Data Protection Act
The Data Protection Act aims to give people more control over their information.
Both the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 extends the rights of individuals and requires organisations holding personal data to comply with a stricter set of rules.
We've provided a helpful guide that provides details about the data protection provisions and how we comply with them.
Data Protection Principles
When we handle your personal information, all our processing will be:
- processed lawfully, fairly and in a transparent manner
- obtained for a specified, explicit and legitimate purpose
- adequate, relevant and limited
- accurate and, where necessary, kept up to date
- kept no longer than is necessary
- protected with appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction of personal data
- documented by the organisation to demonstrate our accountability and compliance with the principles.
Subject Access and Information Rights
Under data protection laws you have the following rights regarding how we handle your information.
You have the right to:
- be informed
- have access (for example, a copy of information we hold about you)
- erasure (“be forgotten”)
- restrict processing
- data portability
- automated decision-making, including profiling
If you wish to request a copy of your information or find out more about your information rights, please refer to our Subject Access & Information Rights form for details.
All requests are free of charge and we aim to respond within 30 calendar days of the request being received, unless it is complex, where on such occasions the deadline for responding may require extending by a further two months. However if this is the case, we will let you know within one month from the date of receiving your request.
Police & other agencies requesting personal information
The police and other agencies can request access to personal information held by us for specified purposes. These types of requests are permitted under exemptions found under Schedule 2 Part 1 Paragraph 2 of the Data Protection Act 2018 (formerly S29 of Data Protection Act 1998) and where we have entered into an Information Sharing Protocol with the police and other agencies with requests relating to the particular information sharing protocol in place.
The Police can ask for information regarding:
- the prevention or detection of crime
- the apprehension or prosecution of offenders
- the assessment or collection of tax, duty or imposition of a similar nature
The Data Protection Act does not give an automatic right of access to information by the police and other agencies but allows us to assess the merits of requests and decide whether or not to apply the exemption.
The Information Commissioners’ Office guidance on exemptions includes what we must take into consideration when deciding whether to release information to relevant authorities.
To make a Schedule 2 Data Protection Act Request download the request form below. If the request is from the police, it must be signed off by an Officer of the rank of inspector or above. Email the form to firstname.lastname@example.org.
Data Protection team