Privacy notice

His Majesty’s Inspectorate of Constabulary and Fire & Rescue Service (HMICFRS) is based at 23 Stephenson Street, Birmingham, B2 4BH. HMICFRS is the controller for this information. This includes when the information is collected or processed by third parties on our behalf.

At HMICFRS, we inspect, monitor and report on the efficiency and effectiveness of the police and fire and rescue services with the aim of encouraging improvement. To carry out this public function and comply with our statutory requirements to inspect we sometimes need to process personal data.

The privacy policy notice explains how and when we do this, what we with the personal data when we have it and how concerns can be reported.

Why we collect your personal data

HMICFRS collects personal data in the following circumstances:

  • where data subjects have explicitly subscribed to communications, or given consent to be contacted for survey/consultation purposes;
  • where data subjects have contacted us directly and submitted a request for information;
  • where data subjects have entered a contract of employment with HMICFRS;
  • to report on the quality of work resulting from the inspection of those who provide police and fire & rescue services.

Why do we process your personal data?

HMICFRS will process your personal data when:

  • you are a member of staff (including prospective members of staff, fee paid staff, and short-term placements);
  • you are a person that has a connection to an inspection (including a person who has offended, victims, those with parental responsibility of children or young people who have offended, staff within organisations who provide police and fire & rescue services);
  • you have explicitly subscribed to receive communications or given consent to be contacted for survey/consultation and other purposes;
  • when we undertake research from information gained through inspection or other lawful means;
  • you contact us;
  • you enter any contract to provide services to us; or
  • to fulfil any contractual obligations.

HMICFRS does not conduct any automated processing of personal data.

Our legal basis for processing your personal data

Under Article 6(1) of the General Data Protection Regulations (UKGDPR) our lawful basis for processing personal data (including special category data) are:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

For example, where data subjects have explicitly subscribed to communications or given consent to be contacted for survey/consultation purposes.

(b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

For example, where data subjects have entered a contract of employment with HMICFRS. There is a separate Home Office privacy notice for staff that details how their personal data is processed during their employment within HMICFRS.

(c) processing is necessary for compliance with a legal obligation to which the controller is subject.

For example, where data subjects have submitted a Freedom of Information (FOI) request, their name and contact details are required to process the request as defined by by the FOI Act.

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

For example, where data subjects are part of an inspection of a force or fire service and respond to surveys or are involved in interviews.

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

For example, where data subjects have contacted HMICFRS direct regarding individual concerns.

Please note the examples given are not exhaustive.

Under Article 9(2) of the UKGDPR the conditions we apply for processing special category data are:

(b) Employment, social security and social protection law

This type of data includes data processed to ensure the health, safety and welfare of HMICFRS employees.

(e) Made public by the data subject

This type of data is limited and only relates to HMICFRS staff sharing personal stories as part of health and well-being initiatives.

(g) Substantial public interest conditions

This type of data includes, crime, victim, incident data provided by forces/services and interviews, statements and feedback provided by personnel during the inspection process.

All HMIs, including the Chief Inspector, are appointed by the Crown on the advice of the Home Secretary and the Prime Minister, under section 54 of the Police Act 1996. This type of special category data can therefore be processed under the public interest condition found in Schedule 1, Part 2, section 6 of the DPA 2018.

For Articles 9(2)(b) and (g) HMICFRS holds the required Appropriate Policy Document.

Personal data collected as part of the HMICFRS inspection process

During the inspection process HMICFRS always aims to minimise the amount of personal data that is processed.

Whilst we are provided with data about crimes, incidents and victims from forces/services we do not hold full case files or detailed evidence. Our focus is on the work carried out by forces/services, such as how types of cases may have been handled, and because of this the focus is not on recording details of individuals.

In most circumstances the data provided to us by forces and services is either redacted to remove personal data or anonymised. Where this is not possible the volume of personal data processed is minimised to the best of our ability and retained for the least amount of time required.

Any personal data that is processed is retained in line with the Home Office retention schedule, but in most cases deleted, once an inspection is completed.

Who might we share your personal data with?

Other than internal staff within HMICFRS, we might share your personal data with:

  • partner inspectorates
  • other official bodies
  • third-party service providers in the course of service delivery.

We will not:

  • sell or rent your data to third parties; or
  • share your data with third parties for marketing purposes; or
  • share your data internationally.

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How we store your personal information

Your information will be stored securely on UK servers and not transferred outside of the UK. It is retained for as long as necessary for the purpose for which it is being processed and in line with the Home Office retention policies.

What are your rights?

Where data subjects have provided consent for HMICFRS to process their personal data, they will have been informed as to how to withdraw that consent. However, if you are unsure or have any questions you can contact HMICFRSKIM@homeoffice.gov.uk.

Individuals also have the right to make a subject access request. This means we will confirm what personal data we hold about you and provide a copy of that data.

To make a subject access request please send your request and two forms of identification (one must include your address) to HMICFRSKIM@homeoffice.gov.uk.

In addition to this, you can:

  • ask for any incorrect personal data to be amended;
  • ask for your personal data to be erased (in certain circumstances);
  • object to or request we restrict the processing of your personal data;
  • receive a copy of your personal data in a format that is accessible to you.

All requests will be considered on a case-by-case basis and a response will be provided within one month from the receipt of a valid request.

Contact us or make a complaint

Contact HMICFRS if you:

  • have any questions about anything on this page; or
  • think that your personal data has been misused or mishandled.

HMICFRS has a data protection officer who can be contacted by:

Email: dpo@hmicfrs.gov.uk

Telephone: 020 7035 6999

Post:
Office of the DPO
HMICFRS
Peel Building
2 Marsham Street
London
SW1P 4DF

You can also make a complaint to the Information Commissioner’s Office, who is an independent regulator.

Email: casework@ico.org.uk

Telephone: 0303 123 1113
Textphone: 01625 545860

Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Last reviewed: 30/11/2023

Next review date: 30/05/2024

Last updated: 19 April 2023