Dyfed Powys Police takes its obligations and responsibilities very seriously and takes great care to ensure that personal information is handled appropriately in order to secure and maintain individuals' trust and confidence in us.

To ensure that we process your personal information fairly and lawfully, this privacy notice informs you:

  • What personal information we may hold about you;
  • How this information will be used;
  • How we keep this information safe;
  • Our lawful basis for processing this information;
  • How long we hold this information;
  • With whom it will be shared;
  • What rights you have in relation to this personal information.

The area served by Dyfed Powys Police includes Carmarthenshire, Ceredigion, Pembrokeshire and Powys.

The Chief Constable of Dyfed Powys Police is the Data Controller and as such has overall responsibility for the lawful processing of all personal information processed by the Force. He is assisted by the Data Protection Officer who provides advice and guidance in relation to data protection law.

Our data protection registration number with the Information Commissioner’s Office (ICO) is Z537336X.

Data Controller

Chief Constable of Dyfed Powys Police
Dyfed Powys Police
Police Headquarters
PO BOX 99
Llangunnor
Carmarthen
Carmarthenshire
SA31 2PF

Data Protection Officer

Head of Information Management
Dyfed Powys Police
Police Headquarters
PO BOX 99
Llangunnor
Carmarthen
Carmarthenshire
SA31 2PF

Processing under PART 2 – General processing

The processing of personal information is governed by the Data Protection Act 2018 and the associated General Data Protection Regulation (GDPR). Part 2 of the Data Protection Act 2018 applies to “general data”, which is personal information that is processed for a reason not involving law enforcement or national security e.g. employment purposes or public relations.

The type of personal information we hold will vary depending upon the reason you have had contact with us, but it may include:

  • Personal details such as your name, address and email;
  • Family, lifestyle and social circumstances;
  • Education and training details;
  • Employment details;
  • Financial details;
  • Racial or ethnic origin;
  • Political opinions;
  • Religious or other beliefs of a similar nature;
  • Trade union membership;
  • Physical or mental health condition;
  • Sexual life and sexual orientation;
  • Offences and alleged offences;
  • Criminal proceedings, outcomes and sentences;
  • Photograph, sound and visual images;
  • Fingerprints, DNA and other genetic or biometric samples;
  • Goods or services provided;
  • References to manual records or files;
  • Information relating to health and safety;
  • Licences or permits held;
  • Complaint, incident, civil litigation and accident details.

We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or a photograph.

Where possible and/or appropriate you will be informed of the reason for collecting, holding and using your personal information.  Although, in view of the statutory functions of Dyfed Powys Police, this may not always be possible as doing so may prejudice the Policing functions.

Dyfed Powys Police may obtain, use and disclose personal information relating to a wide variety of individuals, including:

  • Our staff, officers, volunteers, agents, temporary and casual workers;
  • Suppliers;
  • Complainants;
  • Correspondents, litigants and enquirers;
  • Advisors, consultants and other professional experts;
  • Missing or vulnerable persons;
  • Relatives, guardians and associates of the individual concerned;
  • Former and potential members of staff, pensioners and beneficiaries.

Dyfed Powys Police will handle all personal information in accordance with the Data Protection Act 2018. We will ensure that personal information is handled fairly, lawfully and in a transparent manner with appropriate justification.

Dyfed Powys Police will only use appropriate personal information that is necessary to fulfil our particular purposes and strive to ensure that it is protected appropriately. It will be adequate, relevant and not excessive. It will be kept accurate, up-to-date and destroyed securely when no longer required.

Under part 2 (general processing), your information may be used in the support of Policing purposes – which include, but are not limited to:

  • Staff/pensioner administration, occupational health and welfare;
  • Public relations/media;
  • Finance/payroll/benefits/accounts/audits/internal review;
  • Training/health and safety management;
  • Property/insurance/vehicle/systems and transport management;
  • Complaints;
  • Vetting;
  • Legal service/information provision;
  • Management of information technology systems;
  • Licensing/registration;
  • Research (including surveys and analytics)/performance management;
  • Sports/recreation;
  • Procurement;
  • Planning/testing/security;
  • Strategy and policy development;
  • Social media correspondence and analysis.

Your personal information, held on our systems and in our files, is secure and is accessed and processed by:

  • Our staff and police officers;
  • Contractors, volunteers, and “processors” working on our behalf, in accordance with their contract;

only when required to do so for a lawful purpose.

Dyfed Powys Police takes the security of all personal information under our control very seriously. We will comply with the relevant part of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.

We will ensure that appropriate policies and training, as well as technical and procedural measures are in place. These will include, but is not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers, staff and partner agencies staff is only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings’ security to ensure security is adequate. Our systems meet appropriate industry and government security standards.

We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to how any personal information contained within them may be used. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so.  Your personal information will only be collected and used by Dyfed Powys Police to carry out its legal and legitimate functions as defined by legislation, common law and best practice.

Dyfed Powys Police process information for a variety of reasons which are not related to law enforcement. The reasons why we may process your personal information include:

  • To assist us in meeting our “legal obligations” as employers;
  • To manage “contracts” with those who supply us with goods and services;
  • To help us support those who we come into contact with, which can be done by obtaining their “consent”, or due to our “legitimate interests” – this includes processes to improve the service we provide the public;
  • To perform tasks which are considered as being in the “public interest”.

Where sensitive or “special category” data is being collected, additional lawful basis will apply like having explicit consent, necessary for employment, social security, defending against legal claims, for a substantial public interest (such as Policing purpose) and for preventative or occupational health or medicine, amongst other reasons.

Dyfed Powys Police keeps your personal information as long as is necessary for the particular purpose for which it is held.

Records that contain your personal information processed for “general processing” purposes will be managed in accordance with Dyfed Powys Police Retention Policy.

Dyfed Powys Police may disclose personal information to a wide variety of recipients, including those from whom personal information is obtained. This may include:

  • Support services for victims and offenders;
  • To bodies or individuals working on our behalf such as IT contractors or survey organisations;
  • Local Government;
  • Central Government;
  • Ombudsmen and regulatory authorities;
  • The media;
  • Data processors;
  • Health Care Providers;
  • Emergency Services.

Disclosures of personal information are made on a case-by-case basis, only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.

Dyfed Powys Police will also disclose personal information to other bodies or individuals when required to do so, this could be under an act of legislation, by rule of law, or by court order. This may include:

  • Child Maintenance Service;
  • Children and Family Court Advisory Services;
  • Home Office;
  • Courts;
  • Any other regulatory body who can demonstrate that there is a legitimate purpose for the processing of your personal information.

Dyfed Powys Police may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

Where possible, you will be informed if we intend to use or share your information for a non-obvious purpose, either directly, via the Force’s website or other means of communication. When sharing any personal information, it will only be shared if there is a lawful basis in which to do so and after having fully considered your rights to privacy.

Processing under PART 3 – Law enforcement processing

The processing of personal information is governed by the Data Protection Act 2018 and the associated General Data Protection Regulation (GDPR). Part 3 of the Data Protection Act 2018 applies to “competent authorities” such as Police Forces who process data for law enforcement purposes.

In order to carry out our statutory responsibility we will process varying types of personal information. This includes:

  • Personal details such as your name, address, date of birth and contact details;
  • Employment details;
  • Financial details;
  • Racial or ethnic origin;
  • Political opinions;
  • Religious or other beliefs of a similar nature;
  • Physical or mental health condition;
  • Sexual life and sexual orientation;
  • Offences and alleged offences;
  • Criminal proceedings, outcomes and sentences;
  • Cautions, reprimands and warnings;
  • Fingerprints, DNA and other genetic or biometric samples;
  • Photograph, sound and visual images;
  • Criminal intelligence;
  • Information relating to safety;
  • Incident and accident details.

Dyfed Powys Police may also obtain, use and disclose personal information relating to a wide variety of individuals including, but not limited to:

  • Offenders and suspected offenders;
  • Witnesses or reporting persons;
  • Individuals passing information to Dyfed Powys Police;
  • Victims – current, past and potential.

We will use the minimum amount of personal information necessary to fulfil a particular purpose. Your personal information may be held on a computer system, in a paper record such as in a physical file or a photograph, but it can also include other types of electronically held information such as CCTV images and Body Word Video footage.

Where possible and/or appropriate you will be informed of the reason for collecting, holding and using your personal information.  Although, in view of the statutory functions of Dyfed Powys Police, this may not always be possible as doing so may prejudice the Policing functions.

Dyfed Powys Police may obtain, use and disclose personal information relating to a wide variety of individuals including, but not limited to:

  • Offenders and suspected offenders;
  • Witnesses or reporting persons;
  • Individuals passing information to Dyfed Powys Police;
  • Victims - current, past and potential.

Dyfed Powys Police will handle all personal information in accordance with the Data Protection Act 2018. We will ensure that personal information is handled fairly and lawfully with appropriate justification.

Dyfed Powys Police will only use your information for lawful purposes and in connection with our requirement to uphold the law, prevent crime, bring offenders to justice, and protect the public. We will strive to ensure that any personal information is protected appropriately. It will be adequate, relevant and not excessive. It will be kept accurate, up-to-date and destroyed securely when no longer required.

Under part 3 (law enforcement processing), your information may be used for Policing purposes – which include, but are not limited to:

  • Preventing and detecting crime;
  • Apprehending and prosecuting offenders;
  • Protecting life and property;
  • Preserving order;
  • Maintaining law and order;
  • Providing assistance to the public in accordance with Force policies and procedures;
  • Any duty or responsibility of the police arising from common or statute law.

Your personal information, held on our systems and in our files, is secure and is accessed and processed only on a “need-to-know” basis by:

  • Our staff and police officers;
  • Contractors, volunteers, and “processors” working on our behalf, in accordance with their contract.

Dyfed Powys Police takes the security of all personal information under our control very seriously. We will comply with the relevant part of the legislation relating to security, and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.

We will ensure that appropriate policies and training, as well as technical and procedural measures are in place. These will include, but is not limited to, ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers, staff and partner agencies staff is only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We carry out audits of our buildings’ security to ensure security is adequate. Our systems meet appropriate industry and government security standards.

We carry out regular audits and inspections, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to how any personal information contained within them may be used. These procedures are reviewed regularly to ensure our security of information is kept up-to-date.

Dyfed Powys Police have a statutory duty to uphold the law, prevent crime, bring offenders to justice and protect the public. To do this it is necessary for us to process your personal information under the lawful basis of “public interest” and “official authority”. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.

Law enforcement purposes are:

“the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security”.

The Administration of Justice includes the prevention and detection of crime; apprehension and prosecution of offenders; protecting life and property; preserving order; maintenance of law and order; assisting the public in accordance with Force policies and procedures; national security; defending civil proceedings and any duty or responsibility of the police arising from common or statute law.

Dyfed Powys Police keeps your personal information as long as is necessary for the particular purpose for which it is held. Personal information which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records on the Police National Computer.

Other records that contain your personal information processed for “law enforcement processing” are retained in accordance with the College of Policing guidance on the Management of Police Information (MoPI), and Dyfed Powys Police Retention Policy.

To enable Dyfed Powys Police to meet their statutory duty we may be required to share your data with other organisations that process data for a similar reason, in the UK and/or overseas, or in order to keep people safe. This may include:

  • Other law enforcement agencies (including international agencies);
  • Partner agencies working on crime reduction initiatives;
  • Partners in the Criminal Justice arena;
  • Local Government;
  • Authorities involved in offender management;
  • International agencies concerned with the safeguarding of international and domestic national security;
  • Third parties involved with investigations relating to the safeguarding of national security;
  • Other bodies or individuals where it is necessary to prevent harm to individuals.

Disclosures of personal information are made on a case-by-case basis, only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.

Dyfed Powys Police will also disclose personal information to other bodies or individuals when required to do so, this could be under an act of legislation, by rule of law, or by court order. This may include:

  • Serious Fraud Office;
  • National Fraud Initiative;

Dyfed Powys Police may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

Where possible, you will be informed if we intend to use or share your information for a non-obvious purpose, either directly, via the Force’s website or other means of communication. When sharing any personal information, it will only be shared if there is a lawful basis in which to do so and after having fully considered your rights to privacy.

Your rights

This places an obligation upon Dyfed Powys Police to tell you about the personal information we hold about you. We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation.

If you would like a copy of your personal information, this is commonly known as a subject access request. This is the right which allows you access to your personal information and supplementary information, however it is subject to certain restrictions. You can make a subject access request by visiting our 'Your right to see information about you' page.

You are entitled to have your personal information rectified if it is inaccurate or incomplete.

This right enables you to request the deletion or removal of personal information and/or the right to ‘block’/suppress or restrict the processing of your personal information where there is no compelling reason for its continued processing. The right is not absolute and only applies in certain circumstances. When processing is restricted, organisations are permitted to store the personal information, but not further process it.

This right does not apply to personal information processed under part 3 (law enforcement processing).

This right allows you, in some instances, to obtain and reuse your personal information for your own purposes across different services. You have the right to get copies of your personal information from us in a format that can be easily re-used.

This right does not apply to personal information processed under part 3 (law enforcement processing).

You have the right to object to:

  • The processing of your personal information based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • The processing of your personal information for direct marketing (including profiling);
  • The processing of your personal information for the purposes of scientific/historical research and statistics.

This right does not apply to personal information processed under part 3 (law enforcement processing).

Automated individual decision making and profiling is a decision made by automated means without any human involvement. Where you believe a decision has been made regarding your personal information through automated means, you have the right to challenge the decision and request a review through human intervention.

The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights.

If you have a concern about how we have used your personal information, you believe that we are not processing your personal information in accordance with the law or you are not satisfied with our response, you can complain to the ICO:

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Website: https://ico.org.uk/

Address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Review of this privacy notice

We regularly review our privacy notice.

If we plan to use your personal information for a new purpose we will update our privacy notice and communicate the changes before we start any new processing.