Jersey Data Protection Law 2018 Article 12 (4) Information to be provided to data subject;


Relevant Information
(a) the identity and contact details of the controller, and (where applicable), the controller’s representative;


Randalls Limited, Randalls Offices, Clare Street, St Helier, JE2 3XE
(b) the contact details of the data protection officer (if any);


Ruth Wainwright
(c) the purposes for which the data are intended to be processed and the legal basis for the processing;The principal purposes of Randalls CCTV systems are as follows:
• for the prevention, reduction, detection and investigation of crime and disorder;
• public safety to ensure the safety of staff, customers and visitors;
• prevention of public nuisance;
• protection of children from harm;
• to assist in the investigation of suspected breaches of Randalls company policies set out in the company handbook and
• the monitoring and enforcement of the secure door entry systems.
d) an explanation of the legitimate interestLegitimate Interest: As a means to protect/safeguard people and property (as per CCTV Policy), and provide necessary evidence for Law Enforcement, as guided by Law Enforcement, balanced against the rights of the individuals. The balance for privacy achieved by admin controls (eg restricted access) and technical controls (eg login, password, encryption) and oversight via governance policy and procedures following best practice from ICO (UK) and OIC Jersey, and SoJ Police. There is no special category or high-risk data and retention is generally 30 days (unless there is an investigation)


(e) the recipients or categories of recipients of the personal data (if any)At Randalls Sites with CCTV operating location there may be Data Sharing with….
• SOJ Police, under the terms of a suitable Data Sharing Agreement + Process
• OIC Jersey Regulator, under the terms of a suitable Data Sharing Agreement + Process
• Other Regulator or Law Enforcement, as directed
(f) where applicable, the fact that the controller intends to transfer personal data to a third country (eg use USA based systems)Randalls utilises systems that may host or back-up data outside EEA or EU [For which we ensure there is best practice admin controls (eg restricted access) and technical controls (eg password + encryption)] The details of how we maintain Confidentiality (ensure data is secure and private) Integrity (ensure data is correct and not corrupt) and Access (ensure data not lost, stolen or denied) are available in our Information Security Policy.
Note the Randalls Sites with CCTV operating hardware, software and infrastructure is all based in Jersey with no data hosted, stored, processed outside EU EEA.
Randalls routinely reviews the following
• Organisation of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, dev. and maint.
• Supplier relationships
• Security incident management
• Business continuity management
• Compliance
Randalls is looking to update the Information Security Policy a a result of Schrems II, and eagerly awaits the guidance if the OIC Jersey Regulator.
(g) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period


Data is stored for 30 days, unless subject to Investigation or a Law Enforcement order this has been retained.
(h) information concerning the rights of data subjects (eg right to request data etc.)Part 6 of the DPJL gives rights to individuals in respect of personal data held about them by others. The rights are:
• a. Right to be informed (Art.12)
• b. Right to subject access (Arts.28-30)
• c. Right to rectification (Art.31)
• d. Right to erasure (Art.32)
• e. Right to restriction of processing (Art.33)
• f. Right to data portability (Art.34)
• g. The right to object to processing for the purpose of public functions or legitimate interests (Art.35), for direct marketing purposes (Art.36) and for historical or scientific purposes (Art.37)
• h. Right regarding automated individual decision-making and profiling (Art.38).
Not all right apply in all circumstances, for example right to erasure of data required for Law Enforcement, so please contact us and we will be happy to answer your query.
(i) where the processing is based on consent, the existence of the right to withdraw consent


(not applicable for CCTV)
(j) the existence of any automated decision-making,


(not applicable for CCTV)
(k) a statement of the right to complain to the Authority;You can complain to us, or if we do not satisfy to Jersey Office of the Information Commissioner, 2nd Floor, 5 Castle Street, St Helier, Jersey JE2 3BT Telephone number: +44 (0) 1534 716530 Email:


(l) whether the provision of personal data is a statutory or contractual requirement,


(not applicable for CCTV)
(m) where the personal data are not obtained directly from the data subject, information identifying the source of the data


(not applicable for CCTV)
(n) any further information that is necessary, having regard to the specific circumstances


(not applicable for CCTV)