This privacy notice explains how we, the Office of the Police and Crime Commissioner (OPCC) for Wiltshire and Swindon, obtain, hold, use and disclose information about you - your personal data – and the steps we take to ensure that it is protected. It also describes the rights you have with regard to your personal data handled by OPCC and includes how to contact the Information Commissioner should you have a concern with regard to how your personal data has been handled.
The use and disclosure of personal information is governed in the United Kingdom by the General Data Protection Regulation (‘GDPR’) and Data Protection Act 2018 (‘the Act’), collectively referred to as the Data Protection Legislation (‘the legislation’). The Police and Crime Commissioner for Wiltshire and Swindon is registered with the Information Commissioner as a ‘data controller’ for the purposes of the legislation. As such he is obliged to ensure that the OPCC for Wiltshire and Swindon handles all personal information in accordance with the legislation. The OPCC for Wiltshire and Swindon takes that responsibility very seriously and takes great care to ensure that personal information is handled appropriately in order to secure and maintain individuals’ trust and confidence.
Who we are?
The Police and Crime Commissioner, Angus Macpherson, is the data controller for the OPCC, and has overall responsibility for the lawful processing of all personal data. You can contact the PCC at firstname.lastname@example.org or at the below address. Please address to the attention of the OPCC.
The Data Protection Officer Laura North assists the PCC by providing advice and guidance on Data Protection legislation. The Data Protection Officer can be contacted by email: email@example.com or by writing to: DPO, Wiltshire Police HQ, London Road, Devizes, Wiltshire, SN10 2DN.
Why do we process personal data?
The OPCC processes personal information for a variety of reasons which are not directly related to law enforcement but assist with the provision of services to support the administration of justice. For example we process personal data for the following “lawful purposes” to;
- Assist us in meeting our “Legal Obligations” as employers
- To manage “Contracts” with those who supply us with goods and services
- To help us support those who we come into contact with, which can be done by obtaining their “Consent”, or due to our “Legitimate Interests”, this includes processes to improve the service we provide the public
- To perform tasks which are considered as being in the “Public Interest”
Whose personal data do we process?
In order to carry out the purposes described above, the OPCC may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to:
- Offenders and suspected offenders
- Witnesses or reporting persons
- Individuals passing information to Wiltshire Police
- Victims, both current, past and potential
- Our staff, officers, volunteers, agents, temporary and casual workers
- Former and potential members of staff, pensioners and beneficiaries
- Suppliers, Complainants, correspondents, litigants and enquirers
- Relatives, guardians and associates of the individual concerned
- Advisers, consultants and other professional experts
- Other individuals necessarily identified in the course of police enquiries and activity
What type of data do we process?
The type of personal information the OPCC hold will vary depending upon the reason you have had contact with us but it may include:
- Your name and address
- Fingerprints, DNA or photograph
- Family, lifestyle and social circumstances
- Education and training details
- Employment details
- Financial details
- Goods or services provided
- Racial or ethnic origin
- Political opinions
- Religious or other beliefs of a similar nature
- Trade union membership
- Physical or mental health or condition
- Sexual life
- Offences and alleged offences
- Criminal proceedings, outcomes and sentences
- Sound and visual images
- References to manual records or files
- Information relating to safety and health
- Complaint, incident, civil litigation and accident details
We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or an image but may also include other formats such as CCTV footage or an audio copy of an interview tape.
Where do we receive personal data from?
In order to carry out the purposes described above the OPCC may obtain personal information from a wide variety of sources, including the following:
- Approved organisations and people working with the police
- Central government, governmental agencies and departments; Emergency services
- Credit reference agencies
- Data Processors working on behalf of the OPCC
- Defence solicitors;
- Education, training establishments and examining bodies; Business associates and other professional advisors
- Employees and agents of OPCC
- Financial organisations and advisors
- Healthcare, social and welfare advisers or practitioners
- Her Majesty’s Inspectorate of Constabulary
- HM Revenue and Customs
- Independent Police Complaints Commission
- Individuals themselves
- International law enforcement agencies and bodies; Licensing authorities
- Legal representatives
- Local government
- Wiltshire Police
- Ombudsmen and Regulatory authorities
- Other law enforcement agencies
- Partner agencies involved in crime and disorder strategies
- Persons making an enquiry or complaint
- Private sector organisations working with the police in anti-crime strategies
- Prosecuting authorities
- Relatives, guardians or other persons associated with the individual; Current, past or prospective employers of the individual
- Security companies
- Suppliers, providers of goods or services
- Survey and research organisations
- The media
- Trade, employer associations and professional bodies
- Voluntary and charitable organisations
- Voluntary sector organisations
The OPCC may also obtain personal information from other sources such as its own CCTV systems, other police forces, correspondence and our own police systems.
Who do we share personal data with and why?
In order to process personal information for the purposes described above, the OPCC may disclose personal information to a wide variety of recipients in any part of the world, including those from whom personal information is obtained (as listed above). This may include disclosures to other law enforcement agencies, partner agencies working on crime reduction initiatives, partners in the Criminal Justice arena, Victim Support, Health Services and to bodies or individuals working on our behalf such as IT contractors or survey organisations.
We may also disclose to other bodies or individuals where necessary to prevent harm to individuals.
Disclosures of personal information are made on a case-by-case basis, only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the UK. If we do transfer personal information to such territories (outside of the EU), we will take proper steps to ensure that it is adequately protected as required by the Data Protection Legislation.
The OPCC will also disclose personal information to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. This may include disclosures to the Child Support Agency, the National Fraud Initiative, the Home Office and to the Courts.
The OPCC may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.
What measures do we take to ensure the security of personal data?
The OPCC takes the security of all personal information under its control very seriously. The OPCC will comply with the relevant parts of the Data Protection and other applicable Legislation relating to security, and seek to comply with the College of Policing Authorised Professional Practice (Information Management).
The OPCC will ensure that information security risks are identified and mitigated in a proportionate and reasonable way, using a holistic suite of controls to protect against loss, compromise and misuse. This is measured using Information Risk Management Maturity Assessments (independently verified) addressing people, process, procedure, policy, training and technology (including accounting and audit) security requirements. Access to information is controlled and is limited to explicitly authorised and appropriately security cleared (Vetted) personnel and is provided for specific purposes only under need to know and use principles. Security and other attendant processes are subject to a process of continuous review.
How long do we keep personal data for?
The OPCC will retain personal data for as long as is necessary for the purpose that it was collected for.
Records that contain personal data are held in accordance with the Retention Schedule.
What are your rights?
A significant area of change in the new Data Protection legislation relates to individuals’ rights. The Data Protection Act (2018) refreshes existing rights, by clarifying and extending them, and also introduces new rights for the individual.
How far you will be able to exercise each of these rights will be dependent on the reason for which the data was collected, and how it has / is being processed (used).
Right to be Informed - This places an obligation upon the OPCC to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with. This Privacy Notice has been written to explain how we will use your personal information and tell you what your rights are under the legislation.
Right of Access - This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.
You can exercise your right of access by clicking on the following link http://www.wiltshirepcc.gov.uk/Your-PCC/Your-Data.aspx and submitting your request.
Right to Request Rectification - You are entitled to have personal data rectified if it is shown to be inaccurate or incomplete.
Right to Erasure - The right to erasure is also more commonly known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason (lawful basis) for its continued processing.
Right to Restriction - You have the right to request that the continued processing of your data is restricted or blocked where there is no compelling reason (lawful basis) for its continued processing.
Right to Data Portability - The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. There are limitations to how this right can be exercised in relation to data held by Wiltshire Police.
Right to Object - Individuals have the right to object to:
- The processing of their personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- The processing of their personal data for direct marketing (including profiling); and
- The processing of their personal data for the purposes of scientific/historical research and statistics.
Rights Relating to Automated Decision Making - Automated individual decision making and profiling is a decision made by automated means without any human involvement. The OPCC do not conduct any automated individual decision making or profiling.
How do you contact the Information Commissioner?
The Information Commissioner is the independent authority responsible within the UK for ensuring compliance with data protection legislation. If you have a concern about how the OPCC have used your personal information or you believe you have been adversely affected by our handling of your data you may wish to contact them using the information below:
By Phone: 0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm)
By Email: firstname.lastname@example.org
Information Commissioners Office
Changes and updates to our privacy notice
This privacy notice will be under regular review. This privacy notice was last updated on the 23rd May 2018.
If we plan to use your personal information for a new purpose we will update our privacy notice accordingly, and communicate any changes before we start the new processing activity