Home > Access to information > Privacy Notice > Discipline privacy notice

Discipline privacy notice

We are all responsible for our own professional behaviour.

To ensure you are able to deliver the highest standards possible, you should have a good understanding of the Code of Ethics.  The Code of Ethics reflects the Police (Conduct) Regulations 2020 for police officers and the Police Staff Council Joint Circular 54 – Standards of Professional Behaviour.

At North Yorkshire Police conduct matters are handled by the Professional Standards Department and People Services  to ensure a consistent application of Regulations and the Police Staff Discipline Procedure.

The Chief Constable of North Yorkshire Police (NYP) is committed to protecting your personal information.

This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given to us. This overarching Privacy Notice will provide you with information relating to the data handled during disciplinary processes, including  gross misconduct and misconduct investigations, Common Law Police Disclosures (CLPD) and complaints.

We may need to make changes to our Privacy Notice, so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we may need to contact you to let you know.

Who we are:

This Privacy Notice is provided to you by the Chief Constable of North Yorkshire Police who is the data controller of this data.

Your personal data – what is it?

Personal data” is any information about a living individual which allows them to be identified.  Identification can be directly using the data itself, or by combining it with other information which helps to identify a living individual. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018, and other legislation relating to personal data and rights, such as the Human Rights Act.

Whose personal data do we handle?

We handle personal data of Officers and Staff who have been voluntary attendees in police proceedings, have been arrested on suspicion of a criminal offence, have been involved in criminal investigations, or have come to the attention of the Police through means such as CLPD, including disclosures made to NYP from other forces. We also handle personal data of those who have had complaints made against them or have been subject to misconduct investigation or disciplinary action.

The data we may collect about you:

Personal Data that we may collect includes:

  • Full name, rank and collar number;
  • Dates of birth;
  • Workplace and workload or cases dealt with;
  • Contact details;
  • Nature of allegations made in relation to the complaints, misconduct or offence, and any supporting documentation available;
  • Details of any hearings and meetings relating to the disciplinary matter at hand;
  • Outcome of the disciplinary actions taken, including reports written following disciplinary hearings.

Special category personal data including personal data revealing the below may be collected during some, or all, of the discipline proceedings mentioned:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade Union membership;
  • Physical or mental health;
  • Sex life or orientation;
  • Genetic or biometric data.

North Yorkshire Police will use the minimum amount of personal information necessary to carry out a particular activity.


Complaints can be made for numerous reasons and can be raised when an employee or Officer is behaving in a way that is perceived as inappropriate or not in line with the code of ethics. This can include individuals disclosing that they are part of NYP to take advantage of their position and in hopes that this will change the action or reaction of the individual being addressed by the member of the NYP workforce.

When complaints are made, the details of behaviours and actions of the individuals whom the complaint is against are disclosed which often reveal the member of NYP’s personal views and attitudes. This personal data is then acted on and investigated.

You can find out more about the personal data collected for this and related purposes on The Source

Investigations including misconduct and criminal proceedings:

Where investigations are instigated to explore allegations of misconduct or involvement in criminal activity, your use of force systems, devices or vehicles may be examined. To gain more information about how this data is gathered and managed, please read the relevant privacy notices which can be found on The Source.

Please note, we may collect data in the form of intelligence relating to our workforce that does not always make it to a full disciplinary, misconduct or criminal investigation. Information gathered during a criminal investigation can be used in a disciplinary investigation, where appropriate.

If the allegations made against you relate to substance misuse, you may be subject to an intelligence led substance misuse test. You can find out more about the personal data collected for this and related purposes on The Source.

Please note, in circumstances where you have been a voluntary attendee or have been arrested for certain offences which are deemed relevant to your occupation, such information will be disclosed to your employer and may be acted on further, for instance to instigate criminal or misconduct proceedings. This is known as the Common Law Police Disclosure process.

Please note, that if a Police Officer is arrested, the OIC, can, if they feel it is appropriate, contact Professional Standards Department to inform them that they have an Officer in custody. Notifications relating to arrests of Police Staff should always go through to Civil Disclosure Unit.

What is the legal basis for processing your personal data?

The Chief Constable of North Yorkshire Police may process personal data for the following reasons:

  • Under Part 3 of the Data Protection Act 2018, it is necessary for the performance of a task carried out by a competent authority, specifically that of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
  • Under GDPR Article 6(1)(a), you have given consent for your personal data to be processed;
  • Under GDPR Article 6(1)(b), it is necessary for the performance of a contract with you, the data subject, to enable you to carry out work responsibilities as part of your employment with North Yorkshire Police;
  • Under GDPR Article 6(1)(c), it is necessary to meet legal obligations;
  • Under GDPR Article 6(1)(e), it is necessary for performance of a task carried out in the public interest.

Where we process special categories of personal data, we will do so for one or more of the following reasons;

  • Under Part 3 of the Data Protection Act 2018, it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including performing of tasks aimed to meet statutory purposes, administer justice, safeguard individuals at risk, or progressing legal claims;
  • Under GDPR Article 9(2)(a), you have given consent for the personal data to be processed, for instance for the purpose of safeguarding of children and of individuals at risk;
  • Under GDPR Article 9(2)(b), it is necessary for the purpose of carrying out legal obligations such as compliance with Health and Safety legislation, and exercising specific rights in the field of employment, for example protecting the public against dishonesty;
  • Under GDPR Article 9(2)(g), it is necessary for performance of a task carried out in the public interest, for instance for statutory or government purposes, to prevent or detect unlawful acts, to support individuals with a particular disability or medical condition, or to safeguard children and individuals at risk.

The Data Controller will comply with data protection law. This says that the personal data we hold about you must be:

  • Used lawfully, fairly and in the case of data being processed for general, non-law enforcement purposes, in a transparent way (this only applies to data processed under the GDPR);
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as is necessary for the purposes we have told you about;
  • Kept and destroyed securely, including ensuring that appropriate technical and security measures are in place to protect your personal data and to protect personal data from loss, misuse, unauthorised access and disclosure.

Sharing your personal data:

We may share your personal data internally with relevant departments for the purpose of fulfilling one or more of the above stated legal bases. We may also engage the services of other agencies to meet legal requirements, or fulfil another lawful basis. For example, we add to the College of Policing Barred and Advisory list,we share information with the IOPC and we have a duty to forward information relating to criminality/misconduct to other agencies (HMRC, DWP, National Crime Agency etc.) if it does not come under the remit of NYP. For CLPD matters this may be infrequent as disclosures will be made to external bodies only if the member of staff arrested is regulated by one, for instance solicitors, barristers or accountants.

Under certain circumstances, PSD may share your information with the Crown Prosecution Service and other authorities such as HMRC or local authorities.

Where we have arrangements to share your personal data, there is a contract, memorandum of understanding or information sharing agreement in place to ensure that the requirements of the Data Protection legislation on handling personal information are met. Where we are required to disclose information by law, for example for safeguarding purposes, we may do so without these arrangements.

We engage with third party processors who handle some, or all, of the above mentioned information on our instruction.

NYP will take steps to ensure any disclosures of personal data are necessary and proportionate, as required by law. Whenever we share your personal information, sharing options will be evaluated to ensure that your data is shared in the most secure manner.

How do we keep your personal information secure?

We are committed to ensuring that your personal data is safe and processed securely. In order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed, we have put in place suitable physical, electronic and managerial measures. These include information security awareness training for our staff. We have also compiled procedures to safeguard and secure the information that we hold about you which our staff adhere to.

We limit the access to your personal information to those employees who have a business need to know, for instance through secure work areas and access controls on all of our systems. Employees, contractors and other third parties who handle personal data will only process your personal information in line with our direct instructions.

How long do we keep your personal information?

North Yorkshire Police keeps your personal information as long as is necessary for the particular purpose, or purposes, for which it is held.

Records that contain your personal information processed for “general data” purposes will be managed in accordance with the Force’s Retention Schedule.

Retention guidelines for personal information which is placed on the Police National Computer can be found within the National Police Chief’s Council’s Deletion of Records from National Police Systems document.

Other records that contain your personal information and which was processed for law enforcement purposes are retained in accordance with the College of Policing guidance on the Management of Police Information and North Yorkshire Police Record Retention Policy.

Your rights and personal data:

A key area of change in the new Data Protection Act relates to individuals’ rights. The law refreshes existing rights by clarifying and extending them and introduces new rights.

However your information rights will be dependent on the reason why the data was collected, how the data was collected and why it is being used.

Further information about your rights can be found on the “Your Data Rights” page.

Further processing:

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, we may provide you with a new notice explaining this new use and setting out the relevant purposes and processing conditions, prior to commencing the processing.  We will seek your prior consent to the new processing if this is appropriate.

Contact Details:

Details as to how we can be contacted as well as how you can submit a complaint is available on our website: https://northyorkshire.police.uk/access-to-information/data-protection/


This version of our Privacy Notice was last updated on 15 April 2020.