Current timestamp: 23/06/2026 12:01:35
AgeAlertAnonymousAppealsApplicationsApply Or RegisterArea OutlineArrow DownArrow LeftArrow RightArrow UpAutomatic DoorsBack ArrowBusinessCalendarCashArrow DownArrow LeftArrow RightArrow Down[Missing text '/SvgIcons/Symbols/Titles/icon-chrome' for 'English (United Kingdom)']ClockCloseContactDirectionsDocumentDownloadDrawDrugExpandExternal LinkFacebookFb CommentFb LikeFiletype DefaultFiletype DocFiletype PdfFiletype PptFiletype XlsFinance[Missing text '/SvgIcons/Symbols/Titles/icon-firefox' for 'English (United Kingdom)']First AidFlickrFraudGive FeedbackGlobeGuide DogHealthHearing ImpairedInduction LoopInfoInstagramIntercom[Missing text '/SvgIcons/Symbols/Titles/icon-internet-explorer' for 'English (United Kingdom)']LaptopLiftLinkedinLocal Activity[Missing text '/SvgIcons/Symbols/Titles/icon-location' for 'English (United Kingdom)']LoudspeakerLow CounterMailMapMap PinMembershipMenuMenu 2[Missing text '/SvgIcons/Symbols/Titles/icon-microsoft-edge' for 'English (United Kingdom)']Missing PeopleMobility ImpairmentNationalityNorth PointerOne Mile RadiusOverviewPagesPaper PlaneParkingPdfPhonePinterestPlayPushchairRefreshReportRequestRestart[Missing text '/SvgIcons/Symbols/Titles/icon-rotate-clockwise' for 'English (United Kingdom)']Rss[Missing text '/SvgIcons/Symbols/Titles/icon-safari' for 'English (United Kingdom)']SearchShareSign LanguageSnapchatStart AgainStatsStats And Prevention AdviceStopSubscribeTargetTattosTell Us AboutTickTumblrTwenty Four HoursTwitter LikeTwitter ReplyTwitter RetweetUploadVisually ImpairedWhatsappWheelchairWheelchair AssistedWheelchair ParkingWheelchair RampWheelchair WcYoutubeZoom InZoom Out

Leave this site

Skip to main content

Skip to main navigation

Welcome

This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.

Sign in

Privacy notice

This privacy notice explains how and why South Yorkshire Police (SYP) process your personal data, under UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018 (DPA 2018) Part 3. It notes the steps we take to keep your information safe and what to do if you have concerns as to how we have handled your data.

Who we are

South Yorkshire Police is the territorial police force responsible for policing the areas of South Yorkshire in Northeast England.

The Chief Constable – Lauren Poultney of South Yorkshire Police is the Controller and as such has overall responsibility for the lawful processing of all personal data processed by the force. She is assisted by the Data Protection Officer, DPO Charlotte Mead, who provides advice and guidance in relation to data protection law.

Data Protection legislation is regulated by the Information Commissioner’s Office who hold a register of all controllers. Our registration number is Z572421X.

If you have any questions about how we use your personal data, our DPO can be reached:

by emailing the Data Protection Team

by post at:
South Yorkshire Police
DPO,
Data Protection Team,
Carbrook House,
5 Carbrook Hall Road,
Sheffield S9 2EH

Processing your personal data

South Yorkshire Police will process your personal data for a variety of reasons.
The UK GDPR defines personal data as follows:

'personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.'

But we will also process personal data which is legally specified as being special. Special Category Personal Data is data about a person's:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical belief
  • trade union membership
  • genetic data
  • biometric data (where used for identification purposes)
  • sex life
  • sexual orientation
  • medical/healthcare data

If we do process Special Category Data then we will meet one of the Schedule 8 conditions under the Data Protection Act, usually this will either be ‘Necessary for judicial and statutory purposes – for reasons of substantial public interest’ or ‘Necessary for the safeguarding of children and of individuals at risk.’

We will only ever use the minimum amount of personal data necessary to fulfil our purpose.

The person whom the personal data is about is usually referred to as the data subject.

We will process your personal data either under the rules in the UK GDPR, or if we are processing your personal data for law enforcement purposes, then we will follow Part 3 of the Data Protection Act 2018.

Processing is defined as any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).

In simple terms any information that we have about you, whatever we are doing with it, even if we are just holding it, for example on a data base, means we are processing your personal data.

Why do we process personal data?

SYP collects, stores, uses, discloses and retains personal data for two overarching purposes: Law Enforcement Purposes, under Part 3, and to carry out other processing activities under UK General Data Protection Regulation (UK GDPR).

1. a) Law Enforcement Purpose (Policing Purpose) which includes:

  • the prevention, investigation, detection or prosecution of criminal offences
  • apprehending and prosecuting offenders
  • protecting life and property
  • preserving order
  • maintaining law and order
  • assisting the public
  • safeguarding national security
  • defending civil proceedings
  • fulfilling any other police duties or responsibilities arising under common or statute law; and
  • liaise directly with victims where appropriate (Via National My Police Portal – NMPP).

Further information on processing data for law enforcement can be found in the next section.

2. Other processing activities under UK GDPR which includes:

  • management of public relations, journalism, advertising and media
  • archiving/management of records
  • research including surveys
  • administration of current and former employees, contractors, and volunteers
  • property and asset management
  • financial management
  • complaints handling
  • provision of educational programmes and support

Further information on processing activities under UK GDPR can be found in the next section.

Law enforcement - processing under Part 3 Data Protection Act 2018

The majority of the personal data of members of the public that SYP process will be carried out under Part 3 of the Data Protection Act 2018. This sets out what we should follow when we are processing personal data for law enforcement purposes.

The processing is carried out under the official authority of the Chief Constable to prevent, investigate, detect or prosecute criminal offences or to execute criminal penalties, including the safeguarding against and the prevention of threats to public security.

This processing must have a basis in law and the processing must be necessary for a law enforcement purpose OR we must have the consent of the data subject.

Our processing under the Law Enforcement purpose in Part 3 will always have a basis in law, for example, the Police and Criminal Evidence Act 1984, and will almost always be carried out because it is 'necessary for law enforcement purposes'.

Any other processing we carry out will be compatible with the above.

Personal data held on our systems and in our files is secure and is only accessed on a 'need to know' basis by our staff, police officers, or any data processors working on our behalf.

We will ensure that our processing follows the Data Protection Part 3 Principles which are as follows:

  1. Processing of personal data for any of the law enforcement purposes must be lawful and fair.
  2. The law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and personal data collected must not be processed in a manner that is incompatible with the purpose for which it was originally collected.
  3. Personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
  4. Personal data processed for any of the law enforcement purposes must be accurate and, where necessary, kept up to date, and every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay.
  5. Personal data processed for any of the law enforcement purposes must be kept for no longer than is necessary for the purpose for which it is processed. Appropriate time limits must be established for the periodic review of the need for the continued storage of personal data for any of the law enforcement purposes.
  6. Personal data processed for any of the law enforcement purposes must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, 'appropriate security' includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage).

Most of the data subjects whose personal data we process will fall into one of the following categories:

  • offenders and suspected offenders
  • witnesses or reporting persons
  • individuals passing information to South Yorkshire Police
  • victims, both current, past and potential, or
  • other individuals necessarily identified during law enforcement investigations and prosecutions, execution of criminal penalties or during the safeguarding against and the prevention of threats to public security

We will process lots of different types of personal data, for example:

  • names
  • addresses
  • contact details
  • employment details
  • financial data
  • CCTV footage
  • body-worn camera footage
  • photographs
  • data about incidents
  • dash cam footage
  • handheld camera footage
  • drone footage and other footage provided by the public and from other communications and correspondence sent to us

Some of the personal data that we process will come from the data subject themselves, but we also receive personal data from many other agencies, organisations and individuals.

Other agencies, organisations and types of people whom we regularly receive personal data from are:

  • HM Revenue and Customs
  • international law enforcement agencies and bodies
  • licensing authorities
  • legal representatives
  • prosecuting authorities
  • solicitors
  • insurance companies
  • courts
  • prisons and young offender institutions
  • security companies
  • partner agencies involved in crime and disorder strategies
  • private sector organisations working with the police in anti-crime strategies
  • voluntary sector organisations
  • approved organisations and people working with the police
  • Independent Office for Police Conduct
  • His Majesty’s Inspectorate of Constabulary
  • governmental agencies and departments
  • emergency services such as the Fire and Rescue Services, National Health Service or Ambulance

We will also receive personal data from persons arrested; victims; witnesses; relatives, guardians or other persons associated with the individual.

There may be times where we obtain personal information from sources such as other police services and our own police systems such as our local information system.

We will strive to ensure that processing of personal data is of the highest quality in terms of accuracy, relevance, and adequacy.

We will retain personal data whilst we have a lawful purpose to do so, and follow the Management of Police Information, MOPI, rules. You can read more about rules on the management of police information on the College of Policing website.

Personal data which is placed on the Police National Computer is retained, reviewed and deleted in accordance with the Retention Guidelines for Nominal Records.

We will also follow our Information Management Policy which is in line with the NPCC National Retention Schedule.

To enable us to meet our statutory duties we may be required to disclose personal data with other organisations that process data for a similar reason, in the UK and/or overseas, or in order to keep people safe.

These organisations include:

  • other law enforcement agencies (including international agencies)
  • partner agencies working on crime reduction or safeguarding initiatives
  • partners in the Criminal Justice arena
  • local government
  • authorities involved in offender management
  • international agencies concerned with the safeguarding of international and domestic national security
  • third parties involved with investigations relating to the safeguarding of national security
  • other bodies or individuals where it is necessary to prevent harm to individuals
  • insurance bodies for fraud investigation

We will also disclose personal data to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order. This may include and is not limited to:

  • Home Office
  • other competent authorities including those in foreign jurisdictions
  • Serious Fraud Office
  • National Fraud Initiative
  • courts
  • Crown Prosecution Service

Processing under UK GDPR for all other purposes

SYP process personal data for a variety of reasons which are not related to law enforcement and we do this under the UK GDPR, the rules of which are very slightly different. Some of this data is regarding employees, advisers, consultant or suppliers, but that is not covered in this privacy notice.

We will ensure that our processing follows the Data Protection Principles which are as follows:

  • processed in a manner which is lawful, fair and transparent
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible
  • adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed
  • accurate and where necessary kept up to date
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes which the personal data are processed
  • processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures

We will review personal data to ensure it is still required and is lawful for us to continue to retain it. If we no longer have a lawful purpose to retain it and when no longer required for any purpose detailed in this notice, we will securely destroy it.

Some examples of the personal data of members of the public that we process under the UK GDPR:

  • the personal data from members of the public who have made a complaint to us
  • the personal data collected in Customer Satisfaction Surveys to evaluate our performance and effectiveness
  • personal data with regards to licensing and registration

There are several legal bases that we can process this personal data under, but the majority of personal data we process under UK GDPR is done under Article 6, 1 (e) Public task: the processing is necessary for South Yorkshire Police to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

The other bases are: consent, necessary for a contract, necessary for a legal obligation, necessary for the vital interests of the individual, or necessary in the legitimate interests of the controller or another third party, unless that interest is overridden by the rights and freedoms of the data subject.

We may also process Special Category data under UK GDPR. If we do process special category data then we will meet one of the Article 9 conditions in UK GDPR, this will usually be 9(2) (g) Schedule 1, Part 2, Substantial public interest/rule of law. We will then also ensure that we meet one of the conditions set out in Part 2 of Schedule 1 of the DPA 2018.

We may also obtain and/or disclose personal data from and to other organisations, the reasons and organisations are similar to those listed in the Part 3 Section above.

Criminal Offence data – Article 10 UK GDPR

Obviously as a police force we process personal data relating to a person’s criminal convictions, offences or related security measures including alleged offences, proceedings for an offence committed or alleged to have been committed, and the disposal of such proceedings, including sentencing.

If we are processing personal data under UK GDPR (not for law enforcement purposes) Article 10 states that we must process this personal data under an official authority, as a police force we will almost always have official authority to process this data.

However, if this processing is not under this official authority we will ensure that we meet a specific condition in Schedule 1 of the Data Protection Act 2018 and comply with the additional safeguards set out in that Act.

An example of processing criminal data under UK GDPR would be when we are working with another agency to provide support for offenders.

We will only ever use the minimum amount of personal data necessary to fulfil our purpose.

All personal data processing

We take the security of the personal data under our control very seriously.

We will comply with the relevant parts of the legislation relating to security and seek to comply with the College of Policing Information Assurance authorised practice, and relevant parts of the ISO27001 Information Security Standard.

We will ensure that appropriate policy, training, technical and procedural measures are in place. These will include ensuring our buildings are secure and protected by adequate physical means. The areas restricted to our police officers and staff, are only accessible by those holding the appropriate identification, and have legitimate reasons for entry. We will carry out audits of our buildings security to ensure they are secure.

We will ensure that our systems meet appropriate industry and government security standards.

We will carry out regular audits and inspections to protect our manual and electronic information systems from data loss and misuse and only permit access to them when there is a legitimate reason to do so. Our standard operating procedures and policies contain strict guidelines as to what use may be made of any personal data contained within them. These procedures are reviewed regularly to ensure our security is kept up-to-date.

The majority of the personal data we process will be processed within the UK or the European Economic Area, EEA. In circumstances where personal data is processed outside of the UK or EEA we will ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.

Your rights

Data subjects have certain legal rights with regards to their personal data which we process, one of these is commonly known as the right of access. A link to request the exercise of any rights within this section is included below at the end of the ‘Your Rights’ section.

A data subject can make a request called a Subject Access Request, where they can ask for a copy of the data that we hold about them, where we may have obtained that data from and who we have shared it with.

There are a variety of exemptions to disclosure, for example we can withhold data if it’s necessary and proportionate to do so to avoid obstruction to an official or legal inquiry, investigation or procedure. So, if you make a request you may not necessarily be able to have access to everything that we hold.

You can read more about your subject access rights on the Information Commissioner's Office website.

If you would like to make a subject access request to South Yorkshire Police you can do so online or by writing to the Information Rights Team at the address given at the beginning of this notice.

You should try to give as much detail as you can about the information that you are requesting, for example dates or reference numbers if you have them, and you should also include some identification because we need to ensure that we are providing personal data to the right person. You can attach these to your email request or letter. If you don’t have access to email and as such are writing to us please don’t send original identification documents, copies are usually acceptable.

Data subjects also have the right to request a rectification to their record, for example, if you felt that we held some inaccurate or incomplete data about you.

There is also the right to request an erasure of data or to request that we restrict the processing of their data.

Again, with the above rights there are certain exemptions, for example we can withhold data if it’s necessary and proportionate to do so to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences. So, if you make a request like this, you will not necessarily get exactly what you requested, but your request will be considered by a senior officer as to whether it should be carried out or not.

If you want to ask anything about the data we hold on you, or you want to ask us to rectify some incorrect data, or delete some data, you can apply for this on our website.

Collection and Use of Protected Characteristics

Why we collect this information

As a public organisation, we have a legal obligation under the Public Sector Equality Duty (Equality Act 2010) to:

  • eliminate discrimination
  • advance equality of opportunity
  • foster good relations between different groups

To meet these duties and improve our services, we may collect information about protected characteristics, such as the following:

  • age
  • disability
  • gender reassignment
  • marriage and civil partnership
  • pregnancy and maternity
  • race
  • religion or belief
  • sex
  • sexual orientation

How we use and protect your data

We store all information in a secure system with strict access controls.

Before using data for analysis, we anonymise it so individuals cannot be identified. This anonymised data helps us monitor equality, identify trends, and inform our policies and decision-making.

Your data will never be used to make decisions about you personally.

Lawful basis for processing

We rely on:

  • Article 6(1)(e) UK GDPR – processing necessary for a task carried out in the public interest
  • Article 9(2)(g) UK GDPR – processing necessary for reasons of substantial public interest
  • Schedule 1, Part 2 of the Data Protection Act 2018 – equality of opportunity or treatment

Automated decision making, including profiling

Automated decision making means making a decision about you solely by automated means without any human involvement.

Profiling means automated processing of your personal data to evaluate certain things about you.

SYP will only use automated decisions including profiling where:

  • for contractual reasons and where we have carried out a data protection impact assessment, or
  • you have explicitly consented, or
  • we are authorised by law and this is the most appropriate way to achieve our aims

Use of Microsoft 365 (M365) and Ethical Processing

As part of South Yorkshire Police's commitment to ethical and lawful data handling, we use M365 to support operational and administrative functions. This includes email, document management, M365 tools and applications, including secure data storage.

How We Use Your Data

Data processed through M365 is used strictly for policing purposes, including crime prevention, investigation, safeguarding, and public protection. Access to data is restricted to authorised personnel and governed by robust security and audit controls.

Our Ethical Commitments

In line with the College of Policing’s Data Ethics Authorised Professional Practice (APP), we ensure that:

  • Lawfulness: All data processing complies with the Data Protection Act 2018, Human Rights Act 1998, and other relevant legislation.
  • Fairness: We actively work to prevent bias and discrimination in how data is used and interpreted.
  • Accountability: Decisions involving personal data are documented and subject to oversight. We use Data Protection Impact Assessments (DPIAs) where appropriate.
  • Transparency: We are open about how and why data is processed, and we provide clear information to individuals about their rights.
  • Proportionality: Only data that is necessary for a specific policing purpose is collected and used.
  • Proportionate: Only collect and process the amount of data necessary to achieve the purpose.

Use of GOV.UK One-Login

South Yorkshire Police utilise policing’s National MyPolice Portal to create and maintain 2-way digital communication channels between South Yorkshire Police and the members of the public in support of criminal case updates and engagement with investigation teams. National MyPolice Portal uses GOV.UK One-Login to enable authentication of an identity to allow individuals to access the service and does not utilise personal information for any other purpose.

How we use cookies

Cookies are used on this website to improve user experience and for essential functionality; they are not used for identification purposes.

Learn more about how we manage cookies.

How you can complain

The Information Commissioner is the independent Authority responsible within the UK for ensuring we comply with data protection legislation. If you have a concern about how we have used your personal information or you believe you have been adversely affected by our handling of your data, please make contact with us so as we can try to rectify.

Alternatively, you may wish to contact the Information Commissioner’s Office using the information below:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113 (Their normal opening hours are Monday to Friday between 9am and 5pm)

Email: [email protected]

Information Commissioner's Office website.

Date of last update and changes

We last updated this privacy notice in January 2026. We keep this privacy policy under regular review and update it if any of the information in it changes.

Further questions

If you have any questions about this privacy notice, please contact our Data Protection Team using the details at the top of this page.