Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018 (the Act). Under the Act the Chief Constable of Norfolk Constabulary is registered as a data controller. In the rest of this privacy notice the Chief Constable is referred to as we or us.
This privacy notice explains:
We will treat information you provide to us in using this website in confidence and we will not disclose it to third parties unless we are required to do so by law, or as explained in this privacy notice.
We gather information about site usage to help the development and improvement of services to the public, and to protect the integrity of our systems from malicious users. We also gather information through the various functions available on the site that allow you to provide us with information (such as online forms and the live-chat function) for the purposes described later in this privacy notice. At the moment this information consists of:
Personal data is any information we handle that relates to an identified or identifiable natural person. An 'identifiable natural person' is anyone who can be identified, directly or indirectly from information, including by reference to a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our Data Protection Team manages our data protection compliance. Contact details for them can be found below:
Data Protection Team
Information Management
Norfolk Constabulary
Operations and Communications Centre
Jubilee House
Falconers Chase
Wymondham
Norfolk
NR18 0WW
Email: [email protected]
We have a legal duty to uphold the law, prevent crime, bring offenders to justice, and protect the public. To do this we process your personal information for carrying out a range of activities commonly known as the ‘policing purpose’. These include:
We also process personal data for purposes in support of the policing purpose. These include: recruitment; administration of current and former employees, contractors, and volunteers; property and asset management; financial management; media relations management, complaints handling; research, including surveys; and provision of educational programmes and support.
We process information relating to a range of individuals, including:
We may process personal data relating to or consisting of the following categories:
The types of personal data we process will vary depending on the purpose. We aim to process the minimum amount of personal data necessary for the relevant purpose. You should not assume that we hold personal data in all of the categories identified for every person whose personal data we process.
The categories identified may not be complete as occasionally we may gather personal data in other categories for the purposes described.
We collect personal data from a variety of sources, including:
Where we process personal data for the policing purpose our legal basis for processing is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Our functions and the official authority vested in us are set out, in the main, in the Police and Criminal Evidence Act 1984, the Police Act 1996, and the Police Reform Act 2002.
Where we process personal data relating to criminal convictions and offences, that processing is necessary for reasons of substantial public interest and involves the exercise of a function conferred on us by an enactment or rule of law. We have an appropriate policy document (as required under the Act) for that processing.
Where we process personal data for purposes other than the policing purpose our legal basis for processing will vary depending on the circumstances. Ordinarily, the relevant legal basis is that the processing is:
and on occasion
We take the security of all personal data under our control seriously. We comply with our legal obligations regarding security, relevant parts of the ISO27001 Information Security Standard, and where appropriate the College of Policing Authorised Professional Practice guidance on Information Assurance.
We ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse. We only permit access when there is a legitimate reason and under strict guidelines on what use may be made of any personal data contained within them. We continuously manage and enhance our compliance with relevant standards and guidance to achieve adequate and up-to-date personal data security.
We may disclose personal data to a wide variety of recipients in any part of the world (including outside of the United Kingdom and the European Economic Area), including to those from whom we originally obtain personal data. Recipients may include:
We decide on disclosure case-by-case, disclosing only the personal information that is necessary and proportionate to a specific purpose and with appropriate controls and safeguards in place.
Because of the way the website is set up, all completed online forms are automatically sent securely to the central police IT team responsible for delivery of the National Police Chiefs' Council Digital Policing Portfolio, as well as us.
If we make disclosures outside of the United Kingdom and the European Economic Area to locations which do not have as extensive data protection laws we ensure that there are appropriate safeguards in place to certify that the personal data disclosed is adequately protected.
We keep your personal data for as long as necessary for the particular purpose or purposes for which we hold it.
If we place any of your personal data on the Police National Computer it will be retained, reviewed and deleted in accordance with agreed national retention periods, which are subject to periodic change. Find out more at the Criminal Records Office.
We will retain records containing personal data relating to criminal investigations, intelligence, public protection, and custody in accordance with the College of Policing guidance on the Management of Police Information.
Under the Act you have a number of rights that you can exercise in relation to personal data we process about you. You do not have to pay to exercise your rights (other than a reasonable fee if a request for access is clearly unfounded or excessive but we agree to fulfil it anyway).
We sometimes need to request specific information from you to help us confirm your identity and ensure your authority to exercise the rights.
Right of Access: You can request access to the personal data we hold about you free of charge. Normally we will provide it within one month of receipt of your request unless an exemption applies. You can request access to the personal data we hold about you using the contact details in this privacy notice.
Right to be Informed: You are entitled to be told how we obtain your personal information and how we use, retain, and store it, and who we share it with. This privacy notice gives you that information, as well as telling you what your rights are under the relevant laws.
Right to Rectification: If we hold personal data about you that is inaccurate or incomplete you have the right to ask us to correct it. You can ask us to correct your personal data using the contact details in this privacy notice. We will reply to you within one month unless the request is complex.
Right to Request Erasure: Under certain circumstances you have the right to ask us to delete your personal data to prevent its continued processing where there is no justification for us to retain it. The circumstances most likely to apply are:
The right of erasure does not apply if we are processing your personal data:
If you want to ask us to delete your personal data you can do so using the contact details in this privacy notice. We will respond to you within one month unless the request is complex.
Right to Restrict Processing: Under certain circumstances you have the right to ask us to restrict the processing of your personal data. This may be in cases where:
You can ask us to restrict processing of your personal data using the contact details in this privacy notice.
Right to Data Portability: You have the right to obtain and reuse your personal information for your own purposes, transferring it from one environment to another. This right only applies to personal data provided by an individual, where the processing is based on their consent or for the performance of a contract and when that processing is carried out by automated means. If you wish to discuss this right, you can do so using the contact details in this privacy notice.
Right to Object: You have the right to object to:
Rights related to automated decision making and profiling: You have the right not to be subject to a decision when it is based on solely automated processing (including profiling) and which produces a legal effect or similar significant effect on you. This right does not apply if the decision is authorised by law, is necessary for entering into or performance of a contract, or is based on your consent. We are unlikely to carry out automated decision making because our processes involve some type of human interaction and decision-making. Profiling is any form of automated processing of personal data intended to evaluate certain personal aspects about you to predict things about you such as your behaviour, interests, movements or performance at work. We do not currently carry out automated profiling. If you have any questions about automated decision-making or automated profiling you can raise them using the contact details in this privacy notice.
Cookies are used on this website to improve user experience and for essential functionality; they are not used for identification purposes.
Learn more about how we manage cookies.
The Information Commissioner's Office (ICO) regulates the processing of personal data. You can complain to the ICO if you are unhappy with how we have processed your personal data.
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Information Commissioner's Office website
We last updated this privacy notice on 4 August 2023. We keep this privacy policy under regular review and update it if any of the information in it changes.