The National Business Crime Solution Ltd takes the protection of data seriously. The service is not possible without the provision of personal data. Personal data processing shall always be compliant with the General Data Protection Regulation (GDPR) and in accordance with UK specific legislation applicable to NBCS processing. By means of this privacy notice we would like to ensure the general public are informed as to why we collect and process personal data and Data Subjects rights relating to the collection and processing of personal data.
The data protection notice of the National Business Crime Solution Ltd is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR) but for ease of understanding the following definitions apply.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Name and address of the controller
The name and address of the data controller is:
National Business Crime Solution Ltd, County House, St Mary’s Street, Worcester, WR1 1HB
0800 080 6016
Name and address of the lead supervisory authority
The Lead Supervisory Authority overseeing the Controller is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
The information we collect about you when you visit the site
When you request one of our web pages through your browser, data such as:
your IP address, your browser and the version you’re using, your operating system and the date and time and site you came from …are stored in a log file and/or a database.
But don’t worry – this information can’t be used to identify specific individuals, and we only use it for managing and maintaining our website research and development of our products and services and anonymous user analysis, so we can see how our site’s being used.
Our website automatically deploys a cookie on your computer when you arrive (provided cookies aren’t blocked by your browser). This little chap allows us to track visitor statistics and usage of the site and is automatically deleted after 30 days. On 27th May 2011, those lovely people at the EC introduced a directive called the Privacy and Electronic Communications Regulation 2011 which requires owners of websites to get specific approval from the visitor if cookies are deployed.
It’s pretty easy to restrict or block the cookies used on our site through your browser settings. If you go to the Help function within your browser, you can get detailed instructions on how to change them.
If you’re really interested, you might also want to visit www.aboutcookies.org, which provides instructions on how to block cookies on all the major browsers. This splendid site also explains how you can delete cookies that have already been stored on your computer as well as general information about cookies. Have fun!
You should be aware though that most cookies are harmless and restricting them may actually impact on the functionality of the websites you visit.
What are the reasons for processing and the types of data we process?
We process personal data and sensitive personal data for the prevention and detection of crime and anti-social behavior. We also use this data to identify natural persons for further action such as target hardening, follow up investigation, exclusion notices, civil court injunctions and private prosecutions in order to prevent and reduce crime and enhance national prosperity at the local, regional and national level, based on the national intelligence model.
We collect information relating to the above reasons/purpose from the following sources:
UK law enforcement bodies, our business members, Business Improvement Districts, UK crime partnerships, open source material via social media and any other relevant bodies or businesses linked to ongoing criminal investigations.
Types of data we process for the above reason / purpose may include;
- Name and address details
- Date of birth, age and descriptive details
- Email address
- Phone number
- Details of associates
- Vehicle registration details
We also process sensitive categories of information such as;
- Ethnic origin
- Offences and alleged offences
We process personal information about our;
- Members and employees
- Complainants and enquirers
- Advisers and other professional experts
- Members subjects of interest
Rights of the data subject
GDPR affords EU Data Subjects with rights. These rights are summarised below. In order to assert any of these rights, the Data Subject may contact the Data Controller designated by the National Business Crime Solution Ltd or another employee at any time.
The right of Confirmation: Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
The right of Access: Each data subject shall have the right to obtain from the controller, free information about his or her personal data stored at any time and a copy of this information. Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
Right to Rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure (Right to be forgotten): Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have an obligation to erase personal data without undue delay where one of the statutory grounds applies, as long as the processing is not necessary.
Right of Restriction of Processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where a statutory reason applies.
Right to Data Portability: Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format.
Right to Object: Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her.
Automated individual decision-making, including profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent: The NBCS lawful basis for the processing of data is legitimate interests.
Right to Complain to the Supervisory Authority: The details of the Supervisory Authority are contained within this Privacy Notice.
The NBCS lawful basis for processing this data is “legitimate interests” as the data processing is necessary to protect the business interests of our members and there is no less intrusive way to achieve those business interests. The purpose of the data processing outweighs the rights of the data subject in this instance as our processing is for the greater public interest, the benefit of the NBCS and its member businesses.
Period of storage
Data is held for 25 months before its permanently and securely disposed of. Secure disposal of data is automated. All data is held on UK based secure servers.
Who shared with;
The NBCS will act as the data controller and any processing is conducted under information sharing agreements with UK law enforcement bodies, it’s business members, Business Improvement Districts, UK crime partnerships and any other relevant bodies or businesses linked to ongoing criminal investigations, (this includes NBCS third party suppliers) or for the purpose of analysing such data to further investigations into cross company, cross Police force, prolific and persistent offenders (PPOs). The NBCS does not share data outside of the European Union.
Security of processing
As the Controller the National Business Crime Solution Ltd has implemented technical and organizational measures to ensure personal data processed remains secure.
Concerned about how we handle data?
You can contact the data Supervisory Authority directly via https://ico.org.uk/concerns
Subject access requests
Please contact us via firstname.lastname@example.org title the email Subject access request and we will be in touch within 30 days as per the requirements of the General Data Protection Regulations.
Changes to this notice
This notice was last updated on 30/08/2019. We may update this notice to reflect changes in the law or our privacy practices.