The Welcome People Limited and The Security People Limited [ The Company]
PRIVACY NOTICE (OFFENDERS)
This document describes the Processing of data at The Welcome People and the Security People, explains why we process the personal data of specific individuals (Offenders) and the lawful basis for that processing. It describes the kind of information about Offenders that the Company processes and what it does with that information.
1. Contact details
The Welcome People
6 Market Place
Email address: email@example.com
Tel: 0207 436 8762
2. The company’s Data Controller is responsible for ensuring its compliance with current Data Protection law and can be contacted at the above address, email address or telephone number. The Company is registered with the Information Commissioners Office as an organisation processing data for the prevention of crime
Purpose of processing personal data
The Company and members of our clients have the right to protect their property, staff and customers from crime and anti-social behaviour.We process personal data, and details of any offences we see, for the purposes of preventing crime and disorder including anti-social behaviour, vagrancy, begging and trespass from people we encounter as we go about those duties.
3. The company’s area of operation, can be seen on our website as to where we have clients: http://www.thewelcomepeople.com/#clients-section
Types of processing
4. The company undertakes the following types of processing of personal data of Offenders:
a. Data collection; see Categories of personal databelow;
b. Data storage; storage of Offenders’ data in a facility independently certified as secure to a high standard;
c. Data retention;see Data Retention periodbelow;
d. Data collation; associating individual Offenders with multiple incidents, and with other Offenders;
e. Data sharing;as defined in Recipients, or categories of recipients, of personal data below;
f. Data deletion;see Data Retention periodbelow;
g. Data analysis; of de-personalised data for historical comparisons etc.
Lawful basis of processing
5. The company and its clients’ ‘legitimate interests’ provides the lawful basis on which it may process specific items of Offenders’ personal data for specific purposes without Offenders’ consent.
6. The company has assessed the impact of its processing on Offenders’ rights and freedoms, has balanced these with its client and clients’ members own rights, and has concluded that its clients’ rights prevail over Offenders’ rights in this specific matter. Therefore, for the purposes of the prevention of crime, to inform stakeholders of an offender’s modus operandi, to collate intelligence on criminal activity within the area of the company’s operation and to contribute to legal proceedings against Offenders where appropriate, our clients and clients’ members legitimate interests constitute the company’s lawful basis for processing Offenders’ personal data without requiring consent.
7. Categories and types of personal data processed
a. Offender’s name and facial image and any relevant information about the nature of his/her activities; the purpose of this processing is to enable the company to identify Offenders in order to submit reports about them, to include them in a list or gallery of persistent offenders (if appropriate and in line with the company’s Rules & Protocols), and to provide information about them which may be necessary to protect the property and personal safety of clients and clients’ members and their staff, customers and members of the public etc. This data may be shared among other agencies that have a legitimate interest;
b. Information and evidence about incidents in which an Offender has been involved; the purpose of this processing is to enable the company to collate intelligence on criminal activity within the area of the company’s operation and to defend its legal rights against any claim or suit by an Offender or other party. Such data may be shared with other agencies that have a legitimate interest.
8. For the purposes of identification, some sensitive or ‘special category’ personal data may be processed by the company e.g. ethnicity and medical conditions where the latter impacts upon the safety of our staff.
Sources of personal data
9. Offenders’ personal data may be provided to the Company by:
a. Offenders who may voluntarily offer information about themselves;
b. Clients’ members who may submit reports about incidents in which Offenders have been involved. They may also send relevant ‘intelligence’ about Offenders, for example they may provide a name when asked to identify an unidentified CCTV image;
c. Police or other public agencies may provide Offenders’ personal data under a formal Information Sharing Agreement.
d. Social media platforms and public news sites may provide information that is in the public realm by virtue of being displayed without privacy controls on a publicly accessible platform.
Recipients, or categories of recipients, of personal data
10. The following types of individuals may have access to the Company’s data, including Offenders’ personal data:
a. Clients and clients’ members who are property owners, agents or their employees working within the operational area of the company who share the same legitimate interests;
b. Employees and officers of public agencies involved in the prevention and detection of crime, such as police, whose lawful basis for processing your data is their public task;
c. Employees and officers of outreach organisations for the purpose of safeguarding vulnerable people that we may encounter.
d. Data Controllers of other organisations, similar to the company, in neighbouring areas if there is evidence that an Offender has participated, or is likely to participate, in any threat or damage to property, staff and customers in areas outside the Company’s area of operation.
11. The Company will not transfer Offenders’ data outside the UK.
Data retention period
12. When an Offender is reported by a officer for participating in any threat or damage to any property, staff or customers, his/her name, age and facial image together with any relevant information of offences or offending behaviour may be shared among clients and clients’ members for 12 months. If no further report is submitted during that period, the Offender’s data will be withdrawn from circulation at the expiry of that period. It will be retained for a further 12 months in the company’s database (which can only be accessed by the Data Controller and authorised personnel) after which time, if no further incidents are reported, it will be irrevocably deleted.
13. If during the 12 months when an Offender’s data is circulated among clients members he/she is reported for another incident involving a threat or damage to any property, staff or customers, his/her name and facial image will be circulated among clients and clients’ members for a further 12 months from the date of the second report. If no further report is submitted by an officer during that period, the Offender’s data will be withdrawn at the expiry of that period. It will be retained for a further 12 months in the company’s database (which can only be accessed by the Data Controller and authorised personnel) after which, if no further incidents are reported, it will be irrevocably deleted.
14. Every Offender has the right to obtain a copy of all the personal data which the company holds about him or her; to do so the Offender must contact the Data Controller (see contact details above); the Offender may be required to provide proof of his/her identity. In any case the company will respond to the request within 30 days and provide full documentation to demonstrate compliance with Data Protection law.
15. If, when an Offender accesses his/her personal data, any of it is deemed by the Offender to be incorrect, unnecessary or disproportionate, the Offender can require the company to correct it. Offenders do not have the right to require the company to delete correct, necessary or proportionate information.
16. Offenders have the right to complain about the company to the Information Commissioners Office; Offenders can submit a complaint on the ICO’s website at https://ico.org.uk/concerns/handling/