This privacy notice is to make it easier to understand and provide you with more information about how Kent Police may seek to collect and hold information about you in relation to the unprecedented challenges we are all facing during the COVID-19 pandemic (COVID-19). Kent Police may seek to collect and process your personal data, in response to the recent outbreak of COVID-19, which is above and beyond what would ordinarily be collected.

Please note: A specific privacy notice for Kent Police employees only, relating to COVID-19, is available on the Kent Police Information Management intranet page.

Introduction

This specific privacy notice has been created to make it easier for you to understand what personal data Kent Police processes about you, how and why it will be used in connection with the COVID-19 pandemic (Operation Iowa). It is a requirement of the Data Protection Act 2018 (DPA).

It is subordinate to, and should be read in conjunction with, the force's high-level privacy notice.

The high-level privacy notice provides you with complete details of the rights you have relating to the personal data Kent Police hold about you now and any personal data Kent Police might collect about you in the future.

If you require this specific privacy notice in Braille or in another language please contact the force’s data protection officer.

Privacy information

Who is the Controller (the person who determines the purpose and means by which your personal data is processed) and what are their contact details?

The Controller is:

Chief Constable of Kent Police
Kent Police Headquarters
Thames Way
Northfleet
Gravesend
Kent
DA11 8BD

DPA Article 13(1)(a) and Article 14(1)(a)

What are the contact details of Kent Police’s Data Protection Officer?

Data protection officer
Information Management
Kent Police
Coldharbour
London Road
Aylesford
ME20 7SL
Email: [email protected]

DPA Article 13(1)(b) and Article 14(1)(b)

What personal data of mine will be processed by Kent Police?

Personal data is being collected to enable forces to identify anyone they come into contact with through their policing tasks who are in any of the high risk categories and would be considered vulnerable and/or infected with COVID-19.

For what purpose(s) is my personal data intended to be processed by Kent Police?

For law enforcement purposes – defined as the prevention, investigation, detection or prosecution of criminal offences, the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, or the policing purpose.

Such information will be limited to what is proportionate and necessary, taking into account the latest guidance issued by the government and health professionals, in order to manage and contain the virus. It will enable the Chief Constable of Kent Police to effectively fulfil their functions to keep people safe, put contingency plans into place to safeguard those vulnerable and aid business continuity.

Whilst the provision of data cannot be mandated, you are strongly advised that it is in the best interests of all to provide this information so that Kent Police are able to take relevant steps to keep you and others safe.

The information will be managed in confidential manner. All information will be held securely and processed on a ‘need to know’ basis by only a limited number of people. If there is a need to disclose outside of this, the minimal amount of personal data will be used.

DPA Section 44(1)(c)

What is Kent Police’s legal basis for processing my personal data?

The General Data Protection Regulation requires specific conditions to be met to ensure that the processing of personal data is lawful. These relevant conditions are below:

Article 6(1)(d)

Is necessary in order to protect the vital interests of the data subject or another natural person.

Recital 46 adds that “some processing may serve both important grounds of public interest and the vital interests of the data subject as for instance when processing is necessary for humanitarian purposes, including for monitoring epidemics and their spread”.

Article 6(1)(e)

Is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Section 8(c) of the Data Protection Act sets out that such a task must be necessary for the performance of a function conferred on a person by an enactment or rule of law. The Police Reform and Social Responsibility Act 2011 provides that the Chief Constable may do anything which is calculated to facilitate or is conducive or incidental to the exercise of the functions of the Chief Constable.

The processing of special categories of personal data, which includes data concerning a person’s health, are prohibited unless specific further conditions can be met. These further relevant conditions are below:

Article 9(2)(i)

Is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health.

  • Schedule 1, Part 2(6) – is necessary for reasons of substantial public interest and for the purpose of a function conferred on a person by an enactment or rule of law; e.g. Health Protection (COVID-19) Regulations 2020 and COVID-19 Bill 2020
  • Schedule 1, Part 1(3) – is necessary for reasons of public interest in the area of public health, and is carried out by or under the responsibility of a health professional, or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law, e.g. governmental guidance published by Public Health England

Alternatively, Kent Police’s legal basis for processing your personal data will be based on its common law policing purpose of protecting life and property, preserving order, preventing the commission of offences, bringing offenders to justice, and any duty or responsibility of the police arising from common or statute law.

In terms of Section 35(2) of the DPA the processing is necessary for the performance of a task carried out for a law enforcement purpose by Kent Police or another competent authority.

DPA Section 44(2)(a) and Section 35(2)

Am I required to provide my personal data under a statutory requirement, or am I obliged to provide it?

Whilst the provision of data cannot be mandated, you are strongly advised that it is in the best interests of all to provide this information to the force so we are able to take relevant steps to keep you and others safe.

The information will be managed in a confidential manner. All information will be held securely and processed on a ‘need to know’ basis by only a limited number of people. If there is a need to disclose outside of this, the minimal amount of personal data will be used.

How long will my personal data be retained by Kent Police?

Kent Police will only keep your information for as long as it is necessary, taking into account government advice and the on-going risk presented by COVID-19. This data will be retained for at least the duration of the pandemic. At its conclusion, the Chief Constable will review whether further retention is still required, due to actions arising from the pandemic.

When the information is no longer needed for this purpose, it will be securely deleted.

DPA Section 44(2)(b)

Who could Kent Police disclose my personal data to?

Kent Police may disclose your personal data. There are various categories of recipient where the purpose surrounding the transfer is necessary, and the transfer of information complies with data protection legislation, including where there is a lawful basis. Some examples of recipient may be:

  • NOMS (National Offender Management Service)
  • healthcare professionals, including within Kent Police Custody Suites
  • ambulance service
  • NHS trusts (A&E services, for example)
  • county/borough/parish councils
  • other ‘competent authorities’
  • a ‘relevant authority’ – see S.115 Crime and Disorder Act 1998

DPA Section 44(2)(c)

What are my rights under the GDPR?

You have the following rights under the GDPR:

  • right to be informed
  • right of access
  • right of erasure
  • right to restriction of processing
  • right to data portability
  • right to object
  • right not to be subject of automated decision-making

Full details of those rights and how to exercise them can be found in Kent Police's high-level privacy notice. It can also be obtained from:

Public Disclosure Team
Kent Police
Coldharbour
London Road
Aylesford
ME20 7SL
Email: [email protected]

DPA Article 13(2)(b) and Article 14(2)(c)

Who can I lodge a complaint with if I am unhappy about the way my personal data is processed by Kent Police?

You may lodge a complaint with the Information Commissioner’s Office. Their contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

You may wish to initially raise any concerns with the data protection officer.

DPA Article 13(2)(d) and Article 14(2)(e)