Privacy Notice

This notice explains how North Wales Police processes personal data about individuals which includes the collection, storage, and sharing of that information. It also describes the steps we take to ensure that the personal data we hold is protected, and explains the rights individuals have in regard to their personal data handled by North Wales Police.

The processing of personal data is governed by the Data Protection Act 2018 and the associated General Data Protection Regulation (GDPR) and North Wales Police has notified with the Information Commissioner as a ‘Controller' [registration no: Z4895270]. The Chief Constable of North Wales Police is the Controller and he has an obligation to ensure that all personal data is held and processed in accordance with the law.

North Wales Police takes that responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals' trust and confidence in North Wales Police.

1. Why do we handle personal data?

North Wales Police obtains, holds, uses and discloses personal data for two broad purposes:

A. The Policing Purpose – which includes, but is not limited to:

  • Preventing and Detecting Crime
  • Apprehending and Prosecuting Offenders
  • Protecting Life and Property
  • Preserving Order
  • Maintaining Law and Order
  • Providing Assistance to the Public in accordance with force policies and procedures; and
  • Any duty or responsibility of the police arising from common or statute law

B. The provision of services to support the Policing Purposes – which include, but are not limited to:

  • Staff/ Pensioner Administration, Occupational Health and Welfare
  • Public Relations/ Media
  • Finance/ Payroll/ Benefits/ Accounts/ Audits/ Internal Review
  • Training/ Health & Safety Management
  • Property/ Insurance/ Vehicle/ Systems and Transport Management
  • Complaints
  • Vetting
  • Legal Services/ Information Provision
  • Management of information technology systems
  • Licensing/ Registration
  • Research[1] (including surveys and analytics)/ Performance Management
  • Sports/ Recreation
  • Procurement
  • Planning/ Testing/ Security
  • Strategy and Policy development
  • Social Media Correspondence and analysis

North Wales Police will only use appropriate personal data that is necessary to fulfil our particular purposes. It will be adequate, relevant and not excessive.

It will be kept accurate, up to date and destroyed when no longer required.

[1] North Wales Police is required to conduct Customer Satisfaction Surveys to evaluate our performance and effectiveness. We may contact individuals, such as victims of crime of those reporting incidents, and ask them to give us their opinion of the service we are providing to the public. We use the information given to improve our service wherever we can. North Wales Police like many police forces uses a private company to undertake such surveys on our behalf with strict controls to protect the personal data of those involved.

2. Our lawful basis for processing data

The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018. The Chief Constable of North Wales Police is the Controller and he has an obligation to ensure that North Wales Police handles all personal data in accordance with the legislation.

It will only be collected and used by North Wales Police to carry out its legal and legitimate functions as defined by legislation, common law and best practice; in accordance with the Policing and Supported Policing Purposes detailed above

As North Wales Police processes many categories of data for various reasons, North Wales Police may also rely on other lawful bases like those necessary for a contract, those necessary for compliance with a legal obligation, or in your vital interest.

Where sensitive or 'special categories' data is being collected, additional lawful bases will apply like having explicit consent, necessary for employment, social security, defending against legal claims, for a substantial public interest (such as the Policing Purpose) and for preventative or occupational health or medicine, amongst other reasons.

In each case where information is being requested by North Wales Police we will specify at the time of collection of data, usually through a service specific privacy notice, which lawful basis above we are relying on for the processing of that data.

Where North Wales Police uses information for the purposes of a newsletter mailing list or anything considered to be 'marketing' then your information will be processed under the condition of consent.

3. Whose personal data do we handle?

In order to carry out the purposes described under section 1 above, North Wales Police may obtain, use and disclose (see section 8 below) personal data relating to a wide variety of individuals including the following:

  • Offenders and suspected offenders
  • Victims (current, past and potential)
  • Witnesses
  • Persons given a caution or a warning
  • Persons subject to judicial and other disposals including convictions, bindovers, discharges, acquittals, orders made under legislation
  • Suspect offenders under the age of 10
  • Other individuals necessarily identified in the course of police enquiries or activities
  • Staff, former staff and potential staff including volunteers, agent, temporary and casual workers
  • Relatives, guardians and associates of the people we are processing personal information about
  • Advisers, consultants and other professional experts
  • Pensioners and beneficiaries
  • Suppliers and contractors
  • Complainants, correspondents, litigants and enquirers
4. What types of personal data do we handle?

In order to carry out the purposes described under section 1 above, North Wales Police may obtain, use and disclose (see section 8 below) personal data relating to or consisting of the following:

  • Personal details such as name, address, email, and biographical details;
  • Family, lifestyle and social circumstances;
  • Skill and interests;
  • Education and training details;
  • Employment details;
  • Financial details;
  • Services provided;
  • Sound and visual images;
  • Licences or permits held;
  • References to manual records or files;
  • Information relating to health and safety;
  • Complaint, incident, civil litigation and accident details.

We also process Special Category information that may include:

  • Physical or mental health details;
  • Racial or ethnic origin;
  • Trade union membership;
  • Political opinions;
  • Religious or other beliefs;
  • Sexual life and sexual orientation;
  • DNA, fingerprints and other genetic or biometric samples.

We also process information relating to criminal conviction and offence data including:

  • Offences and alleged offences
  • Criminal proceedings, outcomes and sentences
  • Criminal intelligence

Where possible and/or appropriate you will be informed of the reason for collecting, holding and using your personal information.  Although, in view of the statutory functions of North Wales Police, this may not always be possible as doing so may prejudice the Policing functions (as detailed above).

5. Where do we obtain personal data from?

In order to carry out the purposes described under section 1 above, North Wales Police may obtain personal data from a wide variety of sources, other than the individual directly, which includes the following:

  • Other law enforcement agencies
  • HM Revenue and Customs
  • International law enforcement agencies and bodies
  • Licensing authorities
  • Legal representatives
  • Prosecuting authorities
  • Defence solicitors
  • Courts
  • Prisons
  • Security companies
  • Partner agencies involved in crime and disorder strategies
  • Private sector organisations working with the police in anti-crime strategies
  • Voluntary sector and charitable organisations
  • Approved organisations and people working with the police
  • Independent Office for Police Conduct
  • Her Majesty's Inspectorate of Constabulary
  • Auditors
  • Office of the Police and Crime Commissioner
  • Central government, governmental agencies and departments
  • Emergency services
  • Relatives, guardians or other persons associated with the individual
  • Current, past or prospective employers of the individual
  • Healthcare, social and welfare advisers or practitioners
  • Education, training establishments and examining bodies
  • Business associates and other professional advisors
  • Employees and agents of North Wales Police
  • Suppliers, providers of goods or services
  • Persons making an enquiry or complaint
  • Financial organisations and advisors
  • Credit reference agencies
  • Survey and research organisations
  • Trade, employer associations and professional bodies
  • Local government
  • Ombudsmen and regulatory authorities
  • The media
  • Data Processors working on behalf of North Wales Police

North Wales Police may also obtain personal data from other sources such as its own CCTV systems, Body Worn Video, training records, or correspondence.

6. How do we handle personal data?

In order to achieve the purposes described under section 1, North Wales Police will handle personal data in accordance with the data Protection Act 2018. In particular we will ensure that personal data is handled fairly and lawfully with appropriate justification.

We will strive to ensure that any personal data used by us or on our behalf is accurate and relevant. We will also ensure it is:

  • Not excessive;
  • Kept up to date as required;
  • Protected appropriately; and is
  • Reviewed, retained and securely destroyed when no longer required.

We will also respect individuals' rights under the Data Protection Act 2018.

7. How do we ensure the security of personal data?

North Wales Police takes the security of all personal data under our control very seriously. We will comply with the relevant parts of the Data Protection Act 2018 relating to security, and seek to comply with the National Police Chief's Council (NPCC) Community Security Policy and relevant parts of the ISO27001 Information Security Standard.

We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.

8. Who do we disclose personal data to?

In order to carry out the purposes described under section 1, North Wales Police may disclose personal data to a wide variety of recipients, including those from whom personal data is obtained (as listed above). This may include the following:

  • Disclosures to other law enforcement agencies (including international agencies)
  • Partner agencies working on crime reduction initiatives
  • Partners in the Criminal Justice arena
  • Other partner agencies working with North Wales Police
  • Customs and Excise
  • Victim Support Services
  • To bodies or individuals working on our behalf such as IT contractors or survey organisations
  • Security companies
  • Local government
  • Central government
  • Ombudsmen and regulatory authorities
  • The media
  • International agencies concerned with the safeguarding of international and domestic national security
  • Third parties involved with investigations relating to the safeguarding of national security
  • To other bodies or individuals where necessary to prevent harm to individuals
  • Licensing authorities
  • Service providers
  • Family and associates of the individuals we process information about
  • Healthcare professionals
  • Current, past and prospective employers
  • Educators and Examining bodies
  • Law enforcement and prosecuting authorities
  • Legal representatives
  • Defence solicitors
  • Independent Office for Police Conduct (IOPC)
  • The disclosure and barring service
  • Private sector organisations working with police in anti-crime strategies
  • Voluntary sector organisations
  • Approved organisations working with the police
  • Offices of the Police and Crime Commissioner
  • Emergency services
  • Business associates and professional advisers
  • Persons making an enquiry or complaint
  • Data processors
  • Financial organisations
  • Credit reference agencies
  • Survey and research organisations
  • Trade and employer associations and professional bodies
  • Crown Prosecution Service
  • HM Courts Service
  • National security anywhere in the world

Disclosures of personal data will be made on a case-by-case basis, using the personal data that is appropriate and proportionate to a specific purpose and lawful basis, and with necessary controls in place.

Where possible, you will be informed if we intend to use or share your information for a non-obvious purpose, either directly, via the Force’s website or other means of communication.

We will work with partner agencies and may share your information with them. All attempts to anonymise the personal information will be considered in the first instance and only personal information will be shared if there is a legal basis in which to do so and after having fully considered your rights to privacy.

We will actively manage our Information Assets in conjunction with Information Asset Owners who will manage and monitor the information through its lifecycle.

Some of the bodies or individuals to which we may disclose personal data may be situated outside of the European Union - some of which do not have laws that protect data as extensively as in the United Kingdom. If we do transfer personal data to such territories, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the Data Protection Act 2018.

North Wales Police will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order. North Wales Police may also disclose personal data on a discretionary basis, as allowed by law.

9. What are the rights of the individuals whose personal data is handled by North Wales Police?

Right to be Informed

This is provided for in Articles 13 and 14 of GDPR and Section 44 of the Data Protection Act 2018 which sets out the general duties of a Controller.  This Privacy Notice addresses that requirement.

Right of Access

Individuals have the right to apply for a copy of their personal data held by North Wales Police. This right, commonly referred to as Subject Access is created by Article 15 of GDPR and Section 45 of the Data Protection Act 2018 and is used by individuals who want to see a copy of the information an organisation holds about them (subject to exemptions).

Right to Rectification

Article 16 of GDPR and Section 46 of the Data Protection Act 2018 provides individuals with the right to have inaccurate personal data rectified or completed if it is incomplete.  This may involve North Wales Police providing a supplementary statement to the incomplete data. 

Right to Erasure

Article 17 of GDPR and Section 47 of the Data Protection Act 2018 provides individuals with the right to have personal data erased.  This is known as the ‘right to be forgotten’.  The right is not absolute and only applies in certain circumstances.

Right to Restrict Processing

Article 18 of GDPR and Section 47 of the Data Protection Act 2018 provides individuals with the right to restrict processing of their personal data in certain circumstances.  This means that an individual can limit the way an organisation uses their data. 

Right to Data Portability

Article 20 of GDPR provides individuals with the right to receive personal data they have provided to a Controller in a structured, commonly used and machine readable format.  It also gives them the right to ask a Controller to transmit this data directly to another Controller.

Right to Object

Article 21 of GDPR provides individuals with the right to object to:

- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority;

- direct marketing; and

- processing for purposes for scientific/historical research and statistics.

Rights related to automated decision making including profiling

Article 22 of GDPR and Sections 49/50 of the Data Protection Act 2018 makes provision to protect individuals from processing carried out solely by automated decision making that has legal or similarly significant effects on them.

In the event that you would like to raise a data protection complaint with North Wales Police regarding the processing of your personal data, please contact us using the details provided under section 12 below.

If after making a data protection complaint to North Wales Police you still feel your concerns were not full addressed you can contact the ICO using the details below:

The Information Commissioner's Office, Wycliffe House, Wilmslow, Cheshire, SK9 5AF

Telephone: 01625 545700 or 0303 123 1113 (local rate)


10. How long does North Wales Police retain personal data?

North Wales Police keeps personal data for as long as is necessary for the purpose for which it was collected and processeded. Records containing personal data relating to matters of intelligence, public protection, violent and sexual offenders, missing persons, case and custody, crime and incident, firearms, child abuse investigations and domestic abuse will be retained in accordance with the College of Policing Authorised Professional Practice (APP) on the Management of Police Information. Other records are held in accordance with our Review, Retention and Disposal Schedule.

We may use your personal information to analyse our performance and effectiveness. In some cases it may be necessary to contact you and ask you to assist us in the analysis in order to gather information about the services we provide.

Information Management policies and procedures are implemented and continually reviewed to ensure continual improvements in the way in which information is handled by reflecting any changes in legislation and developments in case law as necessary.

All staff and contractors are suitably vetted and trained in the appropriate policies and procedures for ensuring the correct handling of personal information. Staff receive training at the start of employment and refresher training as deemed necessary.

We will proactively monitor the legitimate use and quality of information through audits and transaction monitoring. Any breaches are taken seriously and disciplinary/ criminal investigations are undertaken as necessary. North Wales Police will not tolerate any misuse of information.

11. Monitoring

North Wales Police may monitor or record and retain telephone calls, texts, emails and other electronic communications to and from the force in order to deter, prevent and detect inappropriate or criminal activity, to ensure security, and to assist the purposes the purposes described above. North Wales Police does not place a pre-recorded ‘Fair Processing Notice’ on telephone lines that may receive emergency call (including misdirected ones) because of the associated risk of harm that may be caused through the delay in response to the call.

We will ensure statutory rights to information under the provisions of the Data Protection Act 2018; Freedom of Information Act 2000 and Environmental Information Regulations 2004 are addressed (Our Data). Should you find any of the information we hold about you is incorrect or misleading, we will ensure it is thoroughly assessed and corrected where appropriate.

12. Contact Us

To exercise any of the rights under section 9 above relating to personal data being held by North Wales Police, a request should be made using the details below. Any individual with concerns over the way North Wales Police handles their personal data may also contact our Data Protection Officer using the details below:


Mail: Data Protection Officer, North Wales Police Headquarters, Glan y Don, Colwyn Bay, LL29 8AW

Telephone: 01492 805125