Privacy notice

Published: 6 February 2020
Review date: 6 February 2021
Policy owner: Data Protection Officer

The North Yorkshire Police, Fire and Crime Commissioner (the Commissioner), is committed to protecting your personal information.

This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given to us.

We may need to make changes to our Privacy Notice, so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we will contact you to let you know

This version of our Privacy Policy was last updated on 6 February 2020.

 

Who are we?

This Privacy Notice is provided to you by the Police, Fire and Crime Commissioner, which is the data controller for your data.

Your personal data – what is it?

“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address).  Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual (e.g. a list of staff may contain personnel ID numbers rather than names but if you use a separate list of the ID numbers which give the corresponding names to identify the staff in the first list then the first list will also be treated as personal data).  The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.

The data we may collect about you

In order to meet our obligations, we may need to collect and process personal data about you. The type of data that may be collected by the Police, Fire and Crime Commissioner includes:

  • Name
  • Contact details such as email address, postal address and telephone number
  • Gender
  • Marital Status
  • Date and place of birth
  • Nationality
  • Employer, job title and employment history
  • Family details including their relationship with you

In some circumstances, the Police, Fire and Crime Commissioner may need to obtain ‘Special Categories of personal Data’ which attracts additional protection under the GDPR. These Special Categories includes:

  • Health
  • Criminal Convictions
  • Racial or Ethnic Origin
  • Political opinion
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation

What is the legal basis for processing your personal data?

The Police, Fire and Crime Commissioner may process for personal data for a number of reasons. For example, it may be processed the following lawful reasons:

  • Assist us in meeting our “Legal Obligations” as employers,
  • To manage “Contracts” with those who supply us with goods and services,
  • To help us support those who we come into contact with, which can be done by obtaining their “Consent”,
  • To perform tasks which are considered as being in the “Public Interest”.

Where the Police, Fire and Crime Commissioner need to process Special Categories of data, it will be lawful as:

  • Explicit Consent has been given, for example in relation to obtain health information.
  • It is in order to carry out the obligations and exercise specific rights as the Police, Fire and Crime Commissioner as data controller or you as the data subject in the field of employment.

Further information in relation to the use of consent can be found in the Consent statement. 

The Commissioner will comply with data protection law. This says that the personal data we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.

Sharing your personal data

We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or information sharing agreement in place to ensure that the requirements of the GDPR on handling personal information are met.

There are also occasions were we may be required to share your information with other organisations.

How long do we keep your personal data?

Personal Data is kept in kept in line with our retention policy. 

How do we keep your information secure

We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we hold about you. These include:

  • Secure work areas
  • Information security awareness for our staff
  • Access controls on all systems
  • Encryption of personal data
  • Testing, assessing and evaluating the effectiveness of technical security controls 

Your rights and your personal data

You have the following rights in relation to your personal data:

  • Right to be informed
  • Right to Access
  • Right to Request Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights Relating to Automated Decision Making

Find out more about your personal rights  

Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

Changes to this notice

We keep this Privacy Notice under regular review.

Last updated 6 February 2020
PCC updated to PFCC