CCTV Notice
Objective and scope
This CCTV Notice (“Notice”) document covers the collection and processing of personal data through Closed-Circuit Television (CCTV) systems, used by GTT. It applies for the office of GTT Communications India Private Limited located at 8th floor, Platinum Towers, Final plot No.4 City Survey No.1678 to 1683, Bhamburda, Shivajinagar, Maharashtra, India falling under the scope of The Digital Personal Data Protection Act, 2023. The CCTV monitoring is carried out to support GTT’s legitimate interests, specifically for the purposes of maintaining security, protecting company assets, and assisting in the prevention and investigation of incidents. The relevant Notice is intended to inform GTT employees, visitors and contractors that GTT’s offices are under 24-hour video surveillance.
The processing of personal data via CCTV is conducted in compliance with the Digital Personal Data Protection Act, 2023 and aligns with the principles and controls required under ISO/IEC 27001, GTT’s adopted Information Security Management System (ISMS) standard.
This Notice outlines the scope, purpose and legal basis for CCTV monitoring, as well as your rights in relation to this type of data processing.
What is personal data
As a quick reminder, personal data is any information relating to an individual that would identify or permit the identification of the individual, directly, or indirectly. Remember that this can include anything that alone or together with other information held, can identify an individual, such as name, unique ID, email address, telephone number, short name, job title (e.g. CEO), etc.
Purpose for processing
The purpose of the use of CCTV and the relevant data processing is to protect GTT’s physical property, confidentiality, security, integrity, personal and reputation as well as for the preservation of evidence where that may be necessary for the prevention or investigation against physical intrusion or crime.
GTT as a Data Fiduciary carries out the processing of personal data (through CCTV) as a legitimate use under Section 7 of the Digital Personal Data Protection Act 2023, necessary for ensuring the safety of personnel, premises, and information assets. The CCTV and the data collected is not used and will not be used for employee performance monitoring or any other purpose beyond what is stated in this Notice.
What data will be collected?
As part of the CCTV monitoring activities, GTT may collect and process the following types of personal data:
- Visual images of individuals, including employees, contractors and visitors, as they move within the range of the CCTV cameras.
- Behavioural data, such as movement patterns, interactions, or activities occurring within monitored areas.
- Date and time stamps associated with the recorded footage.
- Location data, indicating the specific area under surveillance.
No audio recording is captured.
How will the data be collected?
The CCTV is configured, positioned and angled to capture exclusively and only entrances, exit and access points. This prevents accidental capture of parts of other areas through the side view of the camera, which are outside the scope of this Notice and the CCTV monitoring.
The monitoring is continuous and only data necessary for the purpose of surveillance under the purpose for processing is collected.
Who has access to the collected data?
CCTV data is processed by GTT, acting as a Data Fiduciary, in line with Section 7 of the Digital Personal Data Protection Act, 2023. This processing is carried out to serve GTT’s legitimate use, which includes protecting property and assets, maintaining confidentiality, security, and operational integrity, ensuring the safety of individuals and GTT’s reputation, and preserving evidence when and if required for the prevention, detection, or investigation of physical intrusion or crime.
Rights of individuals
Under the Digital Personal Data Protection Act, 2023, individuals whose personal data is processed through CCTV systems (“Data Principals”) have the following rights:Right to Access Information: Data Principals may request confirmation of whether your personal data (such as CCTV footage) has been processed and seek details of such processing, subject to reasonable verification of identity.
- Right to Correction and Erasure: Data Principals may request correction of inaccurate personal data or deletion of footage relating to you, where retention is no longer necessary for the purpose of security or compliance with legal obligations.
- Right of Grievance Redressal: Data Principals may raise concerns or complaints regarding the processing of your personal data. GTT will address such grievances within a reasonable period through its designated contact point.
- Right to Complain to the Data Protection Board of India: If the grievance remains unresolved, the Data Principal may escalate the matter to the Data Protection Board of India in accordance with procedures under the DPDP Act.
These rights are subject to the limitations and conditions specified under the DPDP Act, 2023 — including situations where retention or disclosure of CCTV footage is required by law or necessary for the security and integrity of the premises.
If you seek further information about how your personal data is processed in the workplace, please consult GTT Employee Privacy Notice, which provides additional context and guidance specific to employee data processing.
Data retention
The CCTV monitored areas are recorded for 24/7 in 10 days’ snippets. Should motion be detected, the footage is stored for up to 1 month. CCTV footage is retained only for as long as necessary and in line with the retention period specified herein. Please note that access to footage may be limited where disclosure would adversely affect the rights and freedoms of other individuals, or where exemptions apply under applicable law.
Contact information
In case of questions, concerns, complaints or requests please contact GTT’s Data Protection Team at [email protected].
GTT will acknowledge and respond to any queries within a reasonable period, in accordance with GTT internal procedures.
If the complaint remains unresolved after communication with the Data Protection Team, the Data Principals may lodge a complaint with the Data Protection Board of India under Section 13 of the DPDPA, 2023.
Last updated: December 2025