Website forms and social media – Privacy notice
Published: 6 February 2020
Review date: 6 February 2021
Policy owner: Data Protection Officer
The Police, Fire and Crime Commissioner for North Yorkshire (the Commissioner), is committed to protecting your personal information.
This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given to us.
We may need to make changes to our Privacy Notice, so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we will contact you to let you know
- Who are we?
- Your personal data – what is it?
- The data we may collect about you
- What is the legal basis for processing your personal data?
- Sharing your personal data
- How long do we keep your personal data?
- How do we keep your information secure
- Your rights and your personal data
- Further processing
- Changes to this notice
Who are we?
This Privacy Notice is provided to you by the Police, Fire and Crime Commissioner, which is the data controller for your data.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual (e.g. a list of staff may contain personnel ID numbers rather than names but if you use a separate list of the ID numbers which give the corresponding names to identify the staff in the first list then the first list will also be treated as personal data). The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
The data we may collect about you
Personal Data that we may collect includes:
- Name, Address and any other contact details such as email address and telephone numbers, gender and marital status
- Information about your phone, laptop, and how you use our website
What is the legal basis for processing your personal data?
If you chose to use the Police, Fire and Crime Commissioner’s website or contact the Commissioner through the use of a webform or social media, we may continue to process your information to the following reasons:
- To meet a legal requirement such as using the information gathered for fraud prevention or detection
- To meet our legitimate interests to improve our website and set default options for you.
On the 25 May 2011 amendments were made to The Privacy and Electronic Communications Regulations 2003 regulations, which require businesses and organisations running websites in the UK to get consent from visitors to their website in order to store cookies on user’s computers.
For information about the cookies collected on our website and how to block them visit our Cookies page.
The Commissioner will comply with data protection law. This says that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
Sharing your personal data
We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or information sharing agreement in place to ensure that the requirements of the GDPR on handling personal information are met.
There are also occasions were we may be required to share your information with other organisations.
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so.
We will delete any personal information stored on our website through the submission of our online form, every 30 days.
Copies received by the office will be kept in line with our retention policy.
We do not keep a log of enquiries and posts made through social media, however, if you make a complaint this may be logged in line with our complaints policy and procedure to investigate and provide a response.
Any use of social media in your control, such as sending us a tweet, you will be able to delete. Any direct messages sent to us will be deleted after 30 days from the last communication.
In relation to Facebook, we will not as a matter of course delete anything posted to our page unless it contains inappropriate content.
How do we keep your information secure
We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we hold about you. These include:
- Secure work areas
- Information security awareness for our staff
- Access controls on all systems
- Encryption of personal data
- Testing, assessing and evaluating the effectiveness of technical security controls
Your rights and your personal data
You have the following rights in relation to your personal data:
- Right to be informed
- Right to Access
- Right to Request Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights Relating to Automated Decision Making
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this notice
We keep this Privacy Notice under regular review.
Updated: 06 February 2020
PCC to PFCC