How Gwent Police Uses Personal Information

Privacy Notice

On the 25th May 2018 the UK produced its third generation of data protection law. This is the same date as the General Data Protection Regulation (GDPR) was launched throughout the European Union, EU.

The new data protection law will apply the EU’s GDPR standards for the processing of data considered as “general data”, this is data which is processed for a reason not involving law enforcement or national security. How organisations should process “general data” can be found at Part 2 of the new law.

The processing of data for law enforcement purposes can only be done by an organisation which is considered as a “competent authority”. Law enforcement purposes are “the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security”. The description of a “competent authority” is laid down in data protection law, and includes but is not limited to, organisations such as police forces, the Financial Conduct Authority and the Information Commissioner. How organisations should process data for “law enforcement purposes” can be found at Part 3 of the law.

This Privacy Notice explains how and why Gwent Police process your personal data, under Part 2, “general data” and Part 3 “law enforcement data” and the steps we take to keep your information safe. It also describes your rights in regard to your personal information and how to complain to the Information Commissioner if you have concerns as to how we have handled your data.

Who are we?

Gwent Police is the territorial police force responsible for policing the areas of Gwent, United Kingdom, including the Newport, Torfaen, Caerphilly, Monmouthshire and Blaenau Gwent unitary authority areas.

The Chief Constable of Gwent Police is the “Controller” and as such has overall responsibility for the lawful processing of all personal data processed by the force. He is assisted by the “Data Protection Officer” who provides advice and guidance in relation to data protection law.

 

Chief ConstableData Protection Officer
Julian WilliamsInformation Management Unit
Gwent Police HQGwent Police HQ
CroesyceiliogCroesyceiliog
CwmbranCwmbran
NP44 2XJNP44 2XJ

 

Data Protection Act 2018 – General Processing (Part 2) and Law Enforcement Processing (Part 3)

How to make a complaint to the Information Commissioner

 

Processing under Part 2 – General Data (GDPR)

Why do we process your personal information, considered as general data?

Gwent Police process personal information for a variety of reason which are not related to law enforcement.

  • For example we process personal data for the following “lawful purposes” to;
  • Assist us in meeting our “Legal Obligations” as employers,
  • To manage “Contracts” with those who supply us with goods and services,
  • To help us support those who we come into contact with, which can be done by obtaining their “Consent”, or due to our “Legitimate Interests”, this includes processes to improve the service we provide the public.
  • To perform tasks which are considered as being in the “Public Interest”.

Whose personal information do we hold?

In order to carry out the purposes described above Gwent Police may obtain, use and disclose personal information relating to a wide variety of individuals including:

  • Our staff, officers, volunteers, agents, temporary and casual workers;
  • Suppliers;
  • Complainants;
  • Correspondents, litigants and enquirers;
  • Advisers, consultants and other professional experts;
  • Missing or vulnerable persons;
  • Relatives, guardians and associates of the individual concerned;
  • Former and potential members of staff, pensioners and beneficiaries.

What type of personal information do we process?

The type of personal information we hold will vary depending upon the reason you have had contact with us but it may include:

  • Your name and address;
  • Family, lifestyle and social circumstances;
  • Education and training details;
  • Employment details;
  • Financial details;
  • Goods or services provided;
  • Racial or ethnic origin;
  • Political opinions;
  • Religious or other beliefs of a similar nature;
  • Trade union membership;
  • Physical or mental health or condition;
  • Sexual life;
  • Offences and alleged offences;
  • Criminal proceedings, outcomes and sentences;
  • Sound and visual images, including photographs of staff and officers;
  • References to manual records or files;
  • Information relating to safety and health;
  • Complaint, incident, civil litigation and accident details.

We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or a photograph.

Where do we get the personal information from?

To carry out the purposes we have described we may obtain personal information from a wide variety of sources, including:

  • HM Revenue and Customs;
  • Legal representatives and Solicitors;
  • Courts;
  • Voluntary sector organisations;
  • Independent Office for Police Conduct;
  • Her Majesty’s Inspectorate of Constabulary;
  • Auditors;
  • Police and Crime Commissioners;
  • Central government, governmental agencies and departments;
  • Relatives, guardians or other persons associated with an individual;
  • Current, past or prospective employers of individuals;
  • Healthcare, social and welfare advisers or practitioners;
  • Education, training establishments and examining bodies;
  • Business associates and other professional advisors;
  • Employees, officers and agents of Gwent Police;
  • Suppliers, providers of goods or services;
  • Persons making an enquiry or complaint;
  • Financial organisations and advisors;
  • Credit reference agencies;
  • Survey and research organisations;
  • Trade union, staff associations and professional bodies;
  • Local government;
  • Voluntary and charitable organisations;
  • Ombudsmen and regulatory authorities;
  • The media.

How do we handle your personal information?

We handle personal information according to the requirements of Part 2 of the UK Data Protection Act 2018, which applies the EU’s General Data Protection Regulation (GDPR) standards for the processing of data considered as “general data”. Your personal information, held on our systems and in our files, is secure and is processed by:

  • our staff and police officers; and
  • contractors, volunteers and “Processors” working on our behalf, in accordance with their contract;

    only when required to do so for a lawful purpose.

    We will ensure that your personal information is handled fairly and lawfully. We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy, is not excessive and is kept as up-to-date as possible and is afforded appropriate protection.

    We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.

    We will respect your information rights under the Act.

    Who do we share your personal information with?

    To carry out the purposes described, Gwent Police may disclose personal information to a wide variety of recipients, where necessary, including those from whom personal data is obtained. This may include:

    • Support Services for Victims and Offenders;
    • bodies or individuals working on our behalf such as IT contractors or survey organisations;
    • Local government;
    • Central government;
    • Ombudsmen and regulatory authorities;
    • The media;
    • Health Care Providers.

    Disclosures of personal information are made on a case-by-case basis, only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.

    Gwent Police will also disclose personal information to other bodies or individuals when required to do so, this could be under an act of legislation, by a rule of law, or by court order. This may include:

    • Child Maintenance Service;
    • Children and Family Court Advisory Services;
    • Home Office;
    • Courts;
    • Any other Regulatory Body who can demonstrate that there is a legitimate purpose for the processing of your personal data.

    Gwent Police may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

    How do we keep your personal information safe?

    Gwent Police takes the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.

    We will ensure that appropriate policies and training, as well as technical and procedural measures are in place. These will include, but is not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers, staff and partner agencies staff is only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings’ security to ensure security is adequate. Our systems meet appropriate industry and government security standards.

    We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to how any personal information contained within them may be used. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.

    How long will you keep my personal information?

    Gwent Police keeps your personal information as long as is necessary for the particular purpose or purposes for which it is held.

    Records that contain your personal information processed for “general data” purposes will be managed in accordance with the Gwent Police Retention Schedule.

    What are my information rights?

    A key area of change in the new Data Protection Act relates to individuals’ rights, the law clarifies and extends rights which existed under the Data Protection Act 1998, as well as introducing some additional ones.

    Your information rights will depend on the reasons why and how your information was collected and why it is being used.

    Your information rights in relation to personal data, considered as “general data”, are:

    Right to be Informed- This places an obligation upon Gwent Police to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.

    We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation.

    Right of Access – This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.

    Right to Request Rectification – You are entitled to have personal data rectified if it is inaccurate or incomplete.

    Right to Erasure – The right to erasure is also known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

    Right to Restrict Processing – Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, organisations are permitted to store the personal data, but not further process it.

    Right to Data Portability - The right to data portability allows you, in some instances, to obtain and reuse your personal data for your own purposes across different services.

    Right to Object - Individuals have the right to object to:

    • The processing of your personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • The processing of their personal data for direct marketing (including profiling); and
    • The processing of their personal data for the purposes of scientific/historical research and statistics.

    Rights Relating to Automated Decision Making – Automated individual decision making and profiling is a decision made by automated means without any human involvement.

    Should you wish to learn more about your information rights or how to make Information Rights Request please follow the appropriate link:

    Your Right to Information > Apply for Information Held About you on Gwent Police Systems

    Processing under Part 3 Law Enforcement

    Why do we process your personal information for law enforcement purposes?

    Gwent Police have a statutory duty to uphold the law, prevent crime, bring offenders to justice and protect the public. To do this it is necessary for us to process your personal information under the lawful basis of ‘public interest’ and ‘official authority’. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.

    The Administration of Justice, includes the prevention and detection of crime; apprehension and prosecution of offenders; protecting life and property; preserving order; maintenance of law and order; assisting the public in accordance with force policies and procedures; national security; defending civil proceedings and any duty or responsibility of the police arising from common or statute law.

    For the purpose of local crime and intelligence recording the Chief Constable of Gwent Police is a Joint Controller with the Chief Constable of South Wales Police.

    Whose personal data do we process for law enforcement purposes?

    In order to carry out the purposes described above, Gwent Police may obtain, use and disclose personal information relating to a wide variety of individuals including, but not limited to:

    • Offenders and suspected offenders;
    • Witnesses or reporting persons;
    • Individuals passing information to Gwent Police; and
    • Victims, both current, past and potential.

    What type of personal information do we process?

    In order to carry out our statutory responsibility we will process varying types of personal data, this includes;

    • Your name, date of birth, address and contact details;
    • Employment details;
    • Financial details;
    • Racial or ethnic origin;
    • Political opinions;
    • Religious or other beliefs of a similar nature;
    • Physical or mental health condition;
    • Sexual life;
    • Offences and alleged offences;
    • Criminal proceedings, outcomes and sentences;
    • Cautions, reprimands and warnings;
    • Physical identifiers, including DNA, fingerprints, and other genetic samples;
    • Photograph, Sound and visual images;
    • Criminal Intelligence;
    • Information relating to safety;
    • Incidents, and Accident details

    We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes. Personal information can be information that is held on a computer, in a paper record such as a file or images, but it can also include other types of electronically held information such as CCTV images and Body Worn Video footage.

    Where do we get the personal information from?

    The data we process for law enforcement purposes come from a wide variety of sources, including;

    • Other law enforcement agencies;
    • HM Revenue and Customs;
    • International law enforcement agencies and bodies;
    • Licensing authorities;
    • Legal representatives;
    • Prosecuting authorities;
    • Solicitors;
    • Courts;
    • Prisons and Young Offender Institutions;
    • Security companies;
    • Partner agencies involved in crime and disorder strategies;
    • Private sector organisations working with the police in anti-crime strategies;
    • Voluntary sector organisations;
    • Approved organisations and people working with the police;
    • Independent Office for Police Conduct;
    • Her Majesty’s Inspectorate of Constabulary;
    • Governmental agencies and departments;
    • Emergency services such as the Fire Brigade, National Health Service or Ambulance;
    • Persons arrested;
    • Victims;
    • Witnesses;
    • Relatives, guardians or other persons associated with the individual;
    • Gwent Police CCTV systems;
    • Body worn video and from correspondence sent to us.

    There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.

    How do we handle your personal information?

    We handle personal information according to the requirements of Part 3 of the Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a “need to know” basis by our staff, police officers, or data processors working on our behalf.

    We will ensure that your personal information is handled lawfully and fairly with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public.

    We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up-to-date as possible and will protect your data from unauthorised access or loss.

    We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.

    Who do we share your personal information with?

    To enable Gwent Police to meet their statutory duty we may be required to share your data with other organisations that process data for a similar reason, in the UK and/or overseas, or in order to keep people safe. These organisations include:

    • Other law enforcement agencies (including international agencies);
    • Partner agencies working on crime reduction initiatives;
    • Partners in the Criminal Justice arena;
    • Local government;
    • Authorities involved in offender management;
    • International agencies concerned with the safeguarding of international and domestic national security;
    • Third parties involved with investigations relating to the safeguarding of national security; and
    • Other bodies or individuals where it is necessary to prevent harm to individuals.

    Disclosures of personal information is considered on a case-by-case basis, using only the personal information appropriate to a specific purpose and circumstances, and with necessary controls in place.

    Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union – some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.

    Gwent Police will also disclose personal information to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order. This may include:

    • Serious Fraud Office;
    • National Fraud Initiative;
    • Courts.

    How do we keep your personal information safe?

    Gwent Police takes the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.

    We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include, but are not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers and staff, are only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings security to ensure they are secure. Our systems meet appropriate industry and government security standards.

    We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal information contained within them. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.

    How long will you keep my personal information?

    Gwent Police keeps your personal information as long as is necessary for the particular purpose or purposes for which it is held. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer

    Other records that contain your personal information and which was processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information (MoPI),  and Gwent Police’s Record Retention Policy.

    What are my Rights?

    A key area of change in the Data Protection Act 2018 relates to individuals’ rights, the law refreshers existing rights by clarifying and extending them and introduces new rights.

    However your information rights will be dependent on the reason why and how the data was collected and why it is being used.

    Your information rights in relation to your personal data processed for law enforcement purposes are:

    Right to be Informed – This places an obligation upon Gwent Police to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.

    We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation

    Right of Access – This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.

    Right to Request Rectification – You are entitled to have personal data rectified if it is inaccurate or incomplete.

    Right to Erasure and Right to Restriction – You have the right to request the deletion or removal of your personal data and/or the right to ‘block’ or restrict the processing of your personal data where there is no compelling reason for its continued processing.

    Rights Relating to Automated Decision Making – Automated individual decision making and profiling is a decision made by automated means without any human involvement.

    Should you wish to learn more about your information rights or how to make an Information Rights Request please follow the appropriate link:

    Should you wish to learn more about your information rights or how to make Information Rights Request please follow the appropriate link:

    Your Right to Information > Apply for Information Held About you on Gwent Police Systems

    How to make a complaint to the Information Commissioner

    The Information Commissioner is the independent Authority responsible within the UK for ensuring we comply with data protection legislation. If you have a concern about how we have used your personal information or you believe you have been adversely affected by our handling of your data you may wish to contact them using the information below:

     

    Their Helpline:0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm)
    Their email:casework@ico.org.uk
    Their Address:

    Information Commissioners Office

    Wycliffe House

    Wilmslow

    SK9 5AF

     

    Changes to our Privacy Notice

    We keep our privacy notice under regular review. This privacy notice was last updated on the 25th May 2018.

    If we plan to use your personal information for a new purpose we will update our privacy notice and communicate the changes before we start any new processing.

    https://www.south-wales.police.uk/en/home/