Privacy Notices – Member and Offenders & Suspected Offenders

Cardiff Against Business Crime Intelligence Sharing Intranet and Exclusion Scheme

PRIVACY NOTICE (MEMBERS)

This document explains who the Cardiff Against Business Crime Intelligence Sharing Intranet and Exclusion Scheme (the Scheme) is, why it processes its Members’ personal data and the lawful basis for that processing.  It describes the kind of personal data about Members that the Scheme is allowed to process, and what the Scheme can do with it.

Contact details

Cardiff Against Business Crime

FOR Cardiff

Suite 13, Level 1, MotorPoint Arena

Mary Anne Street Cardiff

CF10 2EN

Email address: cabc@fordiff.com

Tel: 029 20314773

The Scheme’s Data Controller is responsible for ensuring its compliance with current Data Protection law and can be contacted at the above address, email address or telephone number.  The Scheme is registered with the Information Commissioners Office as a Business Crime Reduction Partnership.

Purpose of processing personal data

The Scheme processes Members’ personal data for the following purposes:

  • to enable the efficient management of the Scheme; to manage the membership of the Scheme including subscriptions where relevant; invitations to the Scheme’s Annual General Meeting and other meetings where relevant etc;
  • to defend and indemnify the Scheme in case of any Member’s non-compliance with the Scheme’s Rules & Protocols;
  • to enable the Scheme to communicate efficiently to Members by sending only relevant news, alerts and documents, and information about events which are relevant, to them.

Lawful basis of processing

The Scheme’s existing contract/agreement between itself and its Members requires that Members provide their name, postal and email addresses, telephone etc to the Scheme.  This contract/agreement means that the Scheme’s lawful basis for processing Members’ personal data is ‘contract’ and therefore the Scheme can process Members’ personal data without their further consent.

Categories and types of personal data processed

  • Name, name and place of employment, postal and email addresses, telephone and other contact details will be processed;
  • No sensitive or ‘special category’ personal data (ethnicity, sexuality, religious beliefs etc) is processed by the Scheme.

Sources of personal data

  • The Scheme obtains Members’ personal data from existing contracts/agreements with Members;
  • Members may themselves update their personal data on the Scheme’s online system (My Account).

Recipients of Members’ personal data

  • The Scheme’s Board of Management, Data Controller and formally contracted Data Processors may access Members’ personal data;
  • Members’ personal data will not be passed to any third party unless to the police under warrant or with the expressed permission of the Member;
  • The Scheme will not transfer Members’ personal data outside the UK.

Data retention period

The Scheme will retain Members’ personal data only for as long as each Member remains a Member of the Scheme; when a Member ceases to be a Member of the Scheme he/she must confirm this with the Scheme’s Board of Management as specified in the Scheme’s Rules & Protocols at which time all associated personal data will be irrevocably deleted.

In the case of submitted reports, the submitting Member’s email address only will continue to be associated with such reports for as long as the report is retained by the Scheme; this is required where a report may be used for evidential purposes in legal proceedings.

Members’ rights

  • Members can obtain a copy of all their personal data held by the Scheme; Members may access this at any time on the Scheme’s online system (My Account) or may be obtained on application to the Data Controller (see Contact Details above).
  • Members can correct any erroneous data at any time on the Scheme’s online system (My Account) or may require the Scheme to correct any errors on their behalf.
  • At the conclusion of their Membership, Members’ personal data will be irrevocably deleted by the Scheme with the exception of email addresses associated with Incident reports (see Data Retention Period above) and may require the data Controller to confirm such deletion. Members have the right to complain about the Scheme to the Information Commissioners at https://ico.org.uk/concerns/handling/.

 

Cardiff Against Business Crime Intelligence Sharing and Exclusion Scheme

PRIVACY NOTICE (OFFENDERS AND SUSPECTED OFFENDERS)

This document describes the Cardiff Against Business Crime Intelligence Sharing and Exclusion Scheme (the Scheme), explains why the Scheme processes the personal data of specific individuals (Offenders and Suspected Offenders) and the lawful basis for that processing.  It describes the kind of information about Offenders that the Scheme processes and what it does with that information.

Contact details

Cardiff Against Business Crime

Suite 13, Level 1, MotorPoint Arena

Mary Anne Street Cardiff

CF10 2EN

Email address: cabc@fordiff.com

Tel: 029 20314773

 

The Scheme’s Data Controller is the entire membership who have appointed a Board of Management to act as ‘Data Protection Officers’. The Board have appointed an administrator, the Business Crime Reduction Manager as its Data Processor responsible for all day-to-day processing and ensuring its compliance with current Data Protection law and can be contacted at the above address, email address or telephone number.  The Scheme is registered with the Information Commissioners Office as a Business Crime Reduction Partnership.

Purpose of processing personal data

Members of the Scheme have the right to protect their property, staff and customers from crime and anti-social behaviour and to exclude from their premises any individuals who are proven or imply threats to their property, staff or customers. The Scheme processes Offenders and Suspected Offenders personal data for the specific purpose of managing its restricted access intelligence sharing intranet ‘DISC’ and Exclusion Scheme on behalf of its Members.

The Scheme’s area of operation its Intelligence Sharing Intranet and Exclusion Scheme extends across the City and County of Cardiff

Types of processing

The Scheme undertakes the following types of processing of personal data of Offenders and Suspected Offenders.:

Data collection; see Sources of personal data below;

Data storage; storage of Offenders and Suspected Offenders’ data in a facility independently certified as secure to a high standard;

Data retention; see Data Retention period below;

Data collation; associating individual Offenders and Suspected offenders with multiple incidents, and with other Offenders and Suspect Offenders;

Data sharing; as defined in Recipients, or categories of recipients, of personal data below;

Data deletion; see Data Retention period below;

Data analysis; of de-personalised data for historical comparisons etc.

Lawful basis of processing

The Scheme’s Members’ ‘legitimate interests’ provides the lawful basis on which it may process specific items of Offenders and Suspected Offenders personal data for specific purposes without Offenders or Suspected Offenders consent.

The Scheme has assessed the impact of its processing on Offenders and Suspected Offenders rights and freedoms, has balanced these with its Members’ own rights, and has concluded that its Members’ rights prevail over Offenders and Suspected Offenders rights in this specific matter.  This means that, for the specific purpose of managing a member restricted access intelligence sharing database and exclusion scheme, the Scheme’s lawful basis for processing Offenders and Suspected Offenders personal data is ‘legitimate interests’ and therefore the Scheme can process Offenders and Suspected Offenders personal data without requiring their consent.

Categories and types of personal data processed

Offenders and Suspected Offenders:

Offender’s and Suspected Offenders name and facial image and any relevant information about the nature of his/her activities; the purpose of this processing is to enable Members to identify Offenders and Suspected Offenders to submit reports about them, to include them in a list or gallery of excluded persons (if appropriate and in line with the Scheme’s Rules & Protocols), and to provide information about them which may be necessary to protect the personal safety of Members and their staff, customers etc.  This data may be shared among Members;

Offenders and Suspected Offenders Ethnicity; this is special category data and we will process this only to assist our members to identify a known or suspected offender to report about an incident in which they have been involved, or to identify prolific or travelling offenders.

Offenders’ and Suspected Offenders postal and email addresses, telephone number(s) and other contact details; the purpose of this processing is to enable the Scheme to communicate with Offenders from time to time, for example, to send confirmation of exclusions, rules of the exclusion scheme, or confirmation that exclusions have expired.  Such data will not be shared with Members;

Information and evidence about incidents in which an Offender and Suspected Offenders has been involved; the purpose of this processing is to enable the Scheme to defend its legal rights against any claim or suit by an Offender, Suspected Offender or other party. Such data will not be shared with Members but only with the Scheme’s Administrator as Data Processor on behalf of the Board of Management as Data Protection Officers and the entire membership as Data Controllers and as necessary during any legal proceedings.

No sensitive or ‘special category’ personal data other than ethnicity as stated above, (sexuality, religious beliefs etc) is processed by the Scheme.

 

Sources of personal data

Offenders

Offenders or Suspected Offenders who may voluntarily offer information about themselves;

Members who may submit reports about incidents in which Offenders and Suspected Offenders have been involved.  They may also send relevant ‘intelligence’ about Offenders and Suspected Offenders, for example they may provide a name when asked to identify an unidentified CCTV image;

Police or other public agencies may provide Offenders or Suspected Offenders personal data under a formal Information Sharing Agreement.

Recipients or categories of recipients of personal data

Offenders and Suspected Offenders

The following types of individuals may have access to the Scheme’s data, including Offenders’ personal data:

Members who are property owners, agents or their employees working within the operational area of the Scheme who share the same legitimate interests;

Employees and officers of public agencies involved in the prevention and detection of crime, such as police, whose lawful basis for processing Offenders or Suspected Offenders data is their public task;

Data Controllers of other organisations, like the Scheme, in neighbouring areas if there is evidence that an Offender or Suspected Offender has participated, or is likely to participate, in any threat or damage to property, staff and customers in areas outside the Scheme’s area of operation.

The Scheme will not transfer Offenders or Suspected Offenders data outside the UK.

Data retention period Data retention period

Offenders and Suspected Offenders

When an Offender or Suspected Offender is reported by a Member for participating in any threat or damage to any Member’s property, staff or customers, his/her name and facial image may be shared among Members for 12 months.  If no further report is submitted during that period, the Offender or Suspected Offender data will be withdrawn from Members at the expiry of that period. It will be retained for a further 12 months in the Scheme’s database (which can only be accessed by the scheme administrator acting as appointed Data Processor) after which time it will be irrevocably deleted.

If during the 12 months when an Offender or Suspected Offender’s data is circulated among Members he/she is reported for another incident involving a threat or damage to any Member’s property, staff or customers, his/her name and facial image will be circulated among Members for a further 24 months from the date of the second report.  Additionally, the Offender or Suspected Offender may be excluded from all the properties of all Members for  a period up to 24 months, and this fact will be shared with Members. If no further report is submitted by a Member during that period, the Offender or Suspected Offenders data will be withdrawn from Members at the expiry of that period. It will be retained for a further 12 months in the Scheme’s database (which can only be accessed by the scheme administrator acting as appointed Data Processor) after which it will be irrevocably deleted.

Offenders and Suspected Offenders rights

Every Offender or suspected offender has the right to obtain a copy of all the personal data which the Scheme holds about him or her; to do so the Offender or Suspected Offender must contact the Data Controller (see contact details above); the Offender Suspected Offender may be required to provide proof of his/her identity. In any case, the Scheme will respond to the request within 30 days and provide full documentation to demonstrate compliance with Data Protection law.

If, when an Offender or suspected offender accesses his/her personal data, any of it is found to be incorrect, unnecessary or disproportionate, the Offender can require the Scheme to correct it.  Offenders or Suspected Offenders do not have the right to require the Scheme to delete correct, necessary or proportionate information.

Offenders and Suspect Offenders have the right to complain about the Scheme to the Information Commissioners Office; Offenders can submit a complaint on the ICO’s website at https://ico.org.uk/concerns/handling/