Tuesday, 11 December 2018      4:55am
Privacy Notice (Fair Processing Notice)
(Under the provisions of the General Data Protection Regulation)
 
Ashford Partnership Against Crime gives notice of the following Privacy and fair processing notice:
  • The contact details for the Data Processor and Exclusion scheme manager is
_______________________________________________________________________


What we collect:
We collect information relating to persons committing or suspected of committing low level crime and anti-social behaviour in the Area of Ashford.
The information shall be limited to names, addresses, dates of birth, images and criminal and anti-social behaviour reports regarding individuals in and around the member’s properties. We shall also keep a record of a subject’s ethnicity. In terms of the keeping of ethnicity records, this is required as a main identifying feature. It is classed under the General Data Protection Regulation as ‘Special category data’ and needs separate explanation. Under the Data Protection Bill Part 2 (Substantial Public Interest Conditions), data such as ethnicity can be held for a number of reasons.
 
 
Why we collect data & who we share it with:
In the case of Ashford Partnership Against Crime, we hold the information for the following reasons: It is necessary for reasons of ‘substantial public interest’ on the basis of law, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide measures to safe guard the rights of the data subject. In addition, under Part 2, section 8 – Preventing or detecting unlawful acts and section 9 – Protecting the public against dishonesty etc.
  • The information is essential for the effective management of this Business Crime Partnership. The partnership only works within the boundaries of Ashford Borough Council. Data is only shared with the members who have all signed Data Protection agreements and Partnership with the police under an information sharing agreement. Our neighbouring Business Crime Partnership data processing managers are also members of Ashford Partnership Against Crime. This allows us to share data for the same reasons of preventing and detecting crime in their areas and vice versa, when offenders from Ashford travel to commit crime and anti-social behaviour. (They have the same statutory controls at Ashford Partnership Against Crime). We do not collect information about sexuality, political activity, banking, journalistic material or any information concerning a data subject’s health or their treatment. We do not hold details of criminal records; we only hold up to the past 2 year’s data of that individual’s behaviour locally.
  • Data of individuals engaged in crime and anti-social behaviour is processed to prevent and detect low level crime and anti-social behaviour, thereby protecting members, their staff and business property/premises. This can only be accessed by members on a closed password-protected database that gives details of such individuals. Accessing members, are signatories to a data protection agreement.
  • The data held is provided on a voluntary basis by members, the police and by the Data Processor manager.
Information is processed and maintained on a lawful basis under the General Data Protection Regulation and Data Protection Bill. As such the impact upon the individual data subject is such that this balances the interests of both parties. The Ashford  Partnership  Against Crime scheme collates information that is only used and disseminated to members, that has been deemed to be a proportionate and necessary use of that data to protect members; their staff and property from low-level crime and anti-social behaviour.
 
 
 
 
Data Retention, how long is it kept?
We shall retain data for as long as a subject is ‘active’ in our locality.
  • However, data over two years old will be deleted under yearly audits e.g. even if a subject is active, any incidents over 2 years previously shall be deleted.
  • If a subject only comes to notice once and no further reports are received, they shall be deleted after 18 months.
  • Images of unidentified offenders shall be deleted after 2 years.
  • Information regarding vulnerable persons shall be held for the same time period as above.
  • Information concerning persons under 14 shall not be retained unless there is a significant public interest and the agreement is obtained from the police and Ashford Partnership Against Crime board.
  • Information regarding persons under 18 shall be retained if they are active but this shall be deleted if they have not come to notice for more than 12 months.
  • The above limits are to ensure that data is kept no longer than necessary to prevent and detect offending against members, their staff and property. Once it can be assumed they are no longer of interest and not involved in such behaviour locally, their records shall be deleted.
System management & security:
Technical security information regarding the IT system IRIS can be obtained from Whyte Studio, info@whytestudio.co.uk tel: 0800 468 1850.
Security within Ashford Partnership  Against Crime and its members is handled by the Data Processor, who reports directly to the Board. Any security issues are dealt with under the Data Protection Agreement signed by all members and statutory law if necessary.
Under the General Data Protection Regulation, any breach has to be reported to the Information Commissioner’s Office (ICO) within 72 hours of discovery.
If a breach is identified, the subject identified in the data breach, shall be informed by the Data Processor if they are not already aware.
 
 
 
 
 
 
Subject access and objections:
  • All persons who have data held on the Ashford Partnership Against Crime system can apply (free of charge) to have access to the information held. They must apply in writing to the Data Processor,  Photo proof of identity may be required e.g. Passport or driving licence.
  • Once an application is made in writing, the application shall be acknowledged in writing and the matter dealt with in an expeditious manner. Data shall be supplied in writing to the data subject requesting the data.
  • An individual can upon accessing the data request that any data that is incorrect be altered or deleted.
  • Any individual has a right of complaint to the Information Commissioners Office (ICO) at www.ICO.org.uk