Video surveillance and visitor privacy notice

We may collect, use and store the following types of personal information when you visit our offices and/or the premises where we operate:

Personal identification information: Full name, government issued identification documents, vehicle registration plate, employee ID (if you’re a member of Mott MacDonald’s workforce visiting another office location) and signature

Contact details: Email address and phone number

Business information: Company name, company address, company identification documents

Health information: Food allergies and dietary restrictions (for example, when providing lunch or refreshments) and accessibility requirements (to facilitate your entry into our offices and assist in emergencies)

Biometric information: facial geometry (for example, when you visit our offices in the United Arab Emirates and Sydney, Australia we scan your facial features using facial recognition software)

Online information: Internet protocol address (‘IP Address’) and websites visited. We may monitor traffic on our guest WiFi networks using industry standard intrusion detection systems. This allows us to see limited information about a visitor’s network behaviour, including the source and destination addresses the visitor is connecting to and from

CCTV and video images: CCTV and video footage

We obtain your personal information from you when you visit our offices and/or the premises where we operate. This may be through our video surveillance equipment systems and/or when you enter your contact details (for example, name, date, time and reason for visit) into our visitor management system, visitor book or visitor registration form. 

Visitor management system: We collect your personal information when you visit our offices through our third-party visitor management systems (for example, Sine Core in Singapore and Concept SignIn in the UK) to register your contact details. 

Visitor book/visitor form: At certain office locations, we collect your personal information in our visitor book or through a visitor form (physical/hard copy) when you first arrive at our reception desk (for example, you provide your contact details, reason for visit and date and time of entry and exit). 

Our People: In some circumstances, you may provide your personal information directly to our People (verbally or in writing) in order to facilitate your attendance at our offices (for example, this may be to facilitate a job interview or to attend a meeting). 

CCTV and video images: Third parties collect your personal information (on our behalf) when you visit our offices and/or the premises where we operate (for example, through CCTV). This is to ensure the safety and security of our People and visitors, protect our premises and assets and for crime prevention and detection. Video surveillance technologies are clearly visible and are not hidden from sight, nor are they made to appear as non-surveillance equipment. Surveillance equipment is strategically placed to capture entry to our offices and the premises where we operate, freight elevators, security server rooms and parking areas. Where possible, signs are displayed to inform employees and visitors that video surveillance systems are in operation and who to contact for further information. Cameras are in operation 24 hours a day, 7 days a week. 

At certain office locations, personal information (for example, government identification, name, company entity) may be collected by building management. We do not control, operate or normally have access to their personal information. You should direct your privacy enquiries, including any requests to exercise your privacy and data protection rights, to the entity providing building management services.  

We will only use personal information about you when the law allows us to do so. In certain locations, there may be differences in the legal justifications that can be relied upon when we collect, use, and handle personal information due to local legal requirements or the way that Mott MacDonald operates in that location. If that is the case, we will notify you of the differences in a supplementary privacy notice.

We have outlined the purposes for which we use your personal information in the context of our video surveillance and visitor management activities below, along with the categories of personal information used:

Managing health, safety and security

• Personal safety of our People and visitors including client representatives, job applicants, contractors, external training providers, supplier/vendor contacts, work experience apprentices and trainees and other members of the public
• Accommodating any food allergies and dietary restrictions when we provide you with lunch or refreshments
• Protection of our premises and assets from damage, disruption and vandalism 
• Crime prevention and detection 
• In case of a fire, flood or other emergency
• Managing visitor access and notification of arrival

Categories of personal information used for the above purposes include:

• Personal identification information
• Contact details
• Health information
• Biometric information
• Online information
• CCTV and video images

Managing access to our systems and network 

• Ensuring appropriate technical access to our systems and network including guest WiFi

Categories of personal information used for the above purposes include:

• Contact details
• Online information

Internal management and investigation

• Supporting internal investigations
• Assist in effective resolution of disputes, which arise in the course of disciplinary or grievance proceedings

Categories of personal information used for the above purposes include:

• Personal identification information
• Contact details
• Health information
• Biometric information 
• Online information
• CCTV and video images

Complying with legal obligations 

• Disclosing personal information to government agencies, regulatory authorities or law enforcement (this includes complying with subpoenas and court orders) 
• Record keeping and reporting obligations
• Pursuing our legal rights and remedies
• Establishing, exercising or defending Mott MacDonald’s legal position
• Managing complaints and legal claims

Categories of personal information used for the above purposes include:

• Personal identification information
• Contact details
• Business information
• Health information
• Biometric information
• Online information
• CCTV and video images

When using your personal information for the purposes above, we will generally rely on your consent, our legitimate interests or a legal obligation as our legal justification. 

In certain jurisdictions, such as the UK and EEA, where we rely on our legitimate interests to process this information, we will balance your rights and freedoms against our own interests, or those of any third parties, to ensure that your rights are not infringed. 

Personal information processed during our business activities may be shared, used, handled and otherwise made available to Mott MacDonald entities, service providers, and third parties when it is necessary and proportionate to do so. We may share, provide access to and transfer your personal information:

Within Mott MacDonald as appropriate to provide our services and to effectively maintain our business.

Our third party services providers who help deliver our visitor registration form (using its application and systems), provide us with technical support, and supply us with our video surveillance equipment systems. These include, Concept SignIn (visitor management) and Sine Core (visitor management).

First responders: if there is a medical or other emergency at our office location.

An acquiring company if the structure of our business changes. For example, if we merge, combine or divest a part of our business, then we may need to transfer your personal information to the relevant third party or restructured organisation.

Regulatory authorities or law enforcement agencies if we need to comply with their request for information, such as where an investigation is being carried out.

When we need to share your personal information with these third parties, we use a combination of contractual, physical and technical measures to keep it secure. To protect personal information that is transferred internationally, we ensure that appropriate safeguards are in place and that your privacy and data protection rights are protected. Those safeguards will normally include data encryption, role-based access permissions, and legal agreements that facilitate the lawful cross-border transfer of personal information. Please refer to our Group policies for more information.

Please note that we will never sell your personal information to a third party for any purpose.

We work hard to maintain and improve security measures that prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to personal information to individuals and organisations who have a legal right of access (for example, regulatory authorities or law enforcement agencies), or a legitimate business need to know (for example, office managers, administrators and service providers). Our service providers and suppliers will only process personal information in accordance with our instructions, and we ensure that all third parties are subject to a legal duty of confidentiality.

All Mott MacDonald People who may be required to access your personal information when carrying out their duties are required to complete privacy and data protection training on an annual basis.

Please also see our Information security and Privacy and data protection Group policies for more information.

We only keep your personal information which permits identification of individuals for no longer than is necessary for the purposes set out in this notice. Visitor records are generally kept for up to three months from the date you visited one of our offices and are permanently deleted after that time. Video surveillance recordings are generally kept between thirty and sixty days from the date of the recordings and are permanently deleted after that time. We may keep visitor records and video recordings for longer when required, such as cases of ongoing investigations of theft, crime or accident or when required by law.

When your personal information is deleted or destroyed, we ensure that it is safely and permanently disposed of in accordance with any local legal requirements.

We respect your rights over your personal information, which are set out below:

• Right of access to your personal information. This enables you to request a copy of your personal information and to check that we are processing it lawfully.
• Right to correct the personal information that we hold about you. This enables you to ask us to amend or update any incomplete or inaccurate personal information.
• Right to request erasure of personal information about you. This enables you to ask us to delete or remove personal information where there is no valid reason for us to continue processing it.
• Right to object to the use of your personal information if you think we do not have a valid reason to process it and want us to stop processing it. 
• Right to restrict further use of personal information about you. This enables you to ask us to limit or suspend the use of your personal information (for example, if you want us to confirm its accuracy or the reason why we are processing it).
• Right to transfer personal information about you to another party. You can ask us to send (or “port”) your personal information to another organisation. 

You can exercise these rights at any time by initiating a request via privacy@mottmac.com. There may be occasions where we need to collect personal information from you, such as your name and contact details, to verify your identity before responding to your request.

We will handle your request carefully and respond to you within any applicable statutory deadline (for example, in the UK and EEA, we will respond to you within one month from the date we receive your request and in California, we will respond to you within forty-five days from the date we receive your request). If there is a lawful reason to extend this deadline, then we will let you know as soon as possible.

If you choose to exercise any of your rights set out above, then please be assured that we are committed to treating you fairly and ensuring non-discriminatory treatment.

Please also note that the extent to which you can exercise your rights may be limited by the rights and interests of others (for example, where we are unable to delete all your personal information due to our regulatory obligations). If this is the case, we will let you know without undue delay.

If you have any concerns about this privacy notice, or how we have used your personal information for our own purposes, please contact our Privacy and Data Protection Team at privacy@mottmac.com. If youre located in Singapore, you can also contact us by calling 6293 1900. If you're a resident of California, please contact privacyamericas@mottmac.com or dial 925.469.8010.

If you're unhappy with how we have used your personal information, you can register a complaint with the data protection regulator in the country, state, or province where you are located.