On 25th May 2018, the UK will introduce its new data protection legislation. This is the same day the European Union’s General Data Protection Regulation (GDPR) comes into force.
The new data protection law will apply the EU’s GDPR standards for the processing of data considered to be “general data” – information processed for a reasons other than law enforcement or national security. Part 2 of the new law sets out how organisations should processes this “general data”.
This Privacy Notice describes how and why the Office of the Police and Crime Commissioner processes your data under Part 2, and the steps we take to ensure your information is kept safe. It also explains what rights you hold in regard to your personal information and what steps you should take should you have concerns about how we have handled your data.
Who are we?
The Office of the Police and Crime Commissioner for Cleveland is an independent body, led by a directly-elected Police and Crime Commissioner. The Office supports the Police and Crime Commissioner with his responsibility for the totality of policing in the former county of Cleveland in the north of England.
The Police and Crime Commissioner is the ‘Data Controller’ and together with the Chief Executive and Monitoring Officer exercises overall responsibility for the lawful processing of all personal data processed by the Office of the Police and Crime Commissioner. He is advised and assisted by the ‘Data Protection Officer’ who provides professional support and guidance in relation to data protection law.
Our data protection number is ZA000699 which is renewed annually.
Police and Crime Commissioner Data Protection Officer
Barry Coppinger Hannah Smith
C/O Steria Shared Service Centre, C/O Steria Shared Service Centre,
Ash House, Ash House,
III Acres, III Acres,
Princeton Drive, Princeton Drive,
TS17 6AJ TS17 6AJ
Processing under Part 2 – General Data
Why do we process your personal information, considered as general data?
The Office of the Police and Crime Commissioner process personal information for a variety of reasons.
For example, we process personal data for the following ‘lawful purposes’ to;
- Help us support those who contact the OPCC, which is done by obtaining their ‘Consent’ in order to improve the service we provide to the public,
- Assist us in meeting our ‘Legal Obligations’ as employers and in fulfilling statutory duties,
- To manage ‘Contracts’ with those who supply us with goods and services.
Whose personal information do we hold?
To assist us in carrying out the duties listed above, the Office of the Police and Crime Commissioner may obtain, use and disclose personal information relating to a wide variety of individuals including:
Our staff, volunteers, seconded; temporary and ‘call-off’ workers; Suppliers; Complainants, correspondents and enquirers; Police, criminal justice, local authority and political partners; Former and potential members of staff; Potential grant recipients.
What type of personal information do we process?
The type of personal data we hold will vary depending upon the reason you have had contact with us but it may include:
Your name and address; Employment details; Family information; Financial details; Goods or services provided; Racial or ethnic origin; Your opinions about matters we have consulted each other about; Religious or other beliefs of a similar nature; Trade union membership; Physical or mental health or condition; Sound and visual images; Complaint; incident and litigation information.
We aim to use and retain the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, or in a paper record such as a physical file or a photograph.
Where do we get personal data from?
To carry out the duties we have described, we may obtain personal information from a number of sources, including:
Persons making an enquiry or complaint; Employees of the Office of the Police and Crime Commissioner; police forces; Criminal justice partners; Fire services; Healthcare services; Local government; Voluntary sector organisations; Victim services; Suppliers, providers of goods or services; Association of Police and Crime Commissioners; Independent Office for Police Conduct; Her Majesty’s Inspectorate of Constabulary; Central government, governmental agencies and departments; Education, training establishments and examining bodies; Commercial or financial organisations; Legal representatives; Regulatory authorities; the media; Commissioned services; Outsourced providers working on our behalf.
How do we handle your personal information?
We handle your personal information according to Part 2 of the UK Data Protection Act 2018, which applies the EU’s General Data Protection Regulation (GDPR) standards for the processing of data considered to be ‘general data’.
Your personal data is held securely on our computer systems or in our physical files and is accessed by our staff, partners, contractors and volunteers when required to do so for a lawful purpose.
The Office of the Police and Crime Commissioner is committed to ensuring that the personal and sensitive information it holds about individuals is accurate, up to date, used only for the purpose intended and securely protected from inappropriate access.
We will regularly review your personal information and assess whether it is lawful for us to continue to retain it. When your information is no longer required for any purpose listed in this notice or there is no longer a lawful purpose for processing it, we will securely destroy it.
We have a commitment to ensuring that you can find out about your personal information, be given access to it and have the right to challenge its accuracy.
Who do we share your personal information with?
In order for the Police and Crime Commissioner to meet their statutory responsibilities and to offer most efficient and effective service to the public, we often need to work with partners. To ensure we can meet these duties, we may need to share your personal information with partners. These organisations may include:
Cleveland Police and other police forces; Criminal justice partners; Outsourced providers working on our behalf; Local government; Central government; Suppliers or contractors; including survey organisations; Commissioned services; Victim support services; Regulatory authorities; the Media.
We will ensure that only relevant information, with a specific purpose and circumstance will be disclosed to our partners. We will make sure we record the information we share and the reason for doing so.
How do we keep your personal information safe?
The Office of the Police and Crime Commissioner takes the security of your personal information very seriously.
We use a variety of security measures, including encryption and access controls, to help protect the security, integrity and availability of your information. We work hard to maintain physical, electronic and procedural safeguards to protect your information in line with the Act.
Areas where we store personal information are restricted to our staff and partner agency staff and are only accessible by those holding appropriate identification.
How long will you keep my personal information?
The Office of the Police and Crime Commissioner keeps your personal information as long as is necessary for the particular purposes for which it is held.
Records containing personal information will be managed in accordance with the OPCC’s Retention Schedule.
Cookies are text files placed on your computer or mobile device to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the PCC website and to compile statistical reports on website activity.
You can set your browser not to accept cookies, although this may have an impact on some of our website features. You can learn more about cookies and how to disable them, please read our Cookies Policy.
What are my information rights?
Individuals’ rights are one of the most important changes of the new Data Protection Act. The law makes some changes to existing rights by extending or clarifying them, as well as introducing new rights.
Your information rights under GDPR are:
Right to be Informed
The Office of the Police and Crime Commissioner must describe how we obtain, use and store your information and who we may share it with.
We have developed this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the new legislation.
Right of Access
Commonly known as subject access, this right gives you access to your personal data and any supplementary information. There are some restrictions on this right.
Right to Rectification
You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
Right to Erasure
This right is also known as ‘the right to be forgotten’. You are entitled to request the deletion or removal of your personal data where it is no longer a lawful basis to continuing processing it.
Right to Restrict Processing
You have the right to ‘block’ or suppress the processing of your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
Right to Data Portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
Right to Object
This right gives you the right to object to the processing of your personal data. This effectively allows you to ask organisations to stop processing your personal data.
You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes.
You can also object if the processing is for:
- A task carried out in the public interest or based on legitimate interests;
- The exercise of official authority vested in the organisation; or
- Scientific or historical research, or statistical purposes.
Rights Relating to Automated Decision Making
Automated individual decision-making is a decision made by automated means without any human involvement.
You have the right to object to profiling in certain circumstances.
Should you wish to learn more about your information rights or how to make an Information Rights Request please follow the below links:
Make an Information Rights Request
How to make a complaint to the Information Commissioner
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights and ensure organisations are complying with data protection legislation. You have the right to lodge a complaint with them if you have concern about how we have used your personal information.
ICO Helpline: 0303 123 1113
Information Commissioner's Office
Changes to the our Privacy Notice