Select your area

show areas

hide areas

Privacy

We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.

What information do we collect?

We may collect, store and use the following kinds of personal data:

  • Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
  • Information that you provide to us for the purpose of registering with us
  • Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters
  • Any other information that you choose to send to us

Disclosures

We may disclose information about you to [any of our employees, officers, agents, suppliers or subcontractors] insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
  • To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling
  • Except as provided in this privacy policy, we will not provide your information to third parties.

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. 

Your rights

How do we ensure personal data is accurate and kept up-to-date?

West Midlands Police has a programme of proactive data quality checks undertaken by dedicated staff. In addition to proactive audits, internal processes are in place so that Police Officers and Police Staff can reactively notify dedicated teams of suspected data quality issues.

Data Quality statistics are reported to the Accreditor and Senior Information Risk Owner (SIRO) every month to enable senior management oversight. Risk areas are highlighted on department and force level risk registers to enable effective prioritisation of resources.

If you think we hold inaccurate data about you, you can request its correction by using the details listed on the ‘Individual Rights’ https://west-midlands.police.uk/about-us/privacy-notice/individuals-rights

How do we ensure your data is not kept for longer than is necessary?

Physical files are subject to a robust management plan which ensures regular review and archiving in secure locations. Where IT systems permit, and for all new systems, retention criteria are applied automatically. Where automatic retention cannot be applied for technical reasons, retention criteria are applied on a case-by-case basis by the relevant business area.

West Midlands Police retains some information beyond the periods set out in the retention schedules for archiving purposes in the public interest, scientific or historical research purposes, and statistical purposes. Prior to accepting information in to the museum, it is assessed to ensure that retaining it for these objectives is not incompatible with the original purpose for which it was collected.

If you think we are holding your personal data for longer than is necessary, or you wish to object to your data being held in the force museum you can request its deletion by using the details listed on the ‘Individual Rights’ on our Website https://west-midlands.police.uk/about-us/privacy-notice/individuals-rights

How do we ensure that personal data is processed in a manner that ensures appropriate security?

West Midlands Police follows best practice from organisations like the National Cyber Security Centre and the Centre of Protection for National Infrastructure. The organisation follows the College of Policing’s Authorised Professional Practice for Information Assurance, and is aligned to the principles contained in ISO/IEC 27002:2013.

Security of personal data is led by Information Security and Assurance, who report to the Accreditor and Senior Information Risk Owner. Additional dedicated security positions provide extra support: Security Architect and Information Systems Security Officer provide technical expertise to IT and Digital; and Counter-Terrorism Security Advisors and Design Out Crime Officers provide additional physical security advice to the organisation.

All new systems are subject to a security review and production of a risk assessment, completed by Information Security and Assurance. Where applicable, new systems are subject to a well-scoped IT Health Check conducted by an independent CHECK-certified third party. Our premises and our networks are designed and managed using a layered approach to security, so that failure of any single control does not result in a breach. All buildings and IT systems are subject to routine maintenance, testing, audit, and review, with remedial action being taken using a risk-based approach. Staff behaviour is governed by appropriate, policy, training, technical, and procedural measures; all of which is reviewed by Information Security and Assurance prior to publishing. Our operating procedures and policies include guidelines as to what use may be made of any personal information processed by the system to which they apply. These procedures are reviewed regularly to ensure effective information security.

Third parties who store or process data on our behalf are subject to the same standards as we would apply to our own organisation, and where appropriate, this requirement forms part of our contract.

You may instruct us not to process your personal data for marketing purposes by clicking here and using our contact form at any time.  (In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.)

Third party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.