The Chief Constable of Essex Police is registered with the Information Commissioner as a 'data Controller' for the purposes of the Data Protection Act 2018 ('the Act'). He ensures that Essex Police handles all personal data in accordance with the Act.

Essex Police takes its responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals' trust and confidence in the force.

You can contact the Chief Constable, or Essex Police's Data Protection Officer at the following address:

Essex Police Headquarters
PO Box 2
Chelmsford
CM2 6DA

How we use your data

Report a crime or other contact

Categories of data

We collect Personal Data such as names and addresses.  This is to ensure that you're contactable, and if you need to contact us again we can determine your identity.

In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we'll explain to you why it's necessary.

Essex Police will ensure the personal data it collects is kept to a minimum, and is necessary for the processing purpose. We may also receive information from other sources in relation to you.  These are usually our partners in law enforcement, or organisations providing social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, to prevent and detect crime, and together with our partners, to protect vulnerable people.

For processing special category data, Essex Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest. This means data about your ethnicity, religion, health, or other sensitive data will only be processed if your welfare, or the welfare of others is at risk.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable.
Therefore if you, or a person you're contacting Essex Police about, are considered vulnerable, or in need of support, we may share your data with partners such as Councils, Health organisations, and victim support services.

We also share information with partners if the sharing is necessary because we are carrying out a specific task in the public interest.

Therefore if you are reporting issues that are suited for referral to other agencies, such as weather related emergencies i.e. trees down and flooding, we will pass your contact details to the relevant authority who may contact you for further information.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

EssexPolice will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

EssexPolice follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Victim

Categories of data

We collect Personal data such as names and addresses. In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we will explain to you why it is necessary.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Essex Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose.

Essex Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police has a legal obligation to process personal data to ensure compliance under the Victim Code and the National Crime Recording Standard.

For processing special category data, Essex Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable. We therefore may share your data with partners such as Councils, Health organisations, and victim support services.

We also have a public interest, legal obligation or legitimate interest to carry out user satisfaction surveys with victims of crime to evaluate our performance and effectiveness.  We may contact you if you have been a victim of crime or reported an incident to us to ask for your opinion about the service you have received.  Sometimes, like many police services, we may use other independent organisations and police forces for research purposes to undertake these surveys. The information we obtain from the surveys are used wherever possible to help us improve.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Essex Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Essex Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Witness

Categories of data

We collect Personal data such as names and addresses. This is to ensure that you are contactable, and that if you need to contact us again we can determine your identity.

In limited circumstances we also collect Sensitive (Special Category) Personal Data such as medical conditions, and biometrics, but this is unlikely and we will explain to you why it is necessary.

Essex Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Essex Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately. For processing special category data, Essex Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest.

Who we share with

Our priorities include putting victims first, protecting the public from harm and protecting the most vulnerable.

Therefore if you, or a person you are contacting Essex Police about, are considered vulnerable, or in need of support, Essex Police may share your data with partners such as Councils, Health organisations, and victim support services.

We also share information with partners if the sharing is necessary because we are carrying out a specific task in the public interest.

Therefore if you are reporting issues that are suited for referral to other agencies, such as weather related emergencies i.e. trees down and flooding, we will pass your contact details to the relevant authority who may contact you for further information.

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Essex Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Essex Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Suspect

Categories of data

We collect Personal data such as names and addresses. We also collect Sensitive (Special Category) Personal Data such as:

  • Medical conditions for your safety, and that of our officers and staff;
  • Biometrics to assist in identification and possibly elimination from our enquiries;
  • Ethnic origin to enable us to monitor our approach to diversity and fulfil our duties to the Home Office regarding statistics reporting;
  • Any previous offences or convictions (under Article 10 of GDPR).

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Essex Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Essex Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, and public safety is maintained.

For processing special category data, Kent Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

Our priorities include protecting the public from harm, protecting the most vulnerable and tackling crime and antisocial behaviour.

Therefore if you are considered vulnerable, or in need of support, even if it not connected with your offending behaviour, Essex Police may share your data with partners such as Councils, Health organisations, and specialist support services.

If we consider that you are a risk to others we may share your offending history and other details with your employer (Disclosure and Barring Checks/DBS), other police forces and other law enforcement agencies to prevent and detect crime.

We may also share your data with government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Essex Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Essex Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Offender

Categories of data

We collect Personal data such as names and addresses. We also collect Sensitive (Special Category) Personal Data such as:

  • Medical conditions for your safety, and that of our officers and staff;
  • Biometrics to assist in identification and possibly elimination from our enquiries;
  • Ethnic origin to enable us to monitor our approach to diversity and fulfil our duties to the Home Office regarding statistics reporting;
  • Any previous offences or convictions (under Article 10 of GDPR).

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead. 

Essex Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose. Essex Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police has a legal obligation to process personal data to ensure investigations are undertaken appropriately, and public safety is maintained.

For processing special category data, Essex Police relies on the provisions under article 9 of social protections, protecting vital interests, and substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

If you are considered vulnerable, or in need of support, even if it not connected with your offending behaviour, Essex Police may share your data with partners such as Councils, Health organisations, and specialist support services.

This supports the Essex Police priorities of protecting the public from harm and protecting the most vulnerable, and tackling crime and antisocial behaviour.

If we consider that you are a risk to others we may share your offending history and other details with your employer (Disclosure and Barring Checks/DBS), other police forces and other law enforcement agencies to prevent and detect crime.

We may also share your data with government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Essex Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Retention

Essex Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

Employee

Categories of data

We collect Personal data such as names and addresses, next of kin, telephone numbers, and bank details. We also collect Sensitive (Special Category) Personal Data such as:

  • Medical conditions to assist in supporting officers and staff, and to ensure that reasonable adjustments can be made;
  • Sexual orientation and marital status (sex life), religion, and ethnicity to fulfil our responsibilities in regards to equalities monitoring.
  • Trade Union membership to enable officers and staff to engage in collective bargaining, and to be supported during any process within the force.
  • Any previous offences or convictions (under Article 10 of GDPR) to prevent or monitor misconduct.

This is not a complete list.

We may use anonymised data, or pseudonymised data for statistical, or research purposes to ensure that we identify better ways of serving the public.  This means that for anonymised data, all identifying characteristics like your name, or age will be taken out.  For pseudonymised data, all identifying characteristics, like your name, will be taken out and an identifying number is used instead.

Essex Police will ensure that the personal data it collects is kept to a minimum, and is necessary for the processing purpose.

Essex Police may also receive information from other sources.  These are usually our partners in law enforcement, or organisations that provide social support such as housing, councils, the NHS, etc.

Legal basis for processing

Essex Police will only process data relating to employees in order to fulfil our duties as an employer, or where we have a legal obligation to process personal data to prevent or detect misconduct.

For processing special category data, Essex Police relies on the provisions under article 9 of obligations in the field of employment, or to establish, exercise, or defend legal claims, or where there is substantial public interest, as well as for statistical purposes (Article 89), which may include anonymisation or pseudonymisation.

Who we share with

For the most part, Essex Police will not share your data unless you consent, for instance if you are seeking a reference, or transferring to another employer.

If we consider that you are a risk to others we may share misconduct or discipline records with your new employer (Disclosure and Barring Checks/DBS), other police forces or government agencies such as prisons, and in some circumstances your family, or associates (Child Sex Offenders Disclosure Scheme also known as Sarah’s Law).

We will always record our reasons for sharing, and who we shared it with, and you can lodge an objection by contacting the Data Protection Officer.

Retention

Essex Police will not pass your data to any organisations outside the European Economic Area (EEA) unless required to do so by law.

Essex Police follows the data retention schedules published by the College of Policing under Authorised Professional Practice – this is based on the crime type, and it applies nationally.

We also retain your data in line with the legal requirements under the Policing Act 2017, and employment law.

Your rights

Under the Data Protection Act 2018 (DPA), General Data Protection Regulations (GDPR), Environmental Information Regulations 2004 and the Freedom of Information Act 2000, you have a number of information rights.

The rights under the DPA and the GDPR are similar but not identical. Those under the DPA apply where personal data is used by Essex Police for law enforcement purposes, and those under the GDPR apply when it is used for other purposes.

Your right to be informed

You have the right to be informed about the collection and use of your personal data. You must be informed of the purpose for processing their personal data, retention periods that data and who it will be shared with. This is called privacy information. Privacy information must be provided at the time personal data is collected.

Exemptions apply and Essex Police may restrict provision of Law Enforcement data where it is necessary and proportionate.

The right can be found under Articles 13 & 14 of the GDPR.

Your right of access

You have the right to request access to your personal data, this was previously known as subject access. You can make a right of access request verbally or in writing. Essex Police have one calendar month to respond to a request.

There is no legislative requirement for you to complete the form, but doing so will ensure that we have the details required to fulfil your request, as well as the required identification verification, and these will ensure that your request is dealt with as quickly as possible.

Further information about the subject access process is available in the 'Requesting Information' page of our website.

The right can be found under Section 45 of the DPA and Article 15 of the GDPR.

Your right to rectification

You have the right to apply to have inaccurate personal data rectified, or completed if it is incomplete. You can make a request for rectification verbally or in writing. Essex Police have one calendar month to respond to a request.

Further information about making a request for record deletion, rectification, restriction and processing of data held on me.

The right can be found under Section 46 of the DPA and under Article 16 of the GDPR.

Can my data be corrected?

You data can be corrected when;

  • We have recorded any of your personal data incorrectly.
  • Your details have changed.
  • We were provided with incorrect data from someone, or somewhere else.
  • We have recorded information against your name that refers to someone else.

Your data cannot be changed when;

  • The investigation or prosecution is live, and any corrections will compromise the case.
  • It is a malicious or false allegation.
  • An individual has said something about you that you disagree with.
  • You have deliberately provided false details in order to escape detection.

Your right to erasure

You have the right to request to have your personal data erased, this right is also known as the ‘right to be forgotten’. You can make the request for erasure verbally or in writing. Essex Police have one calendar month to respond to a request. The right is not absolute and only applies in certain circumstances.

Further information about making a request for record deletion, rectification, restriction and processing of data held on me.

The right can be found under Section 47 of the DPA under Article 17 of the GDPR.

Your right to restriction

You have the right to request restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, personal data is stored, however Essex Police cannot use it. You can make a request for restriction verbally or in writing. Essex Police have one calendar month to respond to a request.

Further information about making a request for record deletion, rectification, restriction and processing of data held on me.

The right can be found under Section 47 of the DPA under Article 18 of the GDPR.

Your right to data portability

You have the right to request and reuse your personal data provided to Essex Police for your own purposes across different services. This will allow data to be moved, copied or transferred from one IT environment to another in a safe and secure way, without affection its usability. This right only applies to information an individual has provided to a controller and does not apply for personal data used by Essex Police for law enforcement purposes. Data will be provided in a format that is structured, commonly used and machine readable format.

Make a request via email.

The right can be found under Article 20 of the GDPR.

Your right to object

The right to object only applies in certain circumstances, dependant on the purpose for processing and if a lawful basis for processing that information is in place. Individuals have the absolute right to object to processing of their personal data it if is for direct marketing purposes. Individuals can also object if the processing is for a task carried out in the public interest , exercised by an official authority or if a legitimate interest (or those of a third party) In these circumstances the right to object is not absolute.

Make a request via email

The right can be found under Article 21 of the GDPR.

The right to object only applies in certain circumstances, dependant on the purpose for processing and if a lawful basis for processing that information is in place. Individuals have the absolute right to object to processing of their personal data it if is for direct marketing purposes. Individuals can also object if the processing is for a task carried out in the public interest , exercised by an official authority or if a legitimate interest (or those of a third party) In these circumstances the right to object is not absolute.

Make a request via email

The right can be found under Article 21 of the GDPR.

Your right not to be subject to automated decision making

You have the right to apply not to be subject to a decision when it is based on automated processing, and if it produces an adverse legal effect or a significantly affects you.  This right does not apply when a decision does not have an adverse legal or similarly significant effect. If a qualifying significant decision has been made, Essex Police will inform the individual.

Any request for a review may be made verbally, in writing or via email

Essex Police will respond within 21 days to ask for a review of the decision or take a new decision not based on automated means, providing an outline of the steps taken and the outcome.

Any request can be made via the email links provided verbally or in writing to:

Essex Police
PO Box 2
Springfield
Chelmsford
Essex CM2 6DA

The right can be found under Section 49 of the DPA under Article 22 of the GDPR.

Your right to request information from a public body

You have a right to request information from a public body under the Freedom of Information Act and the Environmental Information regulations.

Under the Freedom of Information Act and the Environmental Information regulations you have the right to request any recorded information held by Essex Police. You can ask for any information you think a public authority may hold. The right only covers recorded information and can be in the form of a question, rather than a request for specific documents. Essex Police does not have to create new information or give opinion or judgment that is not already recorded. Some information may be exempt.

Further details can be found on our freedom of information and publication scheme pages.

The Chief Constable's rights

The provisions of the Data Protection Act mean that in certain circumstances some personal data will not be provided.

For example you will not be provided with personal data if releasing it to you would be likely to prejudice a criminal investigation, and we may not provide you with information that identifies other individuals.

The information you provide on this form will be used for processing your request and for any other policing purpose.

Information security

Essex Police operates through intelligence led policing and so depends on information, and also the systems that the information is processed on.

The protection of information stored in manual and electronic systems is essential to the operation of the organisation and Kent and Essex Police must demonstrate compliance with National Policing Information Risk Management Team (NPIRMT) and Community Security Policy (CSP) for any existing or proposed information processing, regardless of where it comes from.

Other industry standards are also used where appropriate to ensure the protection of personal information is a priority, FIPS-140, ISO/27001, NIST, COBIT-5 and National Cyber Security Centre standards.

Electronic and digital security for new or existing systems which use or manage police information adhere to the Kent and Essex Police Baseline Security Requirement. 

Organisational policy and procedures ensure the protection of police information and the controlled access to it. The design, operation, use and management of the technology must comply with statutory, regulatory, and contractual security requirements.  

Technical safeguards are enforced within the Kent and Essex Police infrastructure such as firewalls, data encryption, end point detection and response solutions, protective monitoring, segregation of data and role based authorised system access.  Physical access controls to our buildings and files require authorised and appropriate access and are overseen by security cameras.

Glossary of terms

Data Controller - A controller determines the purposes and means of processing personal data. A Controller has an obligation to ensure contracts with processors comply with the GDPR.

Data Processor - A processor is responsible for processing personal data on behalf of a controller. The GDPR places specific legal obligations on processors; for example, they are required to maintain records of personal data and processing activities, and will have legal liability if they are responsible for a breach.

Personal Data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Anonymised personal data Personal data that has been anonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Sensitive personal data (Special category data) - The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).}

This is because special category data is more sensitive, and so needs more protection. For example, information about an individual’s:

  • race
  • ethnic origin
  • politics
  • religion
  • trade union membership
  • genetics
  • biometrics (where used for ID purposes)
  • health
  • sex life
  • sexual orientation.

Processing - Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including –

  1. organisation, adaptation or alteration of the information or data
  2. retrieval, consultation or use of the information or data
  3. disclosure of the information or data by transmission, dissemination or otherwise making available, or
  4. alignment, combination, blocking, erasure or destruction of the information or data.