Privacy Notice | EM Cyber Secure

We have updated our Privacy Notice to make it easier for you to understand what information we collect about you, why we collect it, how we process it, share it, retain it and dispose of it. We have also explained our practices in more detail and in a clearer language. We take your privacy seriously and are making these updates to comply with our new obligations under the General Data Protection Regulation (GDPR) which takes effect across the European Union from the 25th May 2018. The GDPR is a regulation in EU law on data protection and privacy for all individuals with the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and ensures greater transparency and accountability in the way organisations handle personal data. The UK Data Protection Act 2018 enshrines the GDPR and the Law Enforcement Directive into UK Law.

This document explains how Leicestershire Police handles your personal information (personal data [1]), the steps we take to ensure that it is protected, and also describes the rights you have in regard to any personal data we already hold about you and any further personal information we might collect about you, either from you or from a third party.

The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018 (‘the Act’) together with the GDPR. The Chief Constable of Leicestershire Police is the ‘data controller’ for the purposes of the Act. You can contact the Chief Constable by post at Chief Constable, Leicestershire Police HQ, St Johns, Enderby Leicester, LE19 2BX. A ‘data controller’ is obliged to ensure that Leicestershire Police handles all personal data in accordance with the Act.

Leicestershire Police is registered with the Information Commissioner’s Office (ICO) who is the supervisory authority in the UK who enforces and monitors compliance with the data protection legislation. Our ICO Registration Number is Z4887579.

We have appointed a Data Protection Officer (DPO) who provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email at DPO@leics.police.uk or by post at Data Protection Officer, Information Management Unit, Police Headquarters, St Johns, Enderby Leicester, LE19 2BX if you have any questions about how we use your personal information.

This Privacy Notice provides up to date information about how we use your personal information and updates any previous information we have given you about using your personal data. We will review and update this Privacy Notice from time to time to reflect our processes and make any changes available on our website. See section 11 for more information about your Privacy rights.

[1] Definition of personal data. Any information relating to an identified or identifiable living individual. An identifying characteristic could include a name, ID number or location data. Such information is treated as personal data even if it can only be potentially linked to a living individual.

This privacy notice explains:

how we collect, store, use, disclose, retain and destroy personal data through the website at https://www.eastmidlandscybersecure.co.uk (those activities are also referred to as processing personal data)
the steps we take to ensure personal data we process is protected properly
the rights individuals have when we process their personal data

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from August 2025.

We will treat information you provide to us in using this website treated in confidence and we will not disclose it to third parties unless we are required to do so by law, or as explained in this privacy notice.

We gather information about site usage to help the development and improvement of services to the public, and to protect the integrity of our systems from malicious users. We also gather information through the various functions available on the site that allow you to provide us with information (such as online forms and the live-chat function) for the purposes described later in this privacy notice. At the moment this information consists of:

Statistical information obtained using Google Analytics which does not identify individual users (more information about this is in the 'How do we use cookies?' section of this privacy notice) - this statistical information does not contain any personal data.

What is personal data?

Personal data is any information we handle that relates to an identified or identifiable natural person. An 'identifiable natural person' is anyone who can be identified, directly or indirectly from information, including by reference to a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Our Contact Details and Data Protection Officer

This website is run by Leicestershire Police Protect Officers. Our Data Protection Team manages our data protection compliance. We do not process or store any personal information on our website. However, our Data Protection Officer is Steven Morris.

We take our data protection responsibilities seriously. We take great care to ensure we process your personal data properly to maintain your trust and confidence. You can contact our Data Protection Team or our Data Protection Officer if you have any questions or concerns about how we process your personal data.

Post:

Data Protection Team
Information Management Unit
Police Headquarters
St Johns
Enderby
Leicester
LE19 2BX

Telephone: 0116 248 5222

Email: data.protection@leicestershire.pnn.police.uk

Why do we process your personal data?

We do not process personal data directly through this website. However, if you email us any personal details, or send them via our contact form, we may process them in relation to our policing purpose.

Leicestershire Police obtains, holds, uses, discloses etc. personal data for both Law Enforcement and General Data Protection Processing purposes.

1.1. The Law Enforcement Purpose (policing purpose) includes:

Prevention, investigation, detection or prosecution of criminal offences;
Protecting life and property
Execution of criminal penalties;
Safeguarding against and preventing threats to public security; and
Any duty or responsibility of the police arising from common or statute law.

1.2 The provision of services to support the Law Enforcement Purposes includes:

staff administration, occupational health and welfare
management of public relations, journalism, advertising and media
management of finance
internal review, accounting and auditing
training
property management
insurance management
vehicle and transport management
payroll and benefits management
management of complaints
vetting
management of information technology systems
integrity monitoring
legal services
information provision
licensing and registration
pensioner administration
research, including surveys which may be carried out by an external agent on our behalf
performance management
sports and recreation
procurement
planning
system testing
security
health and safety management
Protection and monitoring of our estate, and wider property including vehicles.

Whose personal data do we process?

We do not process any personal data on this website. However, if you email, or use the contact form, we might process this data.

In order to carry out the purposes described under why we handle personal data Leicestershire Police may obtain, use, disclose, handle etc. personal data relating to a wide variety of individuals including the following:

staff including volunteers, agency workers, and temporary workers
suppliers and contractors
complainants, correspondents and enquirers
relatives, guardians and associates of the individual concerned
advisers, consultants and other professional experts
offenders and suspected offenders
witnesses
victims
other providers of information
former and potential members of staff, pensioners and beneficiaries
other individuals necessarily identified in the course of police enquiries and activity

Leicestershire Police will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record e.g. a file, as images, but it can also include other types of electronically held information e.g. CCTV images.

What types of personal data do we process?

We do not process or store personal information from this website. However, if you email us, or use the contact form, the information you provide might be processed.

Where do we get the personal data we process?

We do not process or store personal information on our website. The only information we receive is what you provide if you email us, or fill in our contact form. We may process this with a policing purpose as above.

In order to carry out the purposes described in why do we handle personal data above, Leicestershire Police may obtain, use, disclose, handle etc. personal data relating to or consisting of the following:

personal details such as name, address and biographical details
family, lifestyle and social circumstances
education and training details
employment details, including performance and development
financial details
goods or services provided
racial or ethnic origin
political opinions
religious or other beliefs of a similar nature
trade union membership
physical or mental health or condition
sexual life
offences (including alleged offences)
criminal proceedings, outcomes and sentences
physical identifiers including DNA, fingerprints and other genetic samples
sound and visual images and other digital media, including CCTV
licenses or permits held
criminal Intelligence
references to manual records or files
information relating to health and safety
complaint, incident and accident details

Where does this data come from?

In order to carry out the purposes described under why we handle personal data above, Leicestershire Police may obtain personal data from a wide variety of sources, including the following:

Other law enforcement agencies
HM Revenue and Customs
international law enforcement agencies and bodies
licensing authorities
legal representatives
prosecuting authorities
defence solicitors
courts
prisons
security companies
partner agencies involved in crime and disorder strategies
private sector organisations working with the police in anti-crime strategies
voluntary sector organisations
approved organisations and people working with the police
Independent Police Complaints Commission
His Majesty’s Inspectorate of Constabulary
auditors
Police and Crime Commissioner
central government, governmental agencies and departments
emergency services
individuals themselves
relatives, guardians or other persons associated with the individual
current, past or prospective employers of the individual
healthcare, social and welfare advisers or practitioners
education, training establishments and examining bodies
business associates and other professional advisors
employees and agents of Leicestershire Police
suppliers, providers of goods or services
persons making an enquiry or complaint
financial organisations and advisors
credit reference agencies
survey and research organisations
trade, employer associations and professional bodies
local government
voluntary and charitable organisations
ombudsmen and regulatory authorities
the media
Data Processors working on behalf of Leicestershire Police
Probation Service and Community Rehabilitation Companies
Probation Service and Community Rehabilitation Companies
Public Protection Multi Agency Sharing Hubs
information openly available on the internet
body worn cameras worn by police officers
Surveillance systems such as ANPR, CCTV and Drone footage.

Leicestershire Police may also obtain personal data from other sources, such as its own CCTV systems, or correspondence.

How do we handle personal data?

In order to achieve the purposes described under why do we handle personal data, Leicestershire Police will handle personal data in accordance with the principles [2] of the Act and the GDPR. In particular, we will ensure that personal data is handled fairly and lawfully with appropriate justification. We will strive to ensure that any personal data used by us or on our behalf is of the highest quality in terms of accuracy, relevance, adequacy and proportionality, is kept as up to date as required, is protected appropriately, and is reviewed, retained and securely destroyed when no longer required. We will also respect individuals’ rights under the Act.

[2] Data protection principles:

Principles relating to processing of personal data (Article 5 GDPR):

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Personal data shall be accurate and, where necessary, kept up to date
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

How do we ensure the security of personal data?

Leicestershire Police takes the security of all personal data under our control very seriously. We will comply with the relevant parts of the Act relating to security, and seek to comply with the Association of Chief Police Officers’ Community Security Policy. We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and integrity monitoring, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.

Who do we disclose personal data to?

In order to carry out the purposes described under why do we handle personal data above Leicestershire Police may disclose personal data to a wide variety of recipients in any part of the world, including those from whom personal data is obtained (as listed where we obtain personal data above). This may include:-

Disclosures to other law enforcement agencies (including international agencies)
Partner agencies working on crime reduction initiatives
Partners in the Criminal Justice arena,
Victim Support, and
Local government
Central government
Ombudsmen and regulatory authorities
The Media
International agencies concerned with the safeguarding of international and domestic national security
Other bodies or individuals where necessary to prevent harm to individuals
Third parties involved with investigations relating to the safeguarding of national security

Disclosures of personal data will be made on a case-by-case basis, using the personal data appropriate to a specific

purpose and circumstances, and with necessary controls in place.

Some of the individuals and bodies to which we may disclose personal data are situated outside of the European Union - some of which do not have laws that protect data protection rights as extensively as in the United Kingdom. If we do transfer personal data to such territories, we will take proper steps to ensure that it is adequately protected as required by the Act.

Leicestershire Police will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. This may include disclosures to the Child Support Agency, the National Fraud Initiative, the Home Office, to the Courts, the General Medical Council and the Nursing and Midwifery Council. Leicestershire Police may also disclose personal data on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

What is our lawful basis for processing personal data?

We only use your personal information where we have an appropriate lawful basis for doing so. For example, we use your personal data where:

we need to use the information to comply with our legal obligations;
We need to use the information for the performance of a task in the public interest;
we need to use the information to perform a contract with you;
we need to use the information to comply with law enforcement; and/or
we have your consent (where relevant);

Where we rely on consent as our lawful basis for processing, you have the right to withdraw your consent at any time. To withdraw your consent, please use the instructions on the form used to gain your consent or by contacting the relevant department to whom the consent was given. However, we won’t always need consent to process your personal information – for example - if we need it to meet regulatory requirements, perform a contract with you or if the processing in necessary for Law Enforcement purposes.

Where the provision of personal data is part of a statutory or contractual requirement or obligation, we may be unable to progress with that process should the personal data not be made available to us.

Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. Processing sensitive data (including ‘special category data’ and ‘criminal offences’ data) may include cases where:

we have a legal obligation to do so (for example to protect vulnerable people);
it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
it is in the substantial public interest;
it is necessary for the prevention or detection of crime;
it is necessary for insurance purposes, or
for legal proceedings.

What security measures do we use when processing your personal data?

We take the security of all personal data under our control seriously. We comply with our legal obligations regarding security, relevant parts of the ISO27001 Information Security Standard, and where appropriate the College of Policing Authorised Professional Practice guidance on Information Assurance.

We ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse. We only permit access when there is a legitimate reason and under strict guidelines on what use may be made of any personal data contained within them. We continuously manage and enhance our compliance with relevant standards and guidance to achieve adequate and up-to-date personal data security.

What disclosures do we make of your personal data?

We may disclose personal data to a wide variety of recipients in any part of the world (including outside of the United Kingdom and the European Economic Area), including to those from whom we originally obtain personal data. Recipients may include:

law enforcement agencies
businesses (including security companies, and other supplies of goods and services) and other private sector organisations working with the police in anti-crime strategies
partner agencies working on crime reduction or safeguarding initiatives
agencies and other third parties concerned with the safeguarding of and investigation relating to international and domestic national security
local authorities, national and local government departments and agencies (including the Home Office, HM Revenue and Customs, the Serious Fraud Office, the Child Maintenance Service, the National Fraud Initiative, and private safeguarding agencies)
legal representatives, prosecuting authorities, courts, prisons, and other partners in the criminal justice arena;
victim support service providers
bodies or individuals working on our behalf
authorities involved in offender management
ombudsmen, auditors and regulatory authorities
other bodies or individuals where required under any legislation, rule of law, or court order
other bodies or individuals where necessary to prevent harm to individuals
the media.

We decide on disclosure case-by-case, disclosing only the personal information that is necessary and proportionate to a specific purpose and with appropriate controls and safeguards in place.

How long do we retain your personal data?

Leicestershire Police keeps personal data only as long as is necessary for the particular purpose or purposes for which it is being processed. Personal data which is placed on national police systems namely, the Police National Computer, National DNA Database or National Fingerprint Database are managed in accordance with 'NPCC Deletion of Records from National Police Systems (PNC/NDNAD/IDENT1)'.

Other records containing personal data relating to crime recording, domestic violence, child abuse investigation, public protection, missing persons, case and custody, incident records, firearms licensing and intelligence will be retained in accordance with the Authorised Professional Practice on the Management of Police Information(this can also be found on the College of Policing’s website www.app.college.police.uk). Leicestershire Police also adhere to the Review, Retention & Disposal Policy (PD54) and Retention of Police Records (not subject of Review, Retention and Disposal) (PD156) Policy.

Monitoring

Leicestershire Police may monitor or record and retain telephone calls, text, emails and other electronic communications to and from the force in order to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist the purpose described under section 2 above. Leicestershire Police does not place a pre-recorded ‘fair processing notice’ on telephone lines that may receive emergency calls (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.

What are your rights over your personal data we process, and how can you exercise them?

You have the right to see what personal information we hold about you and also have the right to object to how we use your personal information. In addition, you can ask us to correct inaccuracies, delete or restrict the processing of your personal information in certain circumstances or to ask for some of your personal information to be provided to someone else (data portability).

To make enquires for further information about exercising any of your rights in this Privacy Notice, please contact our Data Protection Team by post addressing your letter to the Data Protection Team, Information Management Unit, Police Headquarters, ,St Johns, Enderby Leicester, LE19 2BX or by emailing data.protection@leics.police.uk

The right to be informed:

This area is covered by this privacy notice.

The right of access – also known as a Subject Access Request (SAR):

You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can usually make a request for access free of charge by contacting the Data Subject Access team at Data Protection Team, Information Management Unit, Police Headquarters, St Johns, Enderby Leicester, LE19 2BX or by emailing data.protection@leics.police.uk

We may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please make all requests for access in writing, where possible, and provide us with evidence of your identity. Please see our website for further information on how to request personal information (also known as a ‘subject access’ request): www.leics.police.uk

The right to rectification:

Under Article 16 of the GDPR, individuals have the right to have inaccurate or incomplete personal data rectified. Leicestershire Police can refuse this request where it is necessary and proportionate or relates to ‘relevant personal data’, i.e. to avoid obstructing an official or legal inquiry, investigation or procedure.

The right to erasure:

Under Article 17 of the GDPR, individuals have the right to have personal data erased and to prevent processing in specific circumstances, for example if there is no compelling reason for its continued processing. Leicestershire Police can refuse this request where it is necessary and proportionate or relates to ‘relevant personal data’, i.e. to avoid obstructing an official or legal inquiry, investigation or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties. The erasure of personal data relating to criminal offences cannot be considered until its full period of retention has been reached.

The right to restrict processing:

Under Article 18 of the GDPR, individuals have the right to restrict the processing of personal data, for example, if an individual believes that the data is incorrect, is processed unlawfully or is no longer required by the Data Controller. Leicestershire Police can refuse this request where it is necessary and proportionate or relates to ‘relevant personal data’, i.e. to avoid obstructing an official or legal inquiry, investigation or procedure or to avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties.

Rights in relation to automated decision making including profiling:

Article 22 of the GDPR has rules to protect individuals if solely automated decision [3] making (making a decision without any human involvement) has taken place and in relation to profiling.

Leicestershire Police do not currently employ automated decision making and therefore currently do not make any decisions solely using automated means. However we will notify you if this position changes.

Automated decision-making:

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

Where we have notified you of the decision and given you 21 days to request a reconsideration.
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Right to withdraw consent:

If you have given us your consent to use your personal information, you can withdraw your consent at any time by using the above contact methods or as specified on the relevant consent form(s). However, we won’t always need consent to process your personal information – for example - if we need the data to meet regulatory requirements, perform a contract with you or if it is held for Law Enforcement purposes.

Right to object:

You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.

Please note that certain rights under the GDPR which relate to General processing do not exist in Part 3 of the DPA which relate to Law Enforcement Processing (LEP). Therefore the above right only applies to general processing and not to law enforcement processing.

Portability:

You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

Please note that this right only applies to general processing and does not apply to law enforcement processing.

Make a complaint:

You can make a complaint about how we have used your personal information to us, by emailing the Data Protection Officer at data.protection@leics.police.uk or by writing to Data Protection Officer, Information Management Unit, Police Headquarters, St Johns, Enderby, Leicester, LE19 2BX

If you are not satisfied with our response, you can further contact the Information Commissioner's Office at https://ico.org.uk/

Links to other websites

Our website may contain links to other websites of interest however, once you have used these links to leave our site, you should note that we do not have any control over that other website therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How do we use cookies?

A 'cookie' is a piece of information stored on your computer which allows web servers to collect information from your visit to this website. It saves a small amount of data to your computer, which the website then uses on repeat visits.

We use cookies on this website to improve user experience and for essential functionality. We do not use them for identification, monitoring, or profiling purposes. To find out how to reject, delete or update your cookie preferences in your browser you need to know what browser you use and what version of it you are using. Most browsers have guidelines on how to adjust cookie settings through their 'Help' menu.

We use the following cookies on the website for the reasons explained below.

Google Analytics sets the following cookies:

Universal Analytics

Google Analytics

If you don't want to send information to Google Analytics, you can use Google's opt-out browser add-on or you can configure your browser to enable you to choose which cookies you allow to be created.

‘Remarketing’ services

We use cookies from the Google Doubleclick and Facebook Pixel services to track activity of website visitors originating from media sources. We use anonymised data from this service to optimise our online advertising activity for recruitment. In certain cases we may use ‘remarketing’ services to target our ads to you based on your prior use of our site when you visit other sites included within an online advertising network. If you do not wish to be tracked in this way, you can opt out via the following:

Google Doubleclick
Facebook Pixel
- if you are a Facebook user
- if you are not a Facebook user

Session cookies

We use session cookies to enable us to identify requests from the same browser during a limited time window, and provide a way to remember page changes, or item or data selection, for the duration of that session.
Session cookies are essential for the website to operate and are set upon your arrival to the site. These cookies are deleted when you close your browser.

Site messages

You may see pop-up messages on our site. For example, a pop-up explaining our use of cookies. Once you have seen these messages we store cookies to ensure we do not show you the same message again.

Any individual with concerns over the way Leicestershire Police handles their personal data may contact the Data Protection Team as below: