This privacy notice explains how we, the Office of the Police and Crime Commissioner (OPCC) for Wiltshire and Swindon, obtain, hold, use and disclose information about you - your personal data – and the steps we take to ensure that it is protected. It also describes the rights you have with regard to how your personal data is handled by OPCC and includes how to contact the Information Commissioner should you have a concern with regard to how your personal data has been handled.
The use and disclosure of personal information is governed in the United Kingdom by the UK General Data Protection Regulation (‘UKGDPR’) and Data Protection Act 2018 (‘the Act’), collectively referred to as the Data Protection Legislation (‘the legislation’). The Police and Crime Commissioner for Wiltshire and Swindon is registered with the Information Commissioner as a ‘data controller’ for the purposes of the legislation. As such he is obliged to ensure that the OPCC for Wiltshire and Swindon handles all personal information in accordance with the legislation. The OPCC for Wiltshire and Swindon takes that responsibility very seriously and takes great care to ensure that personal information is handled appropriately in order to secure and maintain individuals’ trust and confidence.
Who we are?
The Police and Crime Commissioner, Philip Wilkinson, is the data controller for the OPCC, and has overall responsibility for the lawful processing of all personal data. You can contact the PCC at [email protected] or at the below address. Please address to the attention of the OPCC.
The Data Protection Officer, assists the PCC by providing advice and guidance on Data Protection legislation. They can be contacted by email: [email protected] or by writing to
Wiltshire Police HQ
Why do we process personal data?
The OPCC processes personal information for a variety of reasons which are not directly related to law enforcement but assist with the provision of services to support the administration of justice.
For example we process personal data for the following lawful purposes to;
Assist us in meeting our legal obligations as employers,
To manage contracts with those who supply us with goods and services,
To help us support those who we come into contact with, which can be done by obtaining their consent, or due to our legitimate interests; this includes processes to improve the service we provide the public.
To perform tasks which are considered as being in the public interest.
Whose personal data do we process?
In order to carry out the purposes described above, the OPCC may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to:
Offenders and suspected offenders
Witnesses or reporting persons
Individuals passing information to Wiltshire Police
Victims, both current, past and potential
Our staff, officers, volunteers, agents, temporary and casual workers
Former and potential members of staff, pensioners and beneficiaries
Suppliers, Complainants, correspondents, litigants and enquirers
Relatives, guardians and associates of the individual concerned
Advisers, consultants and other professional experts
Other individuals necessarily identified in the course of police enquiries and activity.
What type of data do we process?
The type of personal information the OPCC hold will vary depending upon the reason you have had contact with us but it may include:
Your name and address
Fingerprints, DNA or photograph
Family, lifestyle and social circumstances
Education and training details
Goods or services provided
Racial or ethnic origin
Religious or other beliefs of a similar nature
Trade union membership
Physical or mental health or condition
Offences and alleged offences
Criminal proceedings, outcomes and sentences
Sound and visual images
References to manual records or files
Information relating to safety and health
Complaint, incident, civil litigation and accident details.
We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or an image but may also include other formats such as CCTV footage or an audio copy of an interview tape.
Where do we receive personal data from?
In order to carry out the purposes described above the OPCC may obtain personal information from a wide variety of sources, including the following:
Approved organisations and people working with the police
Central government, governmental agencies and departments; Emergency services
Credit reference agencies
Data Processors working on behalf of the OPCC
Education, training establishments and examining bodies; Business associates and other professional advisors
Employees and agents of OPCC
Financial organisations and advisors
Healthcare, social and welfare advisers or practitioners
Her Majesty’s Inspectorate of Constabulary
HM Revenue and Customs
Independent Police Complaints Commission
International law enforcement agencies and bodies; Licensing authorities
Ombudsmen and Regulatory authorities
Other law enforcement agencies
Partner agencies involved in crime and disorder strategies
Persons making an enquiry or complaint
Private sector organisations working with the police in anti-crime strategies
Relatives, guardians or other persons associated with the individual; Current, past or prospective employers of the individual
Suppliers, providers of goods or services
Survey and research organisations
Trade, employer associations and professional bodies
Voluntary and charitable organisations
Voluntary sector organisations
The OPCC may also obtain personal information from other sources such as its own CCTV systems, other police forces, correspondence and our own databases.
Who do we share personal data with and why?
In order to process personal information for the purposes described above, the OPCC may disclose personal information to a wide variety of recipients in any part of the world, including those from whom personal information is obtained (as listed above). This may include disclosures to other law enforcement agencies, partner agencies working on crime reduction initiatives, partners in the Criminal Justice arena, Victim Support, Health Services and to bodies or individuals working on our behalf such as IT contractors or survey organisations.
We may also disclose to other bodies or individuals where necessary to prevent harm to individuals.
Disclosures of personal information are made on a case-by-case basis, only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the UK – some countries of which do not have laws that protect data protection rights as extensively as in the UK. If we do transfer personal information to such territories (outside of the UK), we will take proper steps to ensure that it is adequately protected as required by the Data Protection Legislation.
The OPCC will also disclose personal information to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. This may include disclosures to the Child Support Agency, the National Fraud Initiative, the Home Office and to the Courts.
The OPCC may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.
What measures do we take to ensure the security of personal data?
The OPCC takes the security of all personal information under its control very seriously. The OPCC will comply with the relevant parts of the Data Protection and other applicable Legislation relating to security, and seek to comply with the College of Policing Authorised Professional Practice (Information Management).
The OPCC will ensure that information security risks are identified and mitigated in a proportionate and reasonable way, using a holistic suite of controls to protect against loss, compromise and misuse. This is measured using Information Risk Management Maturity Assessments (independently verified) addressing people, process, procedure, policy, training and technology (including accounting and audit) security requirements. Access to information is controlled and is limited to explicitly authorised and appropriately security cleared (Vetted) personnel and is provided for specific purposes only under need to know and use principles. Security and other attendant processes are subject to a process of continuous review.
How long do we keep personal data for?
The OPCC will retain personal data for as long as is necessary for the purpose that it was collected for.
A significant area of change in the new Data Protection legislation relates to individuals’ rights. The Data Protection Act (2018) refreshes existing rights, by clarifying and extending them, and also introduces new rights for the individual.
How far you will be able to exercise each of these rights will be dependent on the reason for which the data was collected, and how it has / is being processed (used).
Right to be Informed - This places an obligation upon the OPCC to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.
This Privacy Notice has been written to explain how we will use your personal information and tell you what your rights are under the legislation.
Right of Access - This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.
You can exercise your right of access by clicking on the following link and submitting your request.
Right to Request Rectification - You are entitled to have personal data rectified if it is shown to be inaccurate or incomplete.
Right to Erasure - The right to erasure is also more commonly known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason (lawful basis) for its continued processing.
Right to Restriction - You have the right to request that the continued processing of your data is restricted or blocked where there is no compelling reason (lawful basis) for its continued processing.
Right to Data Portability- The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. There are limitations to how this right can be exercised in relation to data held by Wiltshire Police.
Right to Object - Individuals have the right to object to:
The processing of their personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
The processing of their personal data for direct marketing (including profiling); and
The processing of their personal data for the purposes of scientific/historical research and statistics.
Rights Relating to Automated Decision Making - Automated individual decision making and profiling is a decision made by automated means without any human involvement. The OPCC do not conduct any automated individual decision making or profiling.
How do you contact the Information Commissioner?
The Information Commissioner is the independent authority responsible within the UK for ensuring compliance with data protection legislation. If you have a concern about how the OPCC have used your personal information or you believe you have been adversely affected by our handling of your data you may wish to contact them using the information below:
By Phone: 0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm)