Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
This privacy notice explains how and why South Yorkshire Police (SYP) process your personal data, under UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018, DPA 2018, Part 3. It notes the steps we take to keep your information safe and what to do if you have concerns as to how we have handled your data.
South Yorkshire Police is the territorial police force responsible for policing the areas of South Yorkshire in North East England.
The Chief Constable – Lauren Poultney of South Yorkshire Police is the Controller and as such has overall responsibility for the lawful processing of all personal data processed by the force. She is assisted by the Data Protection Officer, DPO Charlotte Mead who provides advice and guidance in relation to data protection law.
Data Protection legislation is regulated by the Information Commissioner’s Office who hold a register of all controllers. Our registration number is Z572421X.
If you have any questions about how we use your personal data, our DPO can be reached:
by emailing the Data Protection Team
by post at:
South Yorkshire Police
DPO,
Data Protection Team,
Carbrook House,
5 Carbrook Hall Road,
Sheffield 59 2EH
South Yorkshire Police will process your personal data for a variety of reasons.
The UK GDPR defines personal data as follows:
'personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'
The person whom the personal data is about is usually referred to as the data subject.
We will process your personal data either under the rules in the UK GDPR, or if we are processing your personal data for law enforcement purposes, then we will follow Part 3 of the Data Protection Act 2018.
Processing is defined as any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).
In simple terms any information that we have about you, whatever we are doing with it, even if we are just holding it, for example on a data base, means we are processing your personal data.
The majority of the personal data of members of the public that SYP process will be carried out under Part 3 of the Data Protection Act 2018. This sets out what we should follow when we are processing personal data for law enforcement purposes.
The processing is carried out under the official authority of the Chief Constable to prevent, investigate, detect or prosecute criminal offences or to execute criminal penalties, including the safeguarding against and the prevention of threats to public security.
This processing must have a basis in law and the processing must be necessary for a law enforcement purpose OR we must have the consent of the data subject.
Our processing under the Law Enforcement purpose in Part 3 will always have a basis in law, for example, the Police and Criminal Evidence Act 1984, and will almost always be carried out because it is 'necessary for law enforcement purposes'.
Any other processing we carry out will be compatible with the above.
Personal data held on our systems and in our files is secure and is only accessed on a 'need to know' basis by our staff, police officers, or any data processors working on our behalf.
We will ensure that our processing follows the Data Protection Part 3 Principles which are as follows:
Most of the data subjects whose personal data we process will fall into one of the following categories:
We will process lots of different types of personal data, for example:
But we will also process personal data which is considered to be special. Special Category Personal Data is data about a person's:
If we do process special category data then we will meet one of the Schedule 8 conditions under the Data Protection Act, usually this will either be ‘Necessary for judicial and statutory purposes – for reasons of substantial public interest’ or ‘Necessary for the safeguarding of children and of individuals at risk.’
We will only ever use the minimum amount of personal data necessary to fulfil our purpose.
Some of the personal data that we process will come from the data subject themselves, but we also receive personal data from many other agencies, organisations and individuals.
Other agencies, organisations and types of people whom we regularly receive personal data from are:
We will also receive personal data from persons arrested; victims; witnesses; relatives, guardians or other persons associated with the individual.
There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.
We will strive to ensure that processing of personal data personal is of the highest quality in terms of accuracy, relevance, and adequacy.
We will retain personal data whilst we have a lawful purpose to do so, and follow the Management of Police Information, MOPI, rules. You can read more about rules on the management of police information on the College of Policing website.
Personal data which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records.
We will also follow our Information Management Policy which is in line with the NPCC National Retention Schedule.
To enable us to meet our statutory duties we may be required to disclose personal data with other organisations that process data for a similar reason, in the UK and/or overseas, or in order to keep people safe.
These organisations include:
We will also disclose personal data to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order. This may include and is not limited to:
SYP process personal data for a variety of reasons which are not related to law enforcement and we do this under the UK GDPR, the rules of which are very slightly different. Some of this data is regarding employees, advisers, consultant or suppliers, but that is not covered in this privacy notice.
We will ensure that our processing follows the Data Protection Principles which are as follows:
We will review personal data to ensure it is still required and is lawful for us to continue to retain it. If we no longer have a lawful purpose to retain it and when no longer required for any purpose detailed in this notice, we will securely destroy it.
Some examples of the personal data of members of the public that we process under the UK GDPR:
There are several legal bases that we can process this personal data under, but the majority of personal data we process under UK GDPR is done under Article 6, 1 (e) Public task: the processing is necessary for South Yorkshire Police to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
The other bases are: consent, necessary for a contract, necessary for a legal obligation, necessary for the vital interests of the individual, or necessary in the legitimate interests of the controller or another third party, unless that interest is overridden by the rights and freedoms of the data subject.
We may also process Special Category data under UK GDPR. If we do process special category data then we will meet one of the Article 9 conditions in UK GDPR, this will usually be 9(2) (g) Schedule 1, Part 2, Substantial public interest/rule of law. We will then also ensure that we meet one of the conditions set out in Part 2 of Schedule 1 of the DPA 2018.
Obviously as a police force we process personal data relating to a person’s criminal convictions, offences or related security measures including alleged offences, proceedings for an offence committed or alleged to have been committed, and the disposal of such proceedings, including sentencing.
Article 10 states that we must process this personal data under an official authority, as a police force we will almost always have official authority to process this data.
However, if this processing is not under this official authority we will ensure that we meet a specific condition in Schedule 1 of the Data Protection Act 2018 and comply with the additional safeguards set out in that Act.
The type of personal data we process will vary but will include data like:
We will only ever use the minimum amount of personal data necessary to fulfil our purpose.
We may obtain personal information from a wide variety of sources, including:
SYP may disclose personal information to a wide variety of recipients including:
We take the security of the personal data under our control very seriously.
We will comply with the relevant parts of the legislation relating to security and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.
We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers and staff, are only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We will carry out audits of our buildings security to ensure they are secure.
We will ensure that our systems meet appropriate industry and government security standards.
We will carry out regular audits and inspections to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal data contained within them. These procedures are reviewed regularly to ensure our security is kept up-to-date.
The majority of the personal data we process will be processed within the UK or the European Economic Area, EEA. In circumstances where personal data is processed outside of the UK or EEA we will ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.
Data subjects have certain legal rights with regards to their personal data which we process, one of these is commonly known as the right of access.
A data subject can make a request called a Subject Access Request, where they can ask for a copy of the data that we hold about them, where we may have obtained that data from and who we have shared it with.
There are a variety of exemptions to disclosure, for example we can withhold data if it’s necessary and proportionate to do so to avoid obstruction to an official or legal inquiry, investigation or procedure. So, if you make a request you may not necessarily be able to have access to everything that we hold.
You can read more about your subject access rights on the Information Commissioner's Office website.
If you would like to make a subject access request to SYP you can do so by emailing us or by writing to the Information Rights Team at the address given at the beginning of this notice.
You should try to give as much detail as you can about the information that you are requesting, for example dates or reference numbers if you have them, and you should also include some identification because we need to ensure that we are providing personal data to the right person. You can attach these to your email request or letter. If you don’t have access to email and as such are writing to us please don’t send original identification documents, copies are usually acceptable.
Data subjects also have the right to request a rectification to their record, for example, if you felt that we held some inaccurate or incomplete data about you.
There is also the right to request an erasure of data or to request that we restrict the processing of their data.
Again, with the above rights there are certain exemptions, for example we can withhold data if it’s necessary and proportionate to do so to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences. So, if you make a request like this, you would not necessarily get exactly what you requested, but your request will be considered by a senior officer as to whether it should be carried out or not.
Automated decision making means making a decision about you solely by automated means without any human involvement.
Profiling means automated processing of your personal data to evaluate certain things about you.
SYP will only use automated decisions including profiling where:
Cookies are used on this website to improve user experience and for essential functionality; they are not used for identification purposes.
Learn more about how we manage cookies.
The Information Commissioner is the independent Authority responsible within the UK for ensuring we comply with data protection legislation. If you have a concern about how we have used your personal information or you believe you have been adversely affected by our handling of your data, please make contact with us so as we can try to rectify.
Alternatively, you may wish to contact the Information Commissioner’s Office using the information below:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm)
Email: [email protected]
Information Commissioner's Office website
We last updated this privacy notice in November 2023. We keep this privacy policy under regular review and update it if any of the information in it changes.
If you have any questions about this privacy notice, please contact our Data Protection Team using the details at the top of this page.