We use cookies to improve your experience. By continuing to browse this site, you are agreeing to our use of cookies. Find out more Accept and Close
Non-Emergency Enquiries: 101

Privacy Notice

Your privacy is important to us.

This Privacy Notice explains how Staffordshire Police collects, stores, uses, discloses, retains and destroys personal data, the steps we take to ensure that it is protected and also describes the rights individuals have in regard to their personal data handled by Staffordshire Police.

The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018 it is supplemented by the General Data Protection Regulation (GDPR) and incorporates the Law Enforcement Directive (LED). The Chief Constable of Staffordshire Police is registered with the Information Commissioner as a 'data controller' and is obliged to ensure that Staffordshire Police handles all personal data in accordance with the Data Protection Act and the GDPR.

Staffordshire Police takes its responsibility very seriously and ensures that personal data is handled appropriately in order to secure and maintain individuals' trust and confidence in the police service.

You can download the entire Privacy Notice as a PDF here:  Privacy Notice [346KB]

1. Why Do We Collect and Use Personal Information

Staffordshire Police collects, stores, uses, discloses and retains personal data for two broad purposes:

1. The Policing Purpose - which includes the prevention and detection of crime; apprehension and prosecution of offenders; protecting life and property; preserving order; maintaining of law and order; rendering assistance to the public in accordance with force policies and procedures; and any duty or responsibility of the police arising from common or statute law.

2. The provision of services to support the Policing Purpose - which include:

  • Staff administration, occupational health and welfare;
  • Management of public relations, journalism, advertising and media;
  • Management of finance
  • Internal review, accounting and auditing;
  • Training;
  • Property management;
  • Insurance management;
  • Vehicle and transport management;
  • Payroll and benefits management;
  • Management of complaints;
  • Vetting;
  • Management of information technology systems;
  • Legal services;
  • Information provision;
  • Licensing and registration;
  • Pensioner administration;
  • Research, including surveys[3];
  • Performance management
  • Sports and recreation;
  • Procurement;
  • Planning;
  • System testing and fault resolution;
  • Security;
  • Health and safety management

[1]'Personal Data' is defined in Article 4 of the General Data Protection Regulation (GDPR).  In practical terms it means any information handled by Staffordshire Police that relates to an identified or identifiable natural person; an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

[2]This document is designed to help satisfy the rules on giving privacy information to data subjects in Articles 12, 13 and 14 of the GDPR.

[3]Staffordshire Police is required to conduct Customer Satisfaction Surveys to evaluate our performance and effectiveness.  We may contact individuals, such as victims of crime or those reporting incidents, and ask them to give us their opinion of the services we are providing to the public.  We use the information given to improve our service and wherever we can, Staffordshire Police, like many police forces uses a private company to undertake such surveys on our behalf with strict controls to protect the personal data of those involved.

 

2. Whose Personal Data Do We Handle?

In order to carry out the purposes described under section 1 above Staffordshire Police may collect, store, use, disclose (see section 8 below) and retain personal data relating to a wide variety of individuals including the following:

  • Staff including volunteers, agents, cadets, temporary and casual workers;
  • Suppliers;
  • Complainants, correspondents and enquirers;
  • Relatives, guardians and associates of the individual concerned;
  • Advisors, consultants and other professional experts;
  • Offenders and suspected offenders;
  • Witnesses;
  • Victims;
  • Former and potential members of staff, pensioners and beneficiaries;
  • Other individuals necessarily identified in the course of police enquiries and activity.

Staffordshire Police will only use appropriate personal information necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record such as a file, as images, but can also include other types of electronically held information such as CCTV or Body Worn Videos images.

3. What Types of Personal Data Do We Handle?

In order to carry out the purposes described under section 1 above Staffordshire Police may collect, store, use, disclose (see section 8 below) and retain personal data relating to or consisting of the following:

  • Personal details such as name, address and biographical details;
  • Family, lifestyle and social circumstances;
  • Education and training details;
  • Financial details;
  • Goods or services provided;
  • Racial or ethnic origin;
  • Membership of extremist political parties;
  • Religious or other beliefs of a similar nature;
  • Trade union membership;
  • Physical or mental health or condition;
  • Sexual orientation;
  • Offences (including alleged offences);
  • Criminal proceedings, outcomes and sentences;
  • Physical identifiers including DNA, fingerprints and other genetic samples;
  • Sound and visual images;
  • Licences or permits held;
  • Criminal Intelligence;
  • References to manual records or files;
  • Information relating to health and safety;
  • Complaint, incident and accident details.

Staffordshire Police will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record such as a file, as images, but can also include other types of electronically held information such as CCTV or Body Worn Videos images.

4. Where Do We Obtain Personal Data From?

In order to carry out the purposes described under section 1 above Staffordshire Police may collect personal data from a wide variety of sources other than direct from yourself, including the following:

  • Other law enforcement agencies;
  • HM Revenue and Customs (HMRC);
  • International law enforcement agencies and bodies;
  • Licensing authorities;
  • Legal representatives;
  • Prosecuting authorities;
  • Defence solicitors;
  • Courts;
  • Prisons;
  • Security companies;
  • Partner agencies involved in crime and disorder strategies;
  • Private sector organisations working with the police in anti-crime strategies;
  • Voluntary sector organisations;
  • Approved organisations and people working with the police;
  • Independent Office for Police Complaints (IOPC);
  • Her Majesty's Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS);
  • Auditors;
  • Office of the Police and Crime Commissioner (OPCC);
  • Central government, government agencies and departments;
  • Emergency services;
  • Relatives, guardians or other persons associated with the individual;
  • Current, past or prospective employers of the individual;
  • Healthcare, social and welfare advisers or practitioners;
  • Education, training establishments and examining bodies;
  • Business associates and other professional advisors;
  • Employees and agents of Staffordshire Police;
  • Suppliers, providers of goods or services;
  • Persons making an enquiry or complaint;
  • Financial organisations and advisors;
  • Credit reference agencies;
  • Survey and research organisations;
  • Trade, employer associations and professional bodies;
  • Local government;
  • Voluntary and charitable organisations;
  • Ombudsmen and regulatory authorities;
  • The media;
  • Data processors working on behalf of Staffordshire Police.

Staffordshire Police may also obtain personal data from other sources such as its own CCTV systems, Body worn video or correspondence.

5. Which Lawful Basis Do We Use to Process This Information

As a public body, we collect and use information in relation to offenders, suspected offenders, victims, witnesses and individuals/staff that work for us.  The lawful bases that we rely on are detailed below:

Consent - We have been given clear consent to process the personal data for a specific purpose

Contract - The processing is necessary for a contract that we have with an individual

Legal obligation - the processing is necessary for us to comply with the law

Vital interest - the processing is necessary to protect someone's life

Public Task - the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.

6. How do we Handle Personal Data?

In order to achieve the purposes described in section 1 Staffordshire Police will handle personal data in accordance with the Data Protection Act 2018, the GDPR and LED.  For personal data processed under Part 2 which applies to general processing under the GDPR, we will ensure that any personal data is:

"Processed lawfully, fairly, and in a transparent manner in relation to individuals; 

Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

Adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed;

Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures."

For personal data processed under Part 3 which applies to Law Enforcement processing, we will ensure that any personal data is:

         "Processed lawfully and fairly;

Collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with the purpose for which it was originally collected;

Adequate, relevant and not excessive in relation to the purpose for which it is processed;

Accurate and, where necessary, kept up to date, and;

Every reasonable step must be taken to ensure that personal data is accurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay;

Kept for no longer than is necessary for the purpose for which it is processed. Appropriate time limits must be established for the periodic review of the need for the continued storage of personal data for any of the law enforcement purposes;

Processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, "appropriate security" includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage)."

Staffordshire Police will strive to ensure that any personal data used by us or on our behalf is not excessive, reviewed appropriately and securely destroyed when no longer required.  We will also respect individuals' rights as detailed in section 9 below.

7. How do we Ensure the Security of Personal Data?

Staffordshire Police takes the security of all personal data under our control very seriously. 

We will comply with the relevant parts of the Data Protection Act 2018, the GDPR and LED relating to security, and seek to comply with the National Police Chiefs Council (NPCC) and relevant parts of the ISO27001 Information Security Standard.

We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them.  These procedures are continuously managed and enhanced to ensure up-to-date security.

8. Who do we Disclose Personal Information to?

In order to carry out the purposes described under section 1 above Staffordshire Police may disclose personal information to a wide variety of recipients in any part of the world, including those from whom personal data is obtained (as listed above).

This may include disclosures to other law enforcement agencies, partner agencies working on crime reduction initiatives, partners in the Criminal Justice arena, Victim Support and to bodies or individuals working on our behalf such as IT contractors, survey organisations or data processors working on our behalf. We may also disclose to other bodies or individuals where necessary to prevent harm to individuals.

Disclosures of personal data will be made on a case-by-case basis, using the personal data appropriate to a specific purpose and circumstances, and with necessary controls in place.

Some of the bodies or individuals to which we may disclose personal data are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom.  If we do transfer personal information to such territories, we will take proper steps to ensure that it is adequately protected as required by the Data Protection Act 2018.

Staffordshire Police will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. This may include disclosures to the Child Maintenance Service, the National Fraud Initiative, the Home Office, and to the Courts.

Staffordshire Police may also disclose personal data on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

9. What are the Rights of the Individuals Whose Personal Data is Handled by Staffordshire Police?

The GDPR provides certain rights for individuals however all of these rights do not apply when it comes to Law Enforcement processing and even then the applicable rights do not apply in all circumstances, there are exemptions and restrictions that can be legitimately applied to prevent individuals from exercising rights, see below:

The right to be informed- this area is covered by this privacy notice

The right of access - Previously a Subject Access request.  The most commonly exercised right is that used by individuals to obtain a copy, subject to exemptions, of their personal data processed by Staffordshire Police as detailed under Article 15 of the GDPR. Details of the application process, known as 'Right of Access' can be found from the force internet at: https://www.staffordshire.police.uk/RoA

Alternatively individuals may contact Staffordshire Police in person, via telephone or social media to make the request, however the preferred method is via the application process.

Rights of access do not apply to the processing of 'relevant personal data'[4], i.e. we can limit confirmation that we are processing data and access to personal data if it is necessary and proportionate in order to:

  • Avoid obstruction of an official or legal inquiry, investigation or procedure;
  • Avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
  • Protect public security;
  • Protect national security; or
  • Protect the rights and freedoms of others.

Where a limitation is in place the individual must be given an explanation of the reasons, unless providing this information undermines the purpose of imposing the restriction.

The right to rectification- Under Article 16 of the GDPR, individuals have the right to have inaccurate or incomplete personal data rectified. Staffordshire Police can refuse this request where it is necessary and proportionate or relates to 'relevant personal data', i.e. to avoid obstructing an official or legal inquiry, investigation or procedure, or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above. 

The request must be processed within one month, or three months in complex cases. Where a request is refused the individual must be notified and where no action is taken individuals have the right to be informed of how to seek a judicial remedy.

The right to erasure- Under Article 17 of the GDPR, individuals have the right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
  • When the individual withdraws consent;
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing with the processing;
  • When the personal data was unlawfully processed;
  • When the personal data has to be erased in order to comply with a legal obligation;
  • When the personal data is processed in relation to the offer of information society services to a child

Staffordshire Police can refuse this request where it is necessary and proportionate or relates to 'relevant personal data', i.e. to avoid obstructing an official or legal inquiry, investigation or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above.  The erasure of personal data relating to criminal offences cannot be considered until its full period of retention has been reached (as detailed in the National Retention and Disposal Schedule which has been adopted by Staffordshire Police).

The right to restrict processing- Under Article 18 of the GDPR, individuals have the right to restrict the processing of personal data, for example, if an individual believes that the data is incorrect but it is not possible to confirm the accuracy of the data.  Staffordshire Police can refuse this request where it is necessary and proportionate or relates to 'relevant personal data', i.e. to avoid obstructing an official or legal inquiry, investigation or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties, as detailed above.

Where a request is received the individual must be informed in writing as to whether Staffordshire Police have granted the request; and if it has been refused, the reasons why.

The right to data portability - not applicable to law enforcement processing

Under Article 20 of the GDPR, individuals have the right to data portability which allows individuals to obtain and reuse their personal data for their own purposes across different service.  It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without hindrance to usability.  The personal data must be provided in a structured, commonly used and machine readable form.  The information must be provided free of charge.

The right to object - not applicable to law enforcement processing

Under Article 21 of the GDPR, individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), and processing for purposes of scientific research and statistics.

Rights in relation to automated decision making including profiling- Under Article 22 of the GDPR, individuals have the right to object to decisions made about them on the basis of automated processing including profiling, where those decisions have legal or other significant effects.  This includes processing where there is no human intervention, for example where automated processes are used to sift recruitment applications.  

An individual has the right to withdraw their consent - This does not apply to offenders or suspected offenders as the processing is necessary to perform a task within the public interest without their consent being given.  This does apply to victims who have consented to their personal data being processed i.e. victim services, this consent can be withdrawn at any time by contacting the Staffordshire Victim Gateway:

help@staffsvictimsgateway.org.uk

Telephone: 0330 0881 1339

Individuals have the right to complain to the Information Commissioner's Office if they believe that they are/have been adversely affected by the handling of personal data by Staffordshire Police.  Such complaints should be made direct to the Information Commissioner:

                           www.ico.org.uk

                           The Information Commissioner's Office,

                           Wycliffe House,

                           Water Lane,

                           Wilmslow,

                           Cheshire,

                           SK9 5AF

                           Telephone: 0303 123 1113         


[4]'Relevant personal data' means personal data contained in a judicial decision or in other documents relating to the investigation or proceedings which are created by or on behalf of a court or other judicial authority.  Access to 'relevant personal data' is governed by the appropriate legislation covering the disclosure of information in criminal proceedings, such as (in England and Wales) the Criminal Procedure and Investigations Act 1996.

10. How Long Does Staffordshire Police Retain Personal Data?

Staffordshire Police keeps personal data for as long as is necessary for the particular purpose or purposes for which it is held.

Personal data which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the agreed national retention periods which are subject to periodic change.

Other records containing personal data relating to intelligence, digital media, custody, crime, firearms, child abuse investigations, and domestic violence will be retained in accordance with the NPCC endorsed guidance on the Management of Police Information (MoPI) 2006, (this can be found on the College of Policing's website www.app.college.police.uk)and the National Retention and Disposal Schedule, (this can be found on the National Police Chief's Council website www.npcc.police.uk). Staffordshire Police have adopted this Retention and Disposal Schedule and this is available at www.staffordshire.pnn.police.uk.

11. Monitoring

Staffordshire Police may monitor or record and retain telephone calls, texts, emails and other electronic communications to and from the force in order to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist the purposes described under section 1 above.  

Staffordshire Police does not place a pre-recorded 'fair processing notice' on telephone lines that may receive emergency calls (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.

12. Cookies

Staffordshire Police use a number of different cookies on our website, a list of these and a full cookie policy can be found on our website www.staffordshire.police.uk/1759

13. Contact Us

Any individual with concerns over the way that Staffordshire Police handles their personal data or for further details on any of the above may contact the Data Protection Officer (DPO) as below:

Email: rightofaccess@staffordshire.pnn.police.uk