This privacy notice applies to North Yorkshire Police Personnel, collectively, Police Officers under the direction and control of the Chief Constable and Police Staff such as PCSOs in the employment of the Chief Constable, but also Volunteers (including Special Officers), Agency Employees (vetted and carrying work on the instruction of NYP) and Contractors (vetted but tasked with specific tasks, for instance PAT testing). These will be referred to collectively as “staff” throughout the privacy notice.
The Chief Constable of North Yorkshire Police is committed to protecting your personal information.
This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given to us.
We may need to make changes to our Privacy Notice, so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we may contact you to let you know.
Who we are?
This Privacy Notice is provided to you by the Chief Constable of North Yorkshire Police who is the data controller of this data.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified. Identification can be directly using the data itself, or by combining it with other information which helps to identify a living individual. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018, and other legislation relating to personal data and rights, such as the Human Rights Act.
The data we may collect about you:
Below is a list of the types of personal data we could collect about you. Please note, this is in no way exhaustive and not all of the data will be collected in all circumstances. The data and the level of detail collected will depend on the purpose for which it is collected.
Personal Data that we may collect includes:
Personal details such as name, date of birth, gender, address, ID numbers and contact details, including emergency contact details;
Next of kin;
NYP user details such as collar number and pin number;
Bank account details and payroll records;
Salary and grade details;
Records of any compensation payments;
Education and work history;
Proof of Identity;
Marital status, family circumstance and dependents;
CCTV footage and swipe card records;
Data from force radios and emails;
Records containing your performance and training;
Records of any disciplinary proceedings;
Sickness and other absence details including emergency leave and annual leave;
Your contract and terms and conditions of employment;
Records of grievances;
Health and safety records;
Welfare records; and
Information about your use of the NYP’s systems.
Under certain circumstances we may collect special category personal data. Such data, where collected, even though we may not explicitly ask for it, could reveal the following to differing extents:
Racial or ethnic origin;
Religious or philosophical beliefs;
Trade Union membership;
Physical or mental health;
Sex life or orientation;
Genetic or biometric data.
Some of this information may be collected for equal opportunity monitoring purposes.
Please note, any member of staff issued with a Samsung work mobile will be required to accept the terms and conditions and provide consent to Samsung when setting up functions involving fingerprint recognition.
North Yorkshire Police will use the minimum amount of personal information necessary to carry out a particular activity.
Why do we use your information?
We may process your data to enable us to carry out functions relating to;
Personnel Management – to carry out all functions relating to your employment, including general administration of your contract or terms and conditions, but also for the management of the workforce. This may include:
Payment of salary and allowances;
Time management and timesheets;
Performance management and conducting performance reviews;
Education, training and development requirements;
Making decisions about your continued employment or engagement;
Disciplinary matters and grievances including gathering evidence. For instance, ;
Health and safety;
Dealing with legal disputes involving you, including accidents at work and injury award claims;
Providing employment-related benefits to you, such as occupational sick, adoption, maternity, paternity, shared parental and annual leave.
Occupational Health – to look after your wellbeing and welfare.
Payroll – to manage your wages.
Pensions – to administer and manage your pensions.
Departmental Administration and Management – to provide business continuity, business and workforce planning, to compile a staff directory, inventory data and make travel bookings.
Staff services – to provide services such as reward systems and childcare services.
Communications and Staff Awareness – to draw your attention to key organisational information.
Staff recognition – to acknowledge the good behaviour and conduct of our staff.
Internal Monitoring and Auditing – to monitor your use of our information and communication systems to ensure compliance with our relevant policies, including security policies in place to ensure the security of NYP staff, visitors, property and information, preventing unauthorised access to our computer and electronic communication systems and preventing malicious software distribution.
Equality and Diversity – to compile workforce demographic and diversity analysis, monitoring and reporting.
Health and safety – we may engage in functions which require us to take actions such as, but not limited to, carrying out individual risk assessments, display screen equipment assessments, work station assessments to identify reasonable adjustments, and creating and updating accident/incident records in line with Health and Safety in the workplace legislation.
Transport – to monitor your use of NYP vehicles and radios.
Further detailed privacy notices for staff are available on the intranet.
What is the legal basis for processing your personal data?
Some of the purposes for using your data will overlap and there can be several lawful conditions for processing your personal data.
The Chief Constable of North Yorkshire Police may process personal data for the following reasons:
You have given consent for your personal data to be processed;
To comply with employment related legislation and ensure we provide a Police Service during times of Business Continuity;
The performance of a contract with you, the data subject, to enable you to carry out work responsibilities as part of your employment with North Yorkshire Police;
In the legitimate interest of the controller to allow force employees to show their appreciation for your good work;
It is necessary for carrying out employment obligations;
It is necessary for performance of a public task.
Where we process special categories of personal data, we will do so in accordance with the specific conditions of processing set out in Data Protection legislation, this includes the following;
You have given explicit consent for your data being processed;
It is necessary in the context of employment law, or laws relating to social security and social protection;
It is necessary to protect individuals’ vital interests;
The processing is carried out in the course of the legitimate activities of a charity or not-for-profit body, with respect to its own members, former members, or persons with whom it has regular contact in connection with its purposes;
The processing relates to personal data which have been manifestly made public by the data subject;
It is necessary for the establishment, exercise or defence of legal claims, or for courts acting in their judicial capacity;
It is necessary for reasons of substantial public interest and occurs on the basis of a law that is proportionate to the aim pursued and protects the rights of data subjects;
The processing is required for the purpose of medical treatment undertaken by health professionals, including assessing the working capacity of employees and the management of health or social care systems and services;
The processing is necessary for reasons of public interest in the area of public health; and
The processing is necessary for archiving purposes in the public interest, for historical, scientific, research or statistical purposes, subject to appropriate safeguards.
The Data Controller will comply with data protection law. This says that the personal data we hold about you must be:
Used lawfully, fairly and in the case of data processed for general, non-law enforcement purposes, in a transparent way;
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
Relevant to the purposes we have told you about and limited only to those purposes;
Accurate and kept up to date;
Kept only as long as is necessary for the purposes we have told you about;
Kept and destroyed securely, including ensuring that appropriate technical and security measures are in place to protect your personal data and to protect personal data from loss, misuse, unauthorised access and disclosure.
Sharing your personal data:
We may share your personal data internally with relevant departments for the purpose of fulfilling one or more of the above stated legal bases. We may also engage the services of other agencies to meet legal requirements, or fulfil another lawful basis.
Where we have arrangements to share your personal data, there is a contract, memorandum of understanding or information sharing agreement in place to ensure that the requirements of the Data Protection legislation on handling personal information are met. Where we are required to disclose information by law, for example for safeguarding purposes, we may do so without these arrangements.
We engage with third party processors who handle some, or all, of the above mentioned information on our instruction.
NYP will take steps to ensure any disclosures of personal data are necessary and proportionate, as required by law. Whenever we share your personal information, sharing options will be evaluated to ensure that your data is shared in the most secure manner.
How do we keep your personal information secure?
We are committed to ensuring that your personal data is safe and processed securely. In order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, altered or disclosed, we have put in place suitable physical, electronic and managerial measures. These include information security awareness training for our staff. We have also compiled procedures to safeguard and secure the information that we hold about you which our staff adhere to.
We limit the access to your personal information to those employees who have a business need to know, for instance through secure work areas and access controls on all of our systems. Employees, contractors and other third parties who handle personal data will only process your personal information in line with our direct instructions.
How long do we keep your personal information?
North Yorkshire Police keeps your personal information as long as is necessary for the particular purpose, or purposes, for which it is held.
Records that contain your personal information processed for “general data” purposes will be managed in accordance with the Force’s Retention Schedule.
Your rights and personal data:
A key area of change in the new Data Protection Act relates to individuals’ rights. The law refreshes existing rights by clarifying and extending them and introduces new rights.
However your information rights will be dependent on the reason why the data was collected, how the data was collected and why it is being used.
Further information about your rights can be found on our Data Protection page.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, we may provide you with a new notice explaining this new use and setting out the relevant purposes and processing conditions, prior to commencing the processing. We will seek your prior consent to the new processing if this is appropriate.
Details as to how we can be contacted, as well as how you can submit a complaint is available on our website. Please see our privacy notice.
This version of our Privacy Notice was last updated on 26 October 2018.