Your personal data - Data Privacy Notice 2018

The Chief Constable of Kent Police is registered with the Information Commissioner as a ‘Data Controller’ for the purposes of the Data Protection Act 2018 (‘the Act’). He ensures that Kent Police handles all personal data in accordance with the Act.

Kent Police takes its responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence in the force.

You can contact the Chief Constable, or Kent Police’s Data Protection Officer at the following addresses: Chief Constable, Kent Police, Sutton Road, Maidstone, Kent, ME15 9BZ or Data Protection Officer, Information Security and Governance Department, Kent Police Headquarters, Sutton Road, Maidstone, ME15 9BZ.

How we use your data

Reporting a crime or other contact

Categories of data

We collect Personal data such as names and addresses.  This is to ensure that you're contactable, and if you need to contact us again we can determine your identity.

In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we'll explain to you why it's necessary.

Kent Police will ensure the personal data it collects is kept to a minimum, and is necessary for the processing purpose. We may also receive information from other sources in relation to you.  These are usually our partners in law enforcement, or organisations providing social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, to prevent and detect crime, and together with our partners, to protect vulnerable people.

For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest. This means data about your ethnicity, religion, health, or other sensitive data will only be processed if your welfare, or the welfare of others is at risk.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable.
Therefore if you, or a person you're contacting Kent Police about, are considered vulnerable, or in need of support, we may share your data with partners such as Councils, Health organisations, and victim support services.

We also share information with partners if the sharing is necessary because we are carrying out a specific task in the public interest.
Therefore if you are reporting issues that are suited for referral to other agencies, such as weather related emergencies i.e. trees down and flooding, we will pass your contact details to the relevant authority who may contact you for further information.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Victim

Categories of data

We collect Personal data such as names and addresses. In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we will explain to you why it is necessary.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Kent Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose.

Kent Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police has a legal obligation to process personal data to ensure compliance under the Victim Code and the National Crime Recording Standard.

For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable. We therefore may share your data with partners such as Councils, Health organisations, and victim support services.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Witness

Categories of data

We collect Personal data such as names and addresses. This is to ensure that you are contactable, and that if you need to contact us again we can determine your identity.

In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we will explain to you why it is necessary.

Kent Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Kent Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately. For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable.

Therefore if you, or a person you are contacting Kent Police about, are considered vulnerable, or in need of support, Kent Police may share your data with partners such as Councils, Health organisations, and victim support services.

We also share information with partners if the sharing is necessary because we are carrying out a specific task in the public interest.

Therefore if you are reporting issues that are suited for referral to other agencies, such as weather related emergencies i.e. trees down and flooding, we will pass your contact details to the relevant authority who may contact you for further information.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.
Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Suspect

Categories of data

We collect Personal data such as names and addresses. We also collect Sensitive (Special Category) Personal Data such as:

  • medical conditions for your safety, and that of our officers and staff
  • biometrics to assist in identification and possibly elimination from our enquiries
  • ethnic origin to enable us to monitor our approach to diversity and fulfil our duties to the Home Office regarding statistics reporting
  • any previous offences or convictions (under Article 10 of GDPR).

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Kent Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Kent Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, and public safety is maintained.

For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

Our priorities include protecting the public from harm, protecting the most vulnerable and tackling crime and antisocial behaviour.

Therefore if you are considered vulnerable, or in need of support, even if it not connected with your offending behaviour, Kent Police may share your data with partners such as Councils, Health organisations, and specialist support services.

If we consider that you are a risk to others we may share your offending history and other details with your employer (Disclosure and Barring Checks/DBS), other police forces and other law enforcement agencies to prevent and detect crime.

We may also share your data with government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Offender

Categories of data

We collect Personal data such as names and addresses. We also collect Sensitive (Special Category) Personal Data such as:

  • Medical conditions for your safety, and that of our officers and staff;
  • Biometrics to assist in identification and possibly elimination from our enquiries;
  • Ethnic origin to enable us to monitor our approach to diversity and fulfil our duties to the Home Office regarding statistics reporting;
  • Any previous offences or convictions (under Article 10 of GDPR).

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Kent Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Kent Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, and public safety is maintained.

For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

If you are considered vulnerable, or in need of support, even if it not connected with your offending behaviour, Kent Police may share your data with partners such as Councils, Health organisations, and specialist support services.

This supports the Kent Police priorities of protecting the public from harm and protecting the most vulnerable, and tackling crime and antisocial behaviour.

If we consider that you are a risk to others we may share your offending history and other details with your employer (Disclosure and Barring Checks/DBS), other police forces and other law enforcement agencies to prevent and detect crime.

We may also share your data with government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Employee

Categories of data

We collect Personal data such as names and addresses, next of kin, telephone numbers, and bank details. We also collect Sensitive (Special Category) Personal Data such as:

  • Medical conditions to assist in supporting officers and staff, and to ensure that reasonable adjustments can be made;
  • Sexual orientation and marital status (sex life), religion, and ethnicity to fulfil our responsibilities in regards to equalities monitoring.
  • Trade Union membership to enable officers and staff to engage in collective bargaining, and to be supported during any process within the force.
  • Any previous offences or convictions (under Article 10 of GDPR) to prevent or monitor misconduct.

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead.

Kent Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose.

Kent Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Kent Police will only process data relating to employees in order to fulfil our duties as an employer, or where we have a legal obligation to process personal data to prevent or detect misconduct.

For processing special category data, Kent Police relies on the provisions under article 9 of obligations in the field of employment, or to establish, exercise, or defend legal claims, or where there is substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

For the most part, Kent Police will not share your data unless you consent, for instance if you are seeking a reference, or transferring to another employer.

If we consider that you are a risk to others we may share misconduct or discipline records with your new employer (Disclosure and Barring Checks/DBS), other police forces or government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Retention

Kent Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Kent Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

We also retain your data in line with the legal requirements under the Policing Act 2017, and employment law.

On camera

Categories of data

Kent Police does use visible surveillance camera systems.  These images are considered to be biometric information, which is considered to be special category personal data.

Your rights

Find out more about accessing or changing your information or challenging the information held.

Your subject access rights (to 'locally held' information)

You have a right to be told whether any information is held about you and a right to a copy of that information, unless certain exemptions apply, within 30 calendar days upon receipt of a fully completed form and proof of identity.

There is no legislative requirement for you to complete the form, but doing so will ensure that we have the details required to fulfil your request, as well as the required identification verification, and these will ensure that your request is dealt with as quickly as possible.

Further information about the subject access process is available on our website at (web address) or by contacting the Data Protection Officer.

Advice and assistance

Should you require advice and guidance in completing the application or in respect of appropriate identity documents, please contact staff at the above address by telephone on 01622 652610.

Due to the Data Protection Act 2018, Kent Police will be unable to provide you with information contained on police systems over the telephone or by email prior to completion of your request.

Information you will not receive

This guidance is for the use and completion of applications for information held by Kent Police i.e. ‘locally held’ personal information only.
This application form is not for use for the following purposes:

  1. Applying only for data held on the Police National Computer (PNC).
  2. Applying only for a police certificate for the visa or emigration purposes for specific countries.

For guidance and application forms for these purposes please refer to the information on the ACRO website https://www.acro.police.uk/

If you require a disclosure for employment purposes, and you live in England, Scotland or Wales, please contact Disclosure Scotland via their website.  If you live in Northern Ireland please contact ‘Access NI’ via their website.

Certain employers and organisations such as recruitment agencies may attempt to exploit the subject access process by requiring individuals to use it to obtain a copy of their criminal convictions (or evidence that there is nothing held) as part of recruitment or continuing employment processes.

This practice is known as enforced subject access as covered by the Data Protection Act 2018. It is a criminal offence for a current or prospective employer or recruitment agency to require an individual to make a subject access request as a condition of employment or for the provision of goods or services.  They should instead be using the existing formal criminal records check arrangements operated by the Disclosure and Barring Service, Disclosure Scotland or Access Northern Ireland.

The Chief Constable's rights

The provisions of the Data Protection Act mean that in certain circumstances some personal data will not be provided.

For example you will not be provided with personal data if releasing it to you would be likely to prejudice a criminal investigation, and we may not provide you with information that identifies other individuals.

The information you provide on this form will be used for processing your request and for any other policing purpose.

Your right to change incorrect information

Under Article 16 you have the right to request that we rectify inaccurate personal data concerning yourself, without undue delay.  You may also request that we make incomplete personal data complete.

If we agree that the data is inaccurate or misleading we have a responsibility to notify any organisation or person, that we have shared that data with, that you have made the request and that we have agreed.

Can my data be corrected?

You data can be corrected when;

  • we have recorded any of your personal data incorrectly
  • your details have changed
  • we were provided with incorrect data from someone, or somewhere else
  • we have recorded information against your name that refers to someone else.

Your data cannot be changed when;

  • the investigation or prosecution is live, and any corrections will compromise the case
  • it is a malicious or false allegation
  • an individual has said something about you that you disagree with
  • you have deliberately provided false details in order to escape detection.

Information security

Kent Police operates through intelligence led policing and so depends on information, and also the systems that the information is processed on.

The protection of information stored in manual and electronic systems is essential to the operation of the organisation and Kent and Essex Police must demonstrate compliance with National Policing Information Risk Management Team (NPIRMT) and Community Security Policy (CSP) for any existing or proposed information processing, regardless of where it comes from. 

Other industry standards are also used where appropriate to ensure the protection of personal information is a priority, FIPS-140, ISO/27001, NIST, COBIT-5 and National Cyber Security Centre standards.

Electronic and digital security for new or existing systems which use or manage police information adhere to the Kent and Essex Police Baseline Security Requirement. 

Organisational policy and procedures ensure the protection of police information and the controlled access to it.   The design, operation, use and management of the technology must comply with statutory, regulatory, and contractual security requirements.  

Technical safeguards are enforced within the Kent and Essex Police infrastructure such as firewalls, data encryption, end point detection and response solutions, protective monitoring, segregation of data and role based authorised system access.  Physical access controls to our buildings and files require authorised and appropriate access and are overseen by security cameras.

Glossary of terms

Data Controller - A controller determines the purposes and means of processing personal data. A Controller has an obligation to ensure contracts with processors comply with the GDPR.

Data Processor - A processor is responsible for processing personal data on behalf of a controller. The GDPR places specific legal obligations on processors; for example, they are required to maintain records of personal data and processing activities, and will have legal liability if they are responsible for a breach.

Personal Data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Anonymised personal data Personal data that has been anonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Sensitive personal data (Special category data) - The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).
This is because special category data is more sensitive, and so needs more protection. For example, information about an individual’s:

  • race
  • ethnic origin
  • politics
  • religion
  • trade union membership
  • genetics
  • biometrics (where used for id purposes)
  • health
  • sex life or
  • sexual orientation.

Processing - Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including –
(a) organisation, adaptation or alteration of the information or data,
(b) retrieval, consultation or use of the information or data,
(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or
(d) alignment, combination, blocking, erasure or destruction of the information or data