Privacy Notice – Updated to comply with the General Data Protection Regulation
This privacy notice explains what you can expect when the Office of the Police, Crime and Victims Commissioner (OPCVC) collects and processes your personal information.
The Police and Crime Commissioner (PCC) is a public authority, established in legislation through the Police Reform and Social Responsibility Act 2011. For the purposes of this notice, the term PCC is used to encompass the person elected as the Police, Crime and Victims’ Commissioner and any staff authorised to work for or on their behalf or under their direction and control (i.e. the OPCVC).
The OPCVC obtains, holds, uses and discloses personal information for two broad purposes:
- The remit and power of the PCC, which includes rendering assistance to the public in accordance with OPCVC policies and procedures; and any duty or responsibility of the PCC arising from common or statute law.
- The provision of services to support the remit of the PCC.
Here at OPCVC we take our responsibilities to protect your privacy very seriously and recognise our responsibility to handle, manage and secure your data appropriately and legally. We operate in compliance with the European General Data Protection Regulation (GDPR) and Data Protection Act 2018 (UK).
The PCVC is the Data Controller for the personal data we collect from members of the public, voluntary and community sector organisations, private and public authorities, recipients of funding and services that we commission.
The OPCVC is registered with the Information Commissioner's Office (Z3439263).
You have the following rights regarding your privacy and your personal data:
- To be informed and understand how your data will be used, secured and managed.
- To access your personal data we hold about you and understand how we process it.
- To have your data kept accurate and up to date and to be disposed of securely when no longer required.
- In some circumstances, restrict our processing of your data, and or to request we erase your personal data where this is appropriate.
- To object to our processing or withdraw previously given consent.
Information Handling and Sharing
We take the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security.
Handling Personal Information
- We handle personal information in accordance with data protection law. Your personal information held on our systems and in our files is secure and is accessed by our staff, contractors working on our behalf, outsourced providers in accordance with their contract and volunteers when required to do so for a lawful purpose.
- We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes.
- We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, adequacy, not excessive is kept as up to date as possible and is protected appropriately.
- We will regularly review any personal information to ensure it is still required and is lawful for us to continue to retain it and when no longer required we will securely destroy it.
- We will respect your individual rights under the law.
- We will store this information on computers, mobile devices and in paper records.
- Data Protection Policy (GDPR)
Sharing Personal Information
- We will only share your personal information when we are permitted to or are required to by law or we have your consent to do so as required by data protection law.
- We do not pass personal data to other organisations for marketing purposes without your consent.
- Your personal information may be processed by an external service provider acting on our behalf to provide services.
We will keep your personal information as long as is necessary for the particular purpose or purposes for which it is held. This is set out in our Records Retention and Disposal Policy.
Record Retention and Disposal Policy
Record Retention and Disposal Policy Appendix
GDPR Legal Basis for Processing Information
The legal basis for our use of your information will vary depending on the particular circumstance. These are some examples:
- Art 6.1(a) Consent if you have given your consent that we can process your personal information for a particular purpose;
- Art 6.1(b) Contractual Requirement if your personal information is necessary for the performance of a contract;
- Art 6.1(c) Legal Obligation if your personal information is necessary for compliance with a legal obligation;
- Art 6.1(e) Public Task if your personal information is necessary for the performance of public interest tasks;
- Art 6.1(f) Legitimate Interest if your personal information is necessary for the legitimate interests of the data controller or a third party.
Concerns or Complaints
If you have concerns or a complaint about how we handle your data please contact us and we will try to resolve the issue.
If you remain unhappy with how we have resolved your concern or complaint you have the right to contact the Information Commissioner's Office for an independent review. ICO contact details are below:
The Information Commissioner's Office,
Helpline number: 0303 123 1113
If you have any questions or concerns about this Privacy Statement or how we handle your personal data, please contact us:
Data Protection Officer
Office of the Police, Crime and Victims’ Commissioner for Durham
0191 375 2001
Changes to this Privacy Notice
We keep this privacy notice under regular review. This privacy notice was last updated on 21st October 2019.