Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
New Data Protection Legislation – Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) – was implemented on 25th May 2018. This privacy notice has been updated to make it easier for you to understand what personal data we will process, how and why.
This Privacy Notice is divided into three parts:
This Privacy Notice also provides you with details of the rights you have relating to the personal data Essex Police holds about you now and any personal data that might be collected about you in the future. The aim of this Privacy Notice is to clearly explain, at a high level, how Essex Police collects, stores, uses, discloses, retains and destroys personal data and the steps taken to ensure that it is protected.[1] This Notice is supported by more detailed purpose-specific Privacy Notices, where required.
The Chief Constable of Essex Police is registered with the Information Commissioner as a ‘Controller’ and is obliged to ensure that Essex Police handles all personal data in accordance with Data Protection Legislation. On occasions the Chief Constable may operate as a Joint Controller with one or more other Controllers.
Essex Police is a ‘Competent Authority’ as defined in Section 30 of the DPA.
In accordance with the requirements of the new legislation a Data Protection Officer has been employed by Essex Police. The Data Protection Officer is an independent role that is responsible for ensuring that the personal information held is processed in accordance with the prescribed obligations of the legislation. Essex Police have had a Data Protection Officer since 1986 but the new law, for the first time, gives them duties that they must undertake by law.
The Data Protection Officer is available to provide you with advice and assistance if you have any queries or concerns about how Essex Police process your personal data. The contact details of the Data Protection Officer can be found near the end of this Notice.
Essex Police also have an Information Rights Team, as part of the Information Management Department, who handle rights applications under the new law. The contact details of the Information Rights Team are also included in this Privacy Notice.
Essex Police takes its responsibilities and obligations under the Data Protection Legislation very seriously and ensures that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence in the Police Service.
Essex Police processes personal data for two broad purposes: a) ‘Law Enforcement Purposes’ and b) to carry out activities to support the Law Enforcement Purposes ‘General Purposes’.
Law Enforcement Purposes include:
When Essex Police process your personal data for Law Enforcement Purposes it could be because you are involved in an incident that has been reported to the police – perhaps as a witness, victim or suspect. It could be because you are involved in a crime that is being investigated or are associated with intelligence that the police have gathered. Other uses include roads policing, accident investigation, surveillance, and public order.
General Purposes include:
Where Essex Police process your personal data for Law Enforcement Purposes the Force must comply with the Data Protection Act 2018 (DPA), but not the General Data Protection Regulation (GDPR).
When Essex Police process your personal data for General Purposes the Force must comply with the General Data Protection Regulation (GDPR) and various parts of the Data Protection Act 2018 (DPA).
Although the rules for both purposes are similar, they are not identical – for example, you have fewer rights when Essex Police process your personal data for Law Enforcement Purposes than when processed under General Purposes.
For both law enforcement and general purposes, Essex Police may process personal data relating to a wide variety of individuals (known as ‘categories of data subjects’) including the following:
For both law enforcement and general purposes, Essex Police may process personal data relating to or consisting of the following (known as ‘categories of personal data’):
For General Processing ‘Special Category Data’ (3) is personal data that is regarded as particularly sensitive and includes information relating to:
For General Processing Essex Police will only process Special Category Data where a condition in Article 9 of the GDPR is met. In addition, for General Processing, Essex Police will only process ‘Criminal Offence Data’ – personal data relating to criminal convictions and offences or related security measures (4) – where a condition in Schedule 1 of the DPA is met.
Similarly, for Law Enforcement Processing Essex Police will only process personal data pertaining to your: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health (related); or sex life or sexual orientation, in certain circumstances. This type of processing is called ‘Sensitive Processing’ (5) Essex Police carry out Sensitive Processing where one of the following apply:
For both law enforcement and general purposes, Essex Police may collect personal data from a wide variety of sources, other than directly from you, including the following:
Essex Police collects personal data either from you or from other sources, dependent on circumstances.
The following are examples of how Essex Police may obtain personal data directly from you:
The following are examples of how Essex Police may obtain personal data about you from other sources:
Essex Police must have a valid lawful basis in order to process your personal data.
When Essex Police process your personal data for Law Enforcement Purposes it is done so under Common Law Policing Powers, and either with your consent or because the processing is necessary for the performance of a task carried out for Law Enforcement Purposes (6).
When Essex Police process your personal data for General Purposes there are five lawful bases available, the lawful basis will depend on the purpose for processing the personal data (7)
For both law enforcement and general purposes, Essex Police will process personal data in accordance with the DPA and the GDPR – Data Projection Legislation.
Where Essex Police process personal data for Law Enforcement Purposes, it will be done so in accordance with the DPA data protection principles (8) and where processed for personal data for General Purposes it will be done so in accordance with the GDPR data protection principles (9)
Principles |
Data Protection Act (DPA) |
General Data Protection Regulation (GDPR) |
Principle (a) – lawfulness, fairness and transparency: |
Processed lawfully and fairly
|
Processed lawfully, fairly, in a transparent manner in relation to individuals |
Principle (b) – purpose limitation: |
Collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with the purpose for which it was originally collected |
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; though further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will not be considered to be incompatible with the initial purposes |
Principle (c) – data minimisation: |
Adequate, relevant and not excessive in relation to the purpose for which it is processed |
Adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed |
Principle (d) – accuracy:
|
Accurate and, where necessary, kept up to date, and every reasonable step is taken to ensure that personal data is accurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay |
Accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate will be erased or rectified without delay where necessary |
Principle (e) – storage limitation:
|
Kept for no longer than is necessary for the purpose for which it is processed.; and appropriate time limits are established for the periodic review of the need for the continued storage of personal data for any of the Law Enforcement Purposes
|
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; however, personal data may be stored for longer periods solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals |
Principle (f) – integrity and confidentiality:
|
Processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage |
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
|
Accountability |
Essex Police will strive to ensure that all personal data processed, under their controllership, is not excessive, is reviewed appropriately, and is securely destroyed when no longer required. Essex Police respect individuals’ rights and will be able to demonstrate compliance with the DPA and GDPR data protection principles |
Essex Police takes the security of all personal data very seriously. Ensuring compliance to the relevant parts of the DPA and the GDPR relating to security, as well as seeking to comply with the National Police Chiefs Council (NPCC) Security Systems Policy and relevant parts of the ISO 27001 Information Security Standard.
Essex Police ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection. These measures will protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These measures are continuously managed and enhanced to ensure up-to-date security.
For both law enforcement and general purposes, Essex Police may disclose personal data to a wide variety of recipients in any part of the world, including those from whom personal data is obtained.
This may include disclosures to other law enforcement agencies, partner organisations/agencies working on crime reduction initiatives, partners in the Criminal Justice arena, Victim Support, and to bodies or individuals working on our behalf (such as, IT contractors or survey organisations).
Essex Police may also disclose to other bodies or individuals where necessary to prevent harm to individuals. Disclosures of personal data will be made on a case-by-case basis, using the personal data appropriate to a specific purpose and circumstances, and with necessary controls in place.
Where you have provided your personal data to us for the purposes of the police constable recruitment process, your data, including biographical monitoring information, will be shared with the College of Policing.
It will be stored on their secure network or within their Assessment Information Management System (AIMS). From this information, your name, email address and candidate reference number will be uploaded to the new online assessment platform for constable recruitment and shared with the third party provider hosting the system in order to progress your application virtually.
Some of the bodies or individuals to which Essex Police may disclose personal data to are situated outside of the European Union – some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If personal data is transferred to such territories, the proper steps will be taken to ensure that it is adequately protected, as required by the DPA and GDPR.
Essex Police will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. This may include disclosures to the Child Maintenance Service, the National Fraud Initiative, and the Home Office and to the Courts.
Essex Police may also disclose personal data on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.
Essex Police keep personal data for as long as is necessary for the particular purpose, or purposes, for which it is held.
Personal data which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the agreed national retention periods which are subject to periodic change.
Other records containing personal data relating to intelligence, digital media, custody, crime, firearms, child abuse investigations, and domestic violence will be retained in accordance with the College of Policing’s Authorised Professional Practice for Information Management. This can be found on the College of Policing’s website www.app.college.police.uk. These records are retained in accordance with the Essex Police’s procedure W1012 Records Review, Retention & Disposal.
Essex Police may monitor or record and retain telephone calls, texts (SMS), emails and other electronic communications to and from the Force in order to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist law enforcement or general purposes.
Essex Police does not place a pre-recorded ‘fair processing notice’ on telephone lines that may receive emergency calls (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.
Essex Police use a number of different cookies on our website, see our cookie policy.
This Privacy Notice is divided into three parts:
Notes
1. Defined by the statutory Code of Practice on the Management of Police Information 2005 as ‘protecting life and property, preserving order, preventing the commission of offences, bringing offenders to justice, and any duty or responsibility of the police arising from common or statute law.’
2. Essex Police is required to conduct Customer Satisfaction Surveys to evaluate our performance and effectiveness. Essex Police may contact individuals, such as victims of crime or those reporting incidents, and ask them to give us their opinion of the services Essex Police are providing to the public. Essex Police use the information given to improve our service and wherever possible, Essex Police, like many police forces uses a private company to undertake such surveys on our behalf with strict controls to protect the personal data of those involved.
3. GDPR Article 9(1)
4. GDPR Articles 10 & 11
5. DPA Part 3 Section 35(8)
6. DPA Part 3 Section 35
7. GDPR Article 6(1)
8. DPA Part 3 Sections 34 to 40
9. GDPR Article 6