WHY DO WE HAVE THIS PRIVACY NOTICE?

At BOXRAW, respecting your personal information reflects our values. This notice explains how your personal data may be collected and used when you visit our premises, specifically via CCTV and Access Control systems.
Please note:

• CCTV and Access Control systems at our offices are operated by CV Life, our landlord.
• CV Life is the data controller for these systems and manages the personal data captured.
• BOXRAW has access to limited data from the Access Control system where relevant to its operations.

For full information on how CV Life handles personal data, please see their privacy policy: https://cvlife.co.uk/privacy-policy/

THE CONTROLLER OF YOUR PERSONAL INFORMATION

• CCTV: Controlled by CV Life. BOXRAW does not operate or access CCTV footage directly unless permitted by CV Life under specific conditions (e.g. incident investigation).
• Access Control: Operated by CV Life, but BOXRAW may receive limited data (e.g. entry logs or user permissions) as part of managing access for staff, visitors, or contractors. In such cases, BOXRAW and CV Life may act as joint controllers, each responsible for different aspects of the processing.

If you're unsure who to contact regarding your data, reach out to our DPO at mydata@boxraw.com.

WHAT PERSONAL INFORMATION IS COLLECTED?

• CCTV (CV Life controlled):
  • Video recordings and still images of individuals on the premises, which may capture faces, clothing, activities, or vehicles.
• Access Control (shared between CV Life and BOXRAW):
  • Name, job title, contact details, and access credentials (e.g. fob ID, card number).
  • Logs of entry/exit including timestamps and location.

LAWFUL BASES FOR PROCESSING

• CV Life processes CCTV and Access Control data under:
  • Legitimate interests (security and building management),
  • Legal obligations (health and safety),
  • Or public interest (crime prevention).

• BOXRAW may process shared Access Control data for:
  • Legitimate interests (managing office access, safeguarding staff and property),
  • Contractual necessity (granting access to staff or contractors),
  • Compliance with legal obligations (e.g. health and safety record-keeping).

WHO HAS ACCESS TO YOUR DATA?

• CCTV: Only CV Life has full access. BOXRAW may request footage in specific cases, subject to CV Life approval and legal basis.
• Access Control:
  • CV Life operates the system and retains primary control.
  • BOXRAW may view logs or assign access credentials for its staff, consultants, or authorised visitors.

Access is restricted to authorised personnel and is protected with appropriate technical and organisational safeguards.

DATA SHARING

Your data may be shared with:

• CV Life (as the landlord and system operator)
• Internal BOXRAW teams (e.g. facilities, tech, legal) where required
• Law enforcement or regulatory authorities, if required by law
• Legal or professional advisers, in the event of claims or disputes

INTERNATIONAL TRANSFERS

We do not routinely transfer CCTV or Access Control data outside the UK/EEA. If required, we use EU Standard Contractual Clauses and the UK Addendum to safeguard any such transfers.

DATA RETENTION

• CCTV: Retained in line with CV Life's policies (typically 14–30 days).
• Access Control: Data is retained by CV Life and BOXRAW only as long as necessary for access management or legal purposes.

Where footage or logs relate to an incident or claim, they may be retained for longer as required.

YOUR RIGHTS

You have rights under UK GDPR, including to:

• Access or correct your data
• Request erasure (in limited cases)
• Object to processing based on legitimate interests
• Restrict processing
• Lodge a complaint with the ICO

If your data was collected via CCTV or Access Control:

• CCTV requests → Contact CV Life: CV Life Privacy Policy
• Access Control data shared with BOXRAW → Contact BOXRAW’s DPO at mydata@boxraw.com

Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at https://ico.org.uk/for-the-public/.

IF YOU HAVE QUERIES OR CONCERNS JUST ASK!

We have appointed a data protection officer (DPO) to oversee our compliance with data protection laws. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO on mydata@boxraw.com

COMPLAINTS

We hope you don’t have any reason to complain, and we will always try to resolve any issues you have, but you always have the right to make a complaint at any time to the ICO about how we deal with your personal information or your rights in relation to your personal information. If you are based outside of the UK you may have the right to complain to your local data protection regulator.

You can make a complaint in writing to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom or you can go to https://ico.org.uk/make-a-complaint/.

CONTACTING US

If you have any queries regarding our use of your personal information or this privacy notice then please contact our DPO at mydata@boxraw.com or write to DPO, BOXRAW, Ground & First Floor Offices, Herbert Art Gallery, Jordan Well, Coventry, England, CV1 5QP. You can use these details regardless of which of our group companies is the controller of your personal information in our CCTV and Access Control systems.