Skip to content Quick exit
REPORT CRIME ONLINEEMERGENCY CALL 999
REPORT CRIME ONLINEEMERGENCY CALL 999

Privacy Notice - Printer friendly version

This privacy notice explains how and why Bedfordshire Police, Cambridgeshire and Hertfordshire Constabularies (BCH) process your personal data, under Part 2 , for general data and Part 3  for law enforcement data.

Print this Page

It also describes your rights in regard to your personal information and how to complain to the Information Commissioner if you have concerns with how we have handled your data.

Introduction to lawful data processing

As of 25 May 2018, the Data Protection Act 2018 became the new data protection law within the United Kingdom and the General Data Protection Regulation (GDPR) also became enforceable throughout the European Union (EU). 

The Data Protection Act 2018 applies the EU’s GDPR standards for the processing of data considered as general data, this is data which is processed for a reason not involving law enforcement or national security. How organisations should process general data can be found in Part 2 of the new law.

The processing of data for law enforcement purposes can only be done by an organisation which is considered as a competent authority. Law enforcement purposes are the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. The description of a competent authority is laid down in the Data Protection Act 2018, it includes but is not limited to, organisations such as police forces, the Financial Conduct Authority and the Information Commissioner. How organisations should process data for law enforcement purposes can be found at Part 3 of the law.

Data controllers

Bedfordshire Police, Cambridgeshire and Hertfordshire Constabularies are part of a strategic alliance which deliver joint capabilities through some collaborated units. The Chief Constables of Bedfordshire Police, Cambridgeshire and Hertfordshire Constabularies are Data Controllers for their respective forces, and as such have overall responsibility for the lawful processing of all personal data by their force.

The Data Protection Officer for BCH is Andy Gilks, who can be contacted using the details below.

Data Protection Officer for BCH Andy Gilks Director of Information Bedfordshire Police Headquarters Woburn Road Kempston Bedford MK43 9AX

Email: dataprotection@bedfordshire.pnn.police.uk

ICO Registration Number: Z4894869

Processing personal data

Bedfordshire Police, Cambridgeshire and Hertfordshire Constabularies (BCH) process personal information for a variety of reasons which are not related to law enforcement.

For example we process personal data for the following lawful purposes to;

  • assist us in meeting our legal obligations as employers,
  • manage contracts with those who supply us with goods and services,
  • help us support those who we come into contact with, which can be done by obtaining their consent, or due to our public task, this includes processes to improve the service we provide the public.

If there is a statutory or contractual obligation to provide data for a non-law enforcement purpose, you will be advised at the point of collection. For non-law enforcement processing this will usually only be in relation to recruitment or employment where the information is necessary in order to perform a contract or take steps at the request of the data subject, before entering a contract. If the necessary data is not provided it may affect your application or our ability to enter into a contract with you.

Personal information we hold

In order to carry out the purposes described above, BCH may obtain, use and disclose personal information relating to a wide variety of individuals including;

  • our staff, officers, volunteers, agents
  • temporary and casual workers
  • suppliers
  • complainants
  • correspondents
  • litigants and enquirers
  • relatives, guardians and associates of the individual concerned
  • advisers, consultants and other professional experts
  • victims (current, past and potential)
  • former and potential members of staff
  • pensioners and beneficiaries.

Types of personal information we process

The type of personal information we hold varies depending on the reason a person has had contact with us, but it may include;

  • your name and address
  • fingerprints, DNA or photograph
  • family, lifestyle and social circumstances
  • education and training details
  • employment details
  • financial details
  • goods or services provided
  • racial or ethnic origin
  • political opinions
  • religious or other beliefs of a similar nature
  • trade union membership
  • physical or mental health or condition
  • sexual life
  • offences and alleged offences
  • criminal proceedings, outcomes and sentences
  • sound and visual images
  • references to manual records or files
  • information relating to safety and health
  • complaint, incident, civil litigation and accident details.

We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system or as a paper record, such as in a physical file or a photograph.

Where we get personal information from

To carry out the purposes we have described, we may obtain personal information from a wide variety of sources, including;

  • HM Revenue and Customs
  • legal representatives
  • solicitors
  • courts
  • voluntary sector organisations
  • Independent Office for Police Conduct
  • Her Majesty’s Inspectorate of Constabulary
  • auditors
  • Police and Crime Commissioners
  • central government, government agencies and departments
  • relatives, guardians or other persons associated with an individual
  • current, past or prospective employers of the individual
  • healthcare, social and welfare advisers or practitioners
  • education, training establishments and examining bodies
  • business associates and other professional advisors
  • employees, officers and agents of BCH
  • suppliers/providers of goods or services
  • persons making an enquiry or complaint
  • financial organisations and advisors
  • credit reference agencies
  • survey and research organisations
  • trade union, staff associations and professional bodies
  • local government
  • voluntary and charitable organisations
  • Ombudsmen and regulatory authorities
  • the media.

How we handle personal information

We handle personal information according to the requirements of Part 2 of the UK Data Protection Act 2018, which applies the GDPR standards for processing of data considered as general data. Your personal information, held on our systems and in our files, is secure and is accessed by our staff, police officers, contractors and data processors working on our behalf, outsourced providers in accordance with their contract and volunteers when required to do so for a lawful purpose.

We will ensure that your personal information is handled fairly and lawfully.  We will strive to ensure that any personal information used by us or on our behalf is compliant in terms of accuracy, relevance, and adequacy, is not excessive and is kept as up to date as possible and is protected appropriately.

We will review to ensure it is still required and is lawful for us to continue to retain it and when no longer required for any purpose detailed in this notice, we will securely destroy it.

Who we share personal information with

To carry out the purposes described, BCH may disclose personal information to a wide variety of recipients, including those listed from whom personal data may have been gained. This may also include;

  • support services for victims and offenders
  • bodies or individuals working on our behalf such as IT contractors or survey organisations
  • local government
  • central government
  • Ombudsmen and regulatory authorities
  • the media
  • healthcare providers.

Disclosures of personal information outside of an already established contractual or legal obligation will be made on a case-by-case basis, only relevant information specific to the purpose and circumstances, will be disclosed and with necessary controls in place.

BCH will also disclose personal information to other bodies or individuals when required to do so, this could be under an act of legislation, by a rule of law, or by court order. This may include;

  • child maintenance service
  • children and family courts services
  • Home Office
  • courts
  • any other regulatory body who can demonstrate that there is a legitimate purpose for the processing of your personal data.

BCH may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

How long we keep personal information

BCH holds your personal information as long as is necessary for the particular purpose/s for which it is processed. The minimum standards for retention of personal data held by BCH are in line with the National Police Chief’s Council (NPCC) Retention Schedule.

Information rights

A key area of change in the new Data Protection Act 2018 relates to individuals’ rights. The law enhances existing rights by clarifying and extending them and introduces additional rights. However, your information rights are dependent on the purposes for which data was collected and processed.

Law enforcement data processing

BCH have a statutory duty to uphold the law, prevent crime, bring offenders to justice and protect the public. To do this it is necessary for us to process your personal information under the lawful basis of ‘public task’ and ‘official authority'. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.

The administration of justice includes;

  • the prevention and detection of crime
  • apprehension and prosecution of offenders
  • protecting life and property
  • preserving order
  • maintenance of law and order
  • assisting the public in accordance with force policies and procedures
  • national security
  • defending civil proceedings and any duty or responsibility of the police arising from common or statute law.

Whose personal data we process for law enforcement purposes

In order to carry out the purposes described above, BCH may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to;

  • offenders and suspected offenders
  • witnesses or reporting persons
  • individuals passing information to BCH
  • victims, whether current, past or potential.

Types of personal information we process for law enforcement purposes

In order to carry out our statutory responsibility we will process varying types of personal data, this includes;

  • your name and address
  • employment details
  • financial details
  • racial or ethnic origin
  • political opinions
  • religious or other beliefs of a similar nature
  • physical or mental health
  • sexual life
  • offences and alleged offences
  • criminal proceedings
  • outcomes and sentences
  • cautions
  • physical identifiers including DNA, fingerprints, and other genetic samples
  • photograph, sound and visual images
  • criminal intelligence
  • information relating to safety
  • incidents, and accident details.

We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes. Personal information can be held on a computer, in a paper record such as a file or images, but it can also include genetic and biometric data as well as other types of electronically held information such as body worn or CCTV images.

Where we get personal information from

The data we process for law enforcement purposes come from a wide variety of sources, including;

  • other law enforcement agencies
  • HM Revenue and Customs
  • international law enforcement agencies and bodies
  • licensing authorities
  • legal representatives
  • prosecuting authorities
  • solicitors
  • courts
  • Prisons and Young Offender Institutions
  • security companies
  • partner agencies involved in crime and disorder strategies
  • private sector organisations working with the police in anti-crime strategies
  • voluntary sector organisations
  • approved organisations and people working with the police
  • Independent Office for Police Conduct
  • Her Majesty’s Inspectorate of Constabulary
  • government agencies and departments
  • emergency services such as the Fire Brigade, National Health Service or Ambulance
  • persons arrested
  • victims
  • witnesses
  • relatives, guardians or other persons associated with the individual
  • individuals passing information
  • BCH and local authority CCTV systems
  • body worn video
  • correspondence sent to us.

There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.

How we handle personal information

We handle personal information according to the requirements of Part 3 of the new Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a need to know basis by our staff, police officers, or data processors working on our behalf.

We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public.

We will strive to ensure that any personal information used by us or on our behalf is compliant in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.

We will review your data to ensure it is still required and we have a lawful purpose to continue to retain it.  If there is no lawful purpose then your data will be securely destroyed.

Who we share personal information with

To enable BCH to meet their statutory duty, we may be required to share your data with other organisations that process data for a law enforcement purpose, in the UK and/or overseas, or in order to keep people safe. These organisations include;

  • other law enforcement agencies (including international agencies)
  • partner agencies working on crime reduction initiatives
  • partners in the criminal justice arena
  • local government
  • authorities involved in offender management
  • international agencies concerned with the safeguarding of international and domestic national security
  • third parties involved with investigations relating to the safeguarding of national security
  • other bodies or individuals where it is necessary to prevent harm to individuals.

We are also required to share law enforcement data for another purpose where an exemption applies or the organisation demonstrates there is a lawful basis for doing so. These organisations include, but are not limited to;

  • family courts and individuals party to proceedings
  • solicitors or individuals in connection with legal advice or proceedings
  • housing associations
  • regulatory bodies
  • licensing authorities
  • central and local government departments/agencies
  • Social Services
  • other emergency services
  • court ordered disclosures.

Disclosure of personal information will be considered on a case-by-case basis, to ensure that only personal information appropriate for the identified purpose and circumstances is disclosed, with necessary controls in place.

Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.

How long personal information is kept

BCH holds your personal information as long as is necessary for the particular purpose or purposes for which it is processed. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer.

Other records that contain your personal information and are processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information (MoPI) and the National Police Chief’s Council Retention Schedule.

Your data rights

A key area of change in the new Data Protection Act relates to individuals’ rights, the law enhances existing rights by clarifying and extending them and introduces additional rights. However, your information rights are dependent on the purposes for which data was collected and processed.

Right to be informed

This places an obligation upon Bedfordshire Police, Cambridgeshire and Hertfordshire Constabularies (BCH) to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with.

We have written this privacy notice to explain how we will use your personal information and tell you what your rights are under the legislation.

Right of access

This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions. 

Requests can be made verbally or in writing, including through social media. However, we will require documentation to be provided in order to verify your identity before we can process a request. 

The easiest way to submit a request is to contact the Information Rights Unit by emailing dataprotection@bedfordshire.pnn.police.uk .

Right to request rectification

You are entitled to have personal data rectified if it is inaccurate or incomplete. You may contact our Information Rights Unit to request this by emailing dataprotection@bedfordshire.pnn.police.uk .

Right to request restriction

Individuals have a right to request restriction or suppression to the processing of their personal data in certain circumstances. You may contact our Information Rights Unit to request this by emailing  dataprotection@bedfordshire.pnn.police.uk .

Right to request erasure

You have the right to request the deletion or removal of your personal data in certain circumstances. You may contact our Information Rights Unit to request this by emailing  dataprotection@bedfordshire.pnn.police.uk .

Right to object

You have the right to object to processing if we are using your information for a process which forms part of our public tasks - but only when it is not being processed for a law enforcement purpose.

Right to withdraw consent

If we are relying on consent to process your personal data, you can withdraw your consent at any time. However, if we are processing your personal data for performance of a contract we will not be relying on consent.

Rights relating to automated decision making

Automated individual decision making and profiling is a decision made by automated means without any human involvement. You have a right to be informed regarding this type of processing and may request the decision to receive human intervention. BCH do not have any processes where the final decision is automated, this privacy notice will be updated should this type of processing take place.

Rights relating to data portability

This only applies to personal data you have provided to police where we are relying on your consent to process it or where we are using your personal data as part of a contract we have with you. This right does not apply to personal data processed for a law enforcement purpose.

Right to claim compensation

If you believe we have breached any requirements of the Data Protection Act and feel you have suffered damage or distress as a result, you may be entitled compensation. Any claims should be sent to our Information Rights Unit by emailing  dataprotection@bedfordshire.pnn.police.uk .

Complain to the Information Commissioner

The Information Commissioner is the independent authority responsible within the UK for ensuring we comply with data protection legislation.

Make a complaint to the Information Commissioner

If you have a concern about how we have used your personal information, or you believe you have been adversely affected by our handling of your data, you may wish to contact the Information Commissioner;

Our website uses cookies to improve your experience.

OK