Office of the Police and Crime Commissioner for Thames Valley
The Office of the Police and Crime Commissioner (OPCC) complies with data protection law (the General Data Protection Regulation 2018) and is a registered data controller (registration no.Z3329333). We are committed to keeping your personal information accurate and up to date and we will not keep your information longer than necessary.
This Privacy Notice explains how we use your personal information and the ways in which we protect your privacy. Personal information is any information which relates to an individual, such as names, addresses, medical conditions, ethnicity, political opinions and criminal convictions.
This Privacy Notice applies to all personal data collected for, or on behalf of, the OPCC. This includes information collected by letter, email, face-to-face, telephone or online.
You may also receive a Privacy Notice specific to the service you are receiving.
By using our website and engaging with us by any means, you agree to accept this Privacy Notice which may be reviewed from time-to-time so please refer back to this Privacy Notice each time you submit personal data to us.
Why do we process personal information?
The Police and Crime Commissioner (PCC) is a public authority, established in legislation through the Police Reform and Social Responsibility Act 2011. For the purposes of this Privacy Notice, the term ‘PCC’ is used to encompass the person elected as the PCC and any staff authorised to work for or on their behalf or under their direction and control (i.e. the OPCC).
The PCC obtains, holds, uses and discloses personal information for two broad purposes:
1. To discharge the remit and powers and duties of the PCC includes rendering assistance to the public in accordance with PCC policies and procedures; and any duty or responsibility of the PCC arising from common or statute law.
2. The provision of services to support the remit of the PCC - including:
- Management of public engagement and communications, media relations, social media, advertising and website maintenance
- Financial management, accounts and administration
- Police Property Act Fund (PPAF) grant awards
- Internal audit
- OPCC staff recruitment, training and development, staff administration, occuptational health and welfare
- Management of complaints from members of the public
- Management of OPCC information technology systems
The legal basis for our use of your information will vary depending on the particular circumstance. These are some examples:
- Contract: The use of your personal information could be necessary for the performance of a contract.
- Public task: The use of your personal information could be necessary for the performance of public interest tasks or in the exercise of official authority vested in the PCC e.g. in relation to Independent Custody Visiting Scheme or grant applications.
- Legal obligation: The use of your personal information could be necessary for compliance with a legal obligation, e.g. as an employer we need to process personal data to comply with the legal obligation to disclose employee salary details e.g. to Her Majesty’s Revenues and Customs (HMRC); use of ethnicity data to comply with Equality legislation.
- Consent: If you give your consent, then we can process your personal information for that particular purpose.
- Vital interest: Lawful purpose for processing your data is necessary in order to protect the vital interests of you or another person, e.g. a danger to life.
Who do we share your personal information with?
The information we collect may be shared with other relevant organisations such as policing organisations (e.g.Thames Valley Police, Hampshire Constabulary), local authorities (e.g. County, Unitary, District and Parish Councils), other public services (e.g. NHS), ombudsmen and regulatory authorities (e.g. Independent Office for Police Conduct). Your personal information may be processed by an external service provider acting on our behalf to provide relevant services.
We will only share your personal information when we are permitted to do so or are required to by law, or we have your consent to do so as required by data protection law.
We do not pass personal data to other organisations for marketing purposes without your consent.
How do we handle your personal information?
We handle personal information in accordance with data protection law. Your personal information held on our systems and in our files is secure and is only accessed by our staff, contractors working on our behalf, outsourced providers in accordance with their contract and volunteers when required to do so for lawful purposes.
We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes.
We will strive to ensure that any personal information used by us or on our behalf is compliant with the 8 data protection principles:
- Must be fairly and lawfully processed.
- Must be processed for limited purposes.
- Must be adequate, relevant and not excessive.
- Must be accurate and up-to-date.
- Must not be kept for longer than is necessary.
- Must be processed in line with the data subjects’ rights.
- Must be secure.
- Must not be transferred to other countries without adequate protection.
We will respect your individual rights under the law.
How do we keep your personal information safe?
We take the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security.
We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include, but are not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our staff are only accessible by those holding the appropriate identification and means of access, and have legitimate reasons for entry. Audits of our buildings security are carried out to ensure they are secure and meet appropriate industry and government security standards.
Regular audits and inspections are carried out to protect our manual and electronic information systems from data loss and misuse, and only permit appropriate access to them when there is a legitimate reason to do so.
Emails that we send to you or you send to us may be kept as a record of contact. We may also store your email address for future use. If we need to email sensitive or confidential information to you, we will check that we are using the correct email address and may use additional security measures.
Under the General Data Protection Regulation you have certain rights:
- You have the right to be informed of collection or use of your data. This information can be found contained within this notice.
- You are entitled to request access to and a copy of any information we hold about you.
- If you find that the information that the OPCC holds about you is no longer accurate, you have the right to ask to have this corrected. We may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.
- In certain circumstances, you have the right to have your personal data deleted.
- You have the right to restrict the processing of your personal data in certain circumstances.
- You can ask us to stop processing your personal data in relation to any service from the OPCC. This may delay or prevent us delivering a service to you. We will try to meet your request but we may be required to hold or process information to meet our legal duties.
- You have the right to object to the processing of your personal data. You have an absolute right to object if it is for direct marketing purposes. You have the right to object in other certain circumstances but subject to limitations.
If you wish to exercise the above mentioned rights, please contact our Data Protection Officer using the details below. We will then respond to you within one month. If we are unable to comply with your request within the allotted timescale, we will inform you as to the reasons why, how your request will be progressed and your legal rights.
How long will you keep my personal information?
We will keep your personal information as long as is necessary for the particular purpose or purposes for which it is held. This is set out in our Records Retention and Disposal Policy.
Monitoring of communications
We may retain records of telephone calls, texts, emails and other electronic communications to and from our organisation to assist in the purposes we have described.
If you have any concerns about how we have handled your personal information you should contact our Data Protection Officer by either email, telephone or write to:
Data Protection Officer
Office of the Police and Crime Commissioner for Thames Valley
Thames Valley Police HQ (South)
Telephone: 01865 541948
Hours: Monday-Friday, 9.00am - 5.00pm
If you want to raise a concern with the Supervisory Authority
The Information Commissioner is the Independent Authority responsible within the UK for ensuring we comply with data protection legislation. If you have a concern about how we have used your personal information or you believe you have been adversely affected by our handling of your data, you may wish to contact them using the information below:
The Information Commissioner’s Office
Telephone: 0303 123 1113
Further information about the ICO can be found here.