This privacy notice tells you how the National Police Chiefs’ Council obtains, holds, uses and discloses personal data when you visit this website (https://www.cyberalarm.police.uk/), including any data you may provide through this website when you submit an enquiry, or sign up to the Police CyberAlarm initiative. It describes the steps we take to ensure data is protected, and your rights to know, see and challenge how your data is used.

It is important that you read this privacy policy together with any other privacy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

This website is not intended for children and we do not knowingly collect data relating to children.

This privacy policy contains the following information:

1. About us
2. Data we collect about you
3. How your personal data is collected
4. How we use your personal data
5. Disclosures of your personal data
6. International transfers
7. Data security
8. Data retention
9. Your legal rights

1. About us

This website is operated by/on behalf of the National Police Chiefs’ Council (NPCC). We are registered with the Information Commissioner’s Office (registration number ZA495495).

When the NPCC decides why and how personal data is used, it is “controller” of those data and is required to ensure that it handles those data in accordance with the law. The NPCC takes this responsibility very seriously and takes great care to ensure your personal data is processed appropriately to maintain public trust and confidence in the police.

Our contact details are as follows:

National Police Chiefs' Council
10 Victoria Street
London
SW1H 0NN
United Kingdom

info@npcc.pnn.police.uk

Our Data Protection Officer may be contacted using the following contact details:

dpo@npcc.police.uk

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

2. Data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes: title; first name; last name.
• Contact Data includes: address; email address; telephone number(s).
• Membership Data includes: details of the Police CyberAlarm services you have registered an interest in, or have signed up to receive.
• Technical Data includes: internet protocol (IP) address; login data; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; and the device used to access this site.
• Usage Data includes: information about how you use our website.
• Marketing and Communications Data includes: your preferences in receiving marketing from us and our third parties and your communication preferences. You may receive marketing communications from us if you have requested information from us or have negotiated for or contracted to receive Police CyberAlarm from us and you have not opted out of receiving that marketing.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How your personal data is collected

We use different methods to collect data from and about you including through:

• Direct interactions
  You may give us your Identity, Contact, Membership and Marketing and Communications Data by filling in our web forms or by corresponding with us by post, phone, email or otherwise.
• Automated technologies or interactions
  As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.
• Third parties or publicly available sources We will receive personal data about you from various third parties and public sources as set out below:
  
  • Identity, Contact, Membership and Marketing and Communications Data from Police Forces, Regional Organised Crime Units, other law enforcement entities, Cyber Resilience Centres and/or other third party referral organisations with whom you have been in contact.
  • Identity and Contact Data from publicly available sources such as Companies House, public social media networking sites, and your organisation’s own website.
  • Technical Data from the following parties:
    
    • analytics providers;
    • advertising networks; and,
    • search information providers.

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where you have provided your consent.
• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.
• Where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what the relevant legitimate interests are where appropriate.

Note that we may process your personal data in reliance on one or more lawful bases depending on the specific purpose for which we are using your data.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To receive and respond to your enquiry	Identity Contact	Consent Legitimate interests (promoting Police CyberAlarm; administering Police CyberAlarm; obtaining information you have sought) Necessary for law enforcement purposes
To register your interest in Police CyberAlarm, or to sign your organisation up as a member	Identity Contact Membership Marketing and Communications Data	Consent Legitimate interests (promoting Police CyberAlarm; expanding provision of Police CyberAlarm; administering Police CyberAlarm) Performance of a contract Necessary for law enforcement purposes
To process and fulfil the contract between your organisation and the relevant Police Force	Identity Contact Membership Marketing and Communications Data	Consent Legitimate interests (administering Police CyberAlarm; expanding provision of Police CyberAlarm) Performance of a contract Necessary for law enforcement purposes
To manage our relationship, and that of the relevant Police Force, with you	Identity Contact Membership Marketing and Communications Data	Consent Legitimate interests (administering Police CyberAlarm) Performance of a contract Necessary for law enforcement purposes
To make suggestions and recommendations to you about goods or services that may be of interest to you	Identity Contact Membership Marketing and Communications Data Technical Data Usage Data	Consent Legitimate interests (promoting Police CyberAlarm; administering Police CyberAlarm; expanding provision of Police CyberAlarm) Performance of a contract Necessary for law enforcement purposes
To enable you to complete a survey	Identity Contact Membership Marketing and Communications Data	Consent Legitimate interests (administering Police CyberAlarm; obtaining feedback on and improving Police CyberAlarm)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Technical Data Usage Data	Legitimate interests (administering Police CyberAlarm; preventing and detecting crime; ensuring the efficient operation of our website) Necessary for law enforcement purposes
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	Technical Data Usage Data	Legitimate interests (administering Police CyberAlarm; ensuring the efficient operation of our website; expanding provision of Police CyberAlarm) Necessary for law enforcement purposes

You may receive marketing communications from us if you have requested information from us or have negotiated for or contracted with us in relation to Police CyberAlarm you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time.

Cookies You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Change of purpose We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table above.

• Police Forces in Great Britain and Northern Ireland;
• Other law enforcement entities, such as the National Crime Agency and the National Cyber Security Centre;
• Our third party service providers;
• Our professional advisers, including, without limitation, our insurers; and,
• Search engine and web analytics providers.

We may also disclose your personal data where we are subject to a legal obligation to do so, in connection with the prevention or detection of crime, for the purpose of establishing, exercising or defending our legal rights, or where we consider that we receive a valid request for disclosure.

You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information, we are entitled do so.

We require our third party service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

6. International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

7. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. Your legal rights

You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you, by accessing the customer preference centre or by contacting us.

Where you have consented to us using your personal data, you can withdraw that consent at any time.

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is investigated.

In some circumstances you can ask us to erase your personal data if you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.

You can also request in certain circumstances that we provide a copy of any personal data you provided to us and which is automated to you or a third party in a structured, commonly used and machine-readable format.

To exercise these rights, we need to be suitably satisfied of your identity and so may request that you provide identification documents or confirm other details we may hold about you.

You can exercise these rights by contacting our Data Protection Officer at the above address. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk.

We keep our privacy policy under regular review. This version was last updated in September 2020.