PRIVACY NOTICE

MERSEYSIDE COMMUNITY REHABILITATION COMPANY LTD.

1.    INTRODUCTION

Merseyside Community Rehabilitation Company Ltd. (MCRC) is a ‘data controller’ This means that we are accountable in law for deciding how we hold and use information about you.  We are required under data protection legislation to notify you of the information contained in this privacy notice.

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with data protection legislation, including the General Data Protection Regulation 2018(GDPR).

It relates to information we collect about a range of Data Subjects, including:

  • Service Users engaging with the CRC during the course of a Custodial or Community sentence;
  • People who appear on our CCTV cameras;
  • People who use our website; and
  • Other members of the public, including those who want to make a complaint.

We are committed to protecting the confidentiality, integrity and availability of your personal information.

1.1.    data protection principles

We comply with GDPR requirements. The legislation says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about;
  • Kept securely.

2.    DATA SUBJECTS

2.1.    service users during custodial or community sentences

2.1.1.    Your Data

We collect information about the people we work with during their Court Order or Licence.  The reason we ask a lot of questions is so we can properly understand who we are working with.

We want to make sure that nobody is discriminated against and everyone is treated equally, regardless of their gender, sexuality, age, background or ethnicity.

Once we have your information, we use it to make a personal plan to help make changes that will benefit you.  We may also analyse information to help us improve our services.

We collect personal information such as:

  • Personal identifiers, EG; name, date of birth, address(s), contact information, gender and ethnic origin;
  • Details of any offences, including previous convictions;
  • Information about your Court Order or Licence conditions;
  • A record of your contact with MCRC and any 3rdparty providers you may work with;
  • Records or information provided to us by statutory bodies, such as the Police, Courts or Crown Prosecution Service.

2.1.2.    How Your Data is Stored and Retained

We store information in an electronic Case Management System.  Paper records are kept to a minimum.  Your information will only be retained for a long as is necessary.  It will be securely destroyed when no longer needed.

2.1.3.    How Your Data is Shared

During the course of your Court Order or Licence it may be necessary for us to share information about you with other organisations.  Where required by law, we will discuss this with you in advance before information is shared. However, there may be occasions where information must be shared without your consent.

We may share information with the following organisations:

  • The Courts, Parole Board, Police or Prison Services;
  • The National Probation Service;
  • Victim services;
  • Other Criminal Justice agencies;
  • Heath providers;
  • Social Services;
  • Employment services or agencies;
  • Counsellors;
  • Housing authorities or providers;
  • Drug or alcohol services;
  • Other specialist providers; and
  • Other companies in the Interserve group.

2.1.4.    Consent

The types of information collected and how we will use it is detailed in the materials we provide to you during your induction.  If at any point we need to use your information in a way that is different to what is covered in your induction, we will ask you to provide your consent, unless the law allows us to do so without your consent.

2.2.    people appearing on cctv

We operate CCTV systems to support the physical security of our premises.  Areas covered by CCTV will be identified with signage.

CCTV footage is not shared with 3rdparty organisations, with the exception of the Police where there is a need to support criminal investigations.

The CCTV systems which we have installed record footage to hard drive devices and are routinely overwritten with subsequent recordings.  Where no incidents have occurred requiring longer retention, CCTV recordings are normally retained for a maximum of one month.

2.3.    people accessing websites

We do not attempt to identify anyone who visits the website.  Where website visitors use ‘contact us’ to ask a question, the following information will be recorded:

  • email address
  • name
  • telephone number
  • comment

These details are stored in accordance with information security policy and only retained for a long as is necessary.  Specific retention periods can vary depending on the nature of the comment or query. The information is not stored within the website.

2.4.    other members of the public

Where members of the general public contact us, for example, to make a complaint, their information will be stored in accordance with information security policies, will not be distributed to other third party organisations and will only be retained for as long as necessary.  Where there is a need to share information with others, we will contact you for your consent.

3.    PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

To the extent that we hold and/or use any information about you, we do so on the basis that such processing is necessary forthe exercise of law enforcement purposes, including the prevention of criminal offences and the execution of criminal penalties.

To the extent that, forthe exercise of law enforcement purposes,we hold and/or use any information about you which constitutes special category data (meaning information about you relating to your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation), or data relating to criminal convictions, we do so on the basis that such processing is necessary for statutory purposes, for the administration of justice, for the protection of vital interests and for the safeguarding of children and of individuals at risk.

4.    SECURITY

We understand the importance of protecting your information properly and that people want their records kept safely and securely.  The General Data Protection Regulations require us to control how personal information is used.  There are strict guidelines so that information is not kept for longer than needed, kept safe and secure at all time and only used for what it was intended for.

There are security policies and processes in place to prevent your information from being accidentally lost, used or accessed in an unauthorised way, changed or disclosed to people who should not have access to it.

We will notify you and an applicable regulator of any identified or suspected data breach, where we are required to do so by law.

All our staff receive training about information security and data protection.

5.    AUTOMATED DECISION MAKING

You will not be subject to decisions that with have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.

We do not envisage any decisions will be taken about you using automated means.

6.    TRANSFER OF INFORMATION OUTSIDE OF THE EU

We will not share your data with third parties outside of the EU.

7.    YOUR RIGHTS

Except to the extent that any exemptions under data protection legislation apply, you have the following rights:

7.1.    Access

You are entitled to ask for a copy of the personal information we hold about you.

7.2.    Correction

You are entitled to ask for any incomplete or inaccurate information we hold about you corrected.

7.3.    Erasure

You have the right to ask us to delete or remove personal information where there is no good reason for us continuing to process it.

7.4.    Object to Processing

You have the right to object to the processing of your personal information on grounds relating to your particular situation, unless we can show that we have compelling legitimate grounds for processing your information which override your rights, interests and freedoms.

7.5.    Restriction of Processing

You have the right to ask us to suspend the processing of personal information about you, where the information we hold about you is inaccurate or where we are processing the information unlawfully.

7.6.    Transfer

You have the right to request the transfer of your data to a third party.

7.7.    Withdraw Consent

In limited circumstances, where you have provided consent to the collection, processing or transfer of your personal information for a specific purpose, you have the right to withdraw your consent at a later date.  Once we have received notification that you wish to withdraw your consent, we will cease processing your information for that specific purpose unless we have another legitimate or statutory basis for continuing to do so.  You will be told if we are unable to cease processing your information and why.

8.    WHAT WE NEED FROM YOU

8.1.    Tell us when your details change

To assist us in ensuring the accuracy of your personal data, it is important that you tell us if your personal information changes.

8.2.    Verification of identity

We will need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights).  This is an appropriate security measure to ensure that personal information is not disclosed to a person who has no right to receive it.

9.    CONTACT INFORMATION

If you have any questions about this privacy notice, how we handle your personal information or if you want to exercise your right of access (or any of the other rights described in section 6), speak to your Case Manager or Senior Case Manager in the first instance.  You can also write to our Data Protection Officer;

Data Protection Officer

Interserve

Capital Tower

91 Waterloo Rd

Lambeth

London SE1 8RT

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

10. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time.  We will make a new privacy notice available when we make substantial updates. We may also notify you in other ways about the processing of your personal information.

11. DOCUMENT CONTROL

This Privacy Notice was reviewed May 2018.