from focusing on areas of private accommodation.

A sign is prominently placed at the entrance and exit point of the site to inform staff, children, parents and visitors that a CCTV installation is in use. The digital recorder and single effectiveness of the limited system it is not possible to guarantee that the system will detect every incident taking place on the site.

The hard drive for accessing the images is password protected and only the Management Team has access to this equipment on site. Our system makes use of wireless communication links, (transmitting images between cameras and a receiver), we have ensured that these signals are encrypted to prevent interception. Furthermore, our system can transmit images over the internet, (eg, to allow viewing from off site if required), we have ensured that these signals are encrypted to prevent interception and also require some form of authentication for access. Only the owner has access to the CCTV off site. The system is kept in good working order and maintained by Delta. They do not have access to the images off site. Images are kept for one month and then deleted automatically. Should data need to be kept for a longer period of time for investigation, we reserve the right to do so.
To comply with current GDPR law, if an issue arises and a parent wishes to view the recording, then this will be agreed with the management, director and parent. The parent will be given the opportunity to view the recording on site with appropriate supervision. CCTV recordings will be made available to the police or other pertinent authorities without consent if requested as such for child protection reasons.

Summary of Responsibilities

  • To uphold arrangements of this policy
  • To inform staff visitors / parents and children of the CCTV through appropriate signage
  • To handle data and images securely and responsibly within the aims of this policy. Those with access must be aware that they could be committing a criminal offence if they misuse the CCTV images.
  • To uphold the recorded procedures for subject access requests
  • To maintain the system appropriately and as stated above.
  • To report any breach of the system to the managing director and then to the ICO Data Protection Department.