This Information Charter sets out the standards you can expect from Norfolk Constabulary when we obtain, hold, retain, process and disclose information, including but not limited to personal data about you or your enquiries with the Constabulary. The Constabulary holds both personal and non-personal information in a variety of databases and information stores which are critical to its statutory functions, together with systems relating to Constabulary support functions.
This Charter also describes your statutory rights in regard to information under the provisions of the Data Protection Act 1998, Freedom of Information Act 2000 and Environmental Information Regulations 2004.
The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 1998 (‘the Act’). The Chief Constable of Norfolk Constabulary is registered with the Information Commissioner as a ‘Data Controller’ for the purposes of the Act. As such he is obliged to ensure that Norfolk Constabulary handles all personal data in accordance with the Act.
Norfolk Constabulary takes that responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence in the force.
- Information is handled in accordance with the Data Protection Act 1998, which sets out 8 Data Protection Principles of good information handling practice governing the fair and lawful processing, maintenance and security of the data.
- We will take care to ensure information is:
- Only collected and used by the Constabulary to carry out its legal and legitimate functions as defined by legislation, common law and best practice. This will be in accordance with the Policing and Supported Policing Purposes reflected in the Official Notification to the Information Commissioner which includes:
- Preventing / Detecting Crime
- Apprehending/ Prosecuting Offenders
- Protecting Life and Property
- Preserving Order
- Maintaining Law and Order
- Providing Assistance to the Public in accordance with force policies and procedures; and
- Any duty or responsibility of the police arising from common or statute law
- Staff/ Pensioner Administration, Occupational Health and Welfare
- Public Relations/ Media
- Finance/ Payroll/ Benefits/ Accounts/ Audits/ Internal Review
- Training/ Health & Safety Management
- Property/ Insurance/ Vehicle/ Systems and Transport Management
- Vetting/ Visitor Management
- Legal Services/ Information Provision
- Management of information technology systems
- Licensing/ Registration
- Research (including surveys and analytics)/ Performance Management
- Sports/ Recreation
- Planning/ Testing/ Security
- Strategy and Policy development
- Social Media Correspondence and analysis
- Accurate, kept up-to-date and destroyed when no longer required
- Adequate, relevant and not excessive – we will only ask for what we need
- Adequately protected through a variety of physical, technological and procedural measures to maintain and safeguard the confidentiality, integrity and availability of the information by preventing unauthorised access and unauthorised/ accidental disclosure, loss or corruption.
- Norfolk Constabulary will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record i.e. a file, as images, but it can also include other types of electronically held information i.e. CCTV images.
- Where possible and/ or appropriate you will be informed of the reason for collecting, holding and using your personal information. Although, in view of the statutory functions of the Constabulary, this may not always be possible as doing so may prejudice the Policing functions (as detailed above).
- Where possible, you will be informed if we intend to use or share your information for a non-obvious purpose, either directly, via the Constabulary website or other means of communication.
- We will work with partner agencies and may share your information with them. All attempts to anonymise the personal information will be considered in the first instance and only personal information will be shared if there is a legal basis in which to do so and after having fully considered your rights to privacy.
- We will actively manage our Information Assets in conjunction with Information Asset Owners who will manage and monitor the information through its lifecycle.
- Norfolk Constabulary keeps personal data for as long as is necessary for the purpose for which it was collected and recorded. Records containing personal data relating to matters of intelligence, public protection, violent and sexual offenders, missing persons, case and custody, crime and incident, firearms, child abuse investigations and domestic abuse will be retained in accordance with the College of Policing Authorised Professional Practice (APP) on the Management of Police Information. Other records are held in accordance with our Review, Retention and Disposal Schedule.
- We may use your personal information to analyse our performance and effectiveness. In some cases it may be necessary to contact you and ask you to assist us in the analysis in order to gather information about the services we provide.
- Information Management policies and procedures are implemented and continually reviewed to ensure continual improvements in the way in which information is handled by reflecting any changes in legislation and developments in case law as necessary.
- All staff and contractors are suitably vetted and trained in the appropriate policies and procedures for ensuring the correct handling of personal information. Staff receives training at the start of employment and refresher training as deemed necessary.
- We will proactively monitor the legitimate use and quality of information through audits and transaction monitoring. Any breaches are taken seriously and disciplinary/ criminal investigations are undertaken as necessary. The Constabulary will not tolerate any misuse of information.
- Norfolk Constabulary takes the security of all personal data under our control very seriously. We will comply with the relevant parts of the Data Protection Act 1998 relating to security and seek to comply with the National Police Chief’s Council (NPCC) Community Security Policy. We use a variety of physical, technical and procedural measures to protect personal information from unauthorised or accidental disclosure, loss or corruption.
- Norfolk Constabulary may monitor or record and retain telephone calls, texts, emails and other electronic communications to and from the force in order to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist the purposes the purposes described above. The Constabulary does not place a pre-recorded ‘Fair Processing Notice’ on telephone lines that may receive emergency call (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.
- We will ensure statutory rights to information under the provisions of the Data Protection Act 1998; Freedom of Information Act 2000 and Environmental Information Regulations 2004 are addressed (Our Data). Should you find any of the information we hold about you is incorrect or misleading, we will ensure it is thoroughly assessed and corrected where appropriate.
- Individuals have a number of rights enshrined in the Data Protection Act:
- Subject Access: gives individuals a right of access to a copy of the information comprised in their personal data. This right, commonly referred to as Subject Access is created by Section 7 of the Act and is used by individuals who want to see a copy of the information an organisation holds about them (subject to exemptions).
Details of the application process can be found via the following: Accessing your Personal Data or alternatively you can contact the Data Protection team using the details provided at the end of this Charter.
- Right to prevent processing likely to cause damage or distress: Section 10 of the Act gives individuals the right, in limited circumstances to write to Norfolk Constabulary and require that we do not process their personal data in a manner that is causing or likely to cause unwarranted substantial damage or substantial distress to themselves or another.
The individual must describe the personal data involved; describe the handling to which the individual objects; describe the damage or distress caused and state why the handling was unwarranted in the circumstances.
All requests of this nature should be sent in writing to the Data Protection team using the details provided at the end of this Charter. Please note, the Act contains certain provisions which mean that Norfolk Constabulary are able to continue to process personal data despite the objection raised.
- Right to prevent processing for the purposes of Direct Marketing: Section 11 of the Act gives individuals the right to request in writing that Norfolk Constabulary stops (or does not start) within a reasonable time period, using their personal data for direct marketing purposes. All requests of this nature should be sent in writing to the Data Protection team using the details provided at the end of this Charter.
- Rights relating to automated decision-taking: Norfolk Constabulary is unlikely to carry out any automated decision-taking that does not involve some human element however, Section 12 of the Act gives individuals the right, subject to exemptions, to require in writing that the Constabulary ensures that no decision is taken which significantly affects that individual, is based solely using automated means. All requests of this nature should be sent in writing to the Data Protection team using the details provided at the end of this Charter.
- Right to take action to gain compensation for failure by Norfolk Constabulary to comply with certain requirements: Section 13 of the Act affords an individual the right to seek compensation from Norfolk Constabulary if they believe they have suffered damage and/or distress as a result of any contravention of the requirements of the Act by the Constabulary. An individual may be entitled to compensation if the Constabulary are unable to prove that it had taken such care as was reasonable in all the circumstances to comply with the relevant requirement(s). Any claim arising from this provision should be sent to the Norfolk Legal Services, Norfolk Constabulary, Falconers Chase, Wymondham, Norfolk NR18 0WW.
- Right to take action to rectify, block, erase or destroy inaccurate personal data: Section 14 of the Act gives an individual the right to apply to court for the rectification, blocking, erasure or destruction of their inaccurate personal data processed by Norfolk Constabulary.
- Right to request the Information Commissioner to assess a Data Controller’s processing: Section 42 of the Act allows an individual to request the Information Commissioner to make an assessment as to compliance with the provisions of the Act, if they believe they have been adversely affected by the processing of personal data by Norfolk Constabulary. Such requests should be made direct to the Information Commissioner whose contact details can be found below:
Generally, if individuals have any concerns regarding the way their personal data is handled by Norfolk Constabulary or the quality (accuracy, relevance, non-excessiveness etc.) of their personal data, they are encouraged to raise them with the Constabulary’s Information Compliance Manager (see contact details below).
The Information Commissioner is the independent regulator responsible for enforcing the Act and provides advice and guidance about the Act’s requirements. The Information Commissioner’s Office (ICO) can be contacted via the following:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) / 01625 545 745 (national rate)
Any individuals with concerns regarding the way in which Norfolk Constabulary handles their personal information, may contact the Information Compliance Manager via the following:
Information Compliance Manager
Information Management Department
Norfolk and Suffolk Constabularies
Email: [email protected]
 This document is designed to help satisfy the ‘Fair Processing Requirements as required by Schedule 1 Part II Paragraphs 1-4 of the Data Protection Act 1998. Additional Fair Processing Notices may be included on other such items including but not limited to forms, force policies, email footers and CCTV signage.
 ‘Personal Data’ is defined under Part I of the Data Protection Act 1998. In practical terms it means information handled by Norfolk Constabulary that relates to identifiable living individuals. It can include intentions and expressions of opinion about an individual. The information can be held electronically or as part of a paper record and can include CCTV images and photographs. Part I of the Act uses the term ‘processing’ to effectively cover any usage of personal data.
 Norfolk Constabulary is required to conduct Customer Satisfaction Surveys to evaluate our performance and effectiveness. We may contact individuals, such as victims of crime of those reporting incidents, and ask them to give us their opinion of the service we are providing to the public. We use the information given to improve our service wherever we can. Norfolk Constabulary like many police forces uses a private company to undertake such surveys on our behalf with strict controls to protect the personal data of those involved.