Quickly exit this site by pressing the Escape key Leave this site
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
On the 25 May 2018 the UK produced its third generation of data protection law. This is the same date as the General Data Protection Regulation (GDPR).
The new data protection law applies the UK's GDPR standards for the processing of data considered as 'general data', this is data which is processed for a reason not involving law enforcement or national security. How organisations should process 'general data' can be found in the UK GDPR and Part 2 of the Data Protection Act 2018.
The processing of data for law enforcement purposes can only be done by an organisation which is considered as a 'competent authority'. Law enforcement purposes are 'the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security'. The description of a 'competent authority' is laid down in data protection law, and includes but is not limited to, organisations such as police forces, the Financial Conduct Authority and the Information Commissioner. How organisations should process data for 'law enforcement purposes' can be found at Part 3 of the Data Protection Act 2018.
This Privacy Notice explains how and why Cleveland Police process your personal data, under Part 2, 'general data' and Part 3 'law enforcement data' and the steps we take to keep your information safe. It also describes your rights in regard to your personal information and how to complain to the Information Commissioner if you have concerns as to how we have handled your data.
Cleveland Police is a police force who has a responsibility for policing the area of the former county of Cleveland in the north east of England.
The Chief Constable of Cleveland Police is the 'Data Controller' and as such has overall responsibility for the lawful processing of all personal data processed by the force. He is assisted by the 'Data Protection Officer' who provides advice and guidance in relation to data protection law. Our data protection registration number is Z4883256 which is renewed each year.
The Chief Constable
Cleveland Police
Shared Service Centre
St Mark’s House
St Mark’s Court
Thornaby
Stockton on Tees
TS17 6QW
Data Protection Officer
Cleveland Police
Shared Service Centre
St Mark’s House
St Mark’s Court
Thornaby
Stockton on Tees
TS17 6QW
Cleveland Police process personal information for a variety of reason which are not related to law enforcement.
For example we process personal data for the following 'lawful purposes' to:
In order to carry out the purposes described above Cleveland Police may obtain, use and disclose personal information relating to a wide variety of individuals including:
The type of personal information we hold will vary depending upon the reason you have had contact with us but it may include:
We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or a photograph.
To carry out the purposes we have described we may obtain personal information from a wide variety of sources, including:
We handle personal information according to the requirements of the UK GDPR and Part 2 of the UK Data Protection Act 2018, which applies the UK’s standards for the processing of data considered as 'general data'. Your personal information, held on our systems and in our files, is secure and is accessed by our staff, police officers, contractors and data processors working on our behalf, outsourced providers in accordance with their contract and volunteers when required to do so for a lawful purpose.
We will ensure that your personal information is handled fairly and lawfully. We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy, is not excessive and is kept as up to date as possible and is protected appropriately. We will regularly review to ensure it is still required and is lawful for us to continue to retain it and when no longer required for any purpose detailed in this notice, we will securely destroy it.
We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.
We will respect your information rights under the Act.
To carry out the purposes described Cleveland Police may disclose personal information to a wide variety of recipients including those from whom personal data is obtained. This may include:
Cleveland Police will also disclose personal information to other bodies or individuals when required to do so, this could be under an act of legislation, by a rule of law, or by court order. This may include:
Cleveland Police may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.
Where you have provided your personal data to us for the purposes of the police constable recruitment process, your data, including biographical monitoring information, will be shared with the College of Policing.
It will be stored on their secure network or within their Assessment Information Management System (AIMS). From this information, your name, email address and candidate reference number will be uploaded to the new online assessment platform for constable recruitment and shared with the third party provider hosting the system in order to progress your application virtually.
Cleveland Police takes the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.
We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include, but are not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers, staff and partner agencies staff is only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings security to ensure they are secure. Our systems meet appropriate industry and government security standards.
We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal information contained within them. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.
Cleveland Police keeps your personal information as long as is necessary for the particular purpose or purposes for which it is held.
Records that contain your personal information processed for 'general data' purposes will be managed in accordance with the Forces Retention Schedule.
A key area of change in the new Data Protection Act relates to individuals’ rights, the law refreshes existing rights by clarifying and extending them and introduces new rights.
However your information rights will be dependent on the reason why and how the data was collected and why it is being used.
Your information rights in relation to personal data considered as 'general data' are:
Right to be Informed. This places an obligation upon Cleveland Police to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.
We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation.
Right of Access. This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.
Right to Request Rectification. You are entitled to have personal data rectified if it is inaccurate or incomplete.
Right to Erasure. The right to erasure is also known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing. Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, organisations are permitted to store the personal data, but not further process it.
Right to Data Portability. The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
Right to Object. Individuals have the right to object to:
Rights Relating to Automated Decision Making. Automated individual decision making and profiling is a decision made by automated means without any human involvement.
Should you wish to learn more about your information rights or how to make Information Rights Request please follow the appropriate link:
Information Rights:
Make an Information Rights Request
Cleveland Police have a statutory duty to uphold the law, prevent crime, bring offenders to justice and protect the public. To do this it is necessary for us to process your personal information under the lawful basis of ‘public interest’ and ‘official authority’. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.
The Administration of Justice includes:
In order to carry out the purposes described above, Cleveland Police may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to:
In order to carry out our statutory responsibility we will process varying types of personal data, this includes:
We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes. Personal information can be information that is held on a computer, in a paper record such as a file or images, but it can also include other types of electronically held information such as CCTV images.
The data we process for law enforcement purposes come from a wide variety of sources, including:
There may be times where we obtain personal information from sources such as other police services and our own police systems such as our crime reporting system known as NICHE.
We handle personal information according to the requirements of Part 3 of the Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a 'need to know' basis by our staff, police officers, or data processors working on our behalf.
We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public.
We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.
We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.
To enable Cleveland Police to meet their statutory duty we may be required to share your data with other organisations that process data for a similar reason, in the UK and/or overseas, or in order to keep people safe. These organisations include:
Disclosures of personal information is considered on a case-by-case basis, using only the personal information appropriate to a specific purpose and circumstances, and with necessary controls in place.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.
Cleveland Police will also disclose personal information to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order.
This may include:
Cleveland Police takes the security of all personal information under our control very seriously. We will comply with the relevant parts of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.
We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include, but are not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers and staff, are only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings security to ensure they are secure. Our systems meet appropriate industry and government security standards.
We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal information contained within them. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.
Cleveland Police keeps your personal information as long as is necessary for the particular purpose or purposes for which it is held. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer.
Other records that contain your personal information and which was processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information, MoPI, and Cleveland Police Record Retention Policy.
A key area of change in the new Data Protection Act relates to individuals’ rights, the law refreshes existing rights by clarifying and extending them and introduces new rights.
However your information rights will be dependent on the reason why and how the data was collected and why it is being used.
Your information rights in relation to your personal data processed for law enforcement purposes are:
Right to be Informed. This places an obligation upon Cleveland Police to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.
We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation.
Right of Access. This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions.
Right to Request Rectification. You are entitled to have personal data rectified if it is inaccurate or incomplete.
Right to Erasure and Right to Restriction. You have the right to request the deletion or removal of your personal data and/or the right to ‘block’ or restrict the processing of your personal data where there is no compelling reason for its continued processing.
Rights Relating to Automated Decision Making. Automated individual decision making and profiling is a decision made by automated means without any human involvement.
Should you wish to learn more about your information rights or how to make an Information Rights Request please use the following links:
Individuals have the right to request rectification or erasure of their personal information as per the UK Data Protection Act 2018. There are separate processes in place for nationally and locally held records:
Should you wish to apply for the deletion of any data held nationally on the Police National Computer (PNC), National Fingerprint Database (IDENT1) and the National DNA Database (NDNAD), you will need to do so via the ACRO Records Deletion Process.
Information on eligibility and how to apply can be found on the ACRO website.
You may be eligible to apply for the deletion of a custody image in line with the College of Policing’s Authorised Professional Practice for the Management of Police Information.
You are eligible to request deletion where:
For further details of how to make such a request, see below method for the rectification and erasure of your personal information.
If you wish to request the rectification or erasure of your personal information, you may do so by contacting the Information Management Unit:
In your application please include as much detail as possible as to what information your request relates to, and why you are requesting rectification/erasure. You will also need to submit copies of photographic identity and proof of address before any requests are processed. Once we have received confirmation of your identity and sufficient information to allow us to process your request, we will respond within one month.
Should your request be refused, we will explain why and inform you of your right to appeal to the Head of Information Management at Cleveland Police, and to complain to the Information Commissioner.
If you wish to make a complaint about the way Cleveland Police have handled your personal data, you may email the Data Protection Officer, or you may raise your complaint with the Information Commissioner’s Office.