The National Business Crime Solution Ltd
Privacy Notice for End Customers
- What is personal data?
- Personal data we collect
- How we collect your personal data
- Purposes for which we use your personal data and the lawful bases
- Sharing your personal data
- International transfers
- How long we keep your personal data
- Security of your personal data
- Your rights
- How to complain
- How to contact us
The National Business Crime Solution Ltd (“NBCS”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about you (“you/your”).
The purpose of this privacy notice is to explain what personal data we collect about you when we send out our marketing communications. When we do this, we are the data controller.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at email@example.com.
2. What is personal data?
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.
‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
3. Personal data we collect
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The personal data we collect includes:
- Job title
- Email Address
- Telephone number
4. How we collect your personal data
We may collect this personal data directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information from publicly available sources, including social media, where we have identified that you may be interested in the services we provide.
5. Purposes for which we use your personal data and the lawful basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
|Purpose||Lawful Basis for Processing|
|Processing your personal data to send marketing communications.||It is our legitimate interest to process your personal data for this purpose.|
6. Sharing your personal data
We will only share your personal data with the service providers we use to manage our marketing campaigns. We will not share your personal data with any other third parties.
7. International Transfers
It is unlikely that we’ll ever share your personal data outside the UK. If, however, it becomes necessary for us to do so, we will implement measures to ensure your personal data has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:
- Your personal data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation); or
- We enter into either International Data Transfers Agreements (IDTAs) or Standard Contractual Clauses (SCCs) with the receiving organisations and ensure that supplementary measures are also applied, where necessary.
8. How long we keep your personal data
We will retain your personal data for as long as is necessary for the purpose listed above and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised.
9. Security of your personal data
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.
10. Your rights
You have certain rights in relation to the processing of your personal data, including to:
- Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
- Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party (data portability).
- Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at firstname.lastname@example.org.
11. How to complain
You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
- Contact us | ICO
- Or by telephone on 0303 123 1113
12. How to contact us
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to:
National Business Crime Solution Ltd,
4 Dukes Court,
Alternatively, you can email us at email@example.com.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by emailing us using the details above or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’.
Privacy Notice for Service Delivery
The National Business Crime Solution Ltd (“the NBCS” “We”, “Us” “Our”) take the protection of data seriously. Our service is not possible without Processing Personal Data. We shall always be compliant with the UK General Data Protection Regulation (UK GDPR) and UK specific legislation applicable to the NBCS processing. We are a registered Controller with the Information Commissioner’s Office (ICO) with registration number ZA072300.
The purpose of this privacy notice to is to explain what Personal Data we process, why we do it and how and to let individuals know what their rights are in relation to that Personal Data processing.
This privacy notice is based on the terms contained within the UK GDPR but for ease of understanding the following definitions apply.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Data Subject: any identified or identifiable natural person, whose Personal Data is processed by the Controller responsible for the Processing.
Member: any business that subscribes for a membership at the NBCS.
Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processor: a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Third Party: a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.
Restriction of Processing: the marking of stored Personal Data with the aim of limiting their Processing in the future.
Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Special Category Data: any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
The information We collect about you when you visit Our website
When you request one of Our web pages through your browser, data such as:
your IP address, your browser and the version you’re using, your operating system and the date and time and site you came from are collected by cookies and stored in a log file and/or a database.
But don’t worry – this information can’t be used to identify specific individuals, and we only use it for managing and maintaining Our website research and development of Our products and services and anonymous user analysis, so we can see how Our site’s being used.
Our reasons for Processing Personal Data
We process Personal Data, Special Category Data and criminal offence data for the prevention and detection of crime and anti-social behaviour. We also use this data to identify natural persons for further action such as, following up on an investigation, police support, exclusion notices, civil court injunctions, private prosecutions and protecting Our Members and their employees. Our overall aim in Processing this Personal Data is to prevent and reduce crime and enhance national prosperity at the local, regional and national level.
We collect information relating to the above reasons/purposes from the following sources:
UK law enforcement bodies, Our Members, Business Improvement Districts, UK crime partnerships, open source material via social media and any other relevant bodies or businesses linked to ongoing criminal investigations.
Types of Personal Data we process for the above reasons/purposes may include:
- Name and address details
- Images taken from CCTV
- Video taken from CCTV
- Images taken from CCTV for the purpose or retrospective facial recognition supporting the identification of offenders or suspected offenders.
- Date of birth, age and descriptive details such as tattoos, facial hair, scars, noticeable characteristics, eye colour, hair colour, height, build, clothing, piercings, glasses
- Email address
- Phone number
- Details of associates
- Vehicle registration details
- Records of correspondence
We also process Special Category Personal Data and other more sensitive categories of Personal Data such as:
- Race and/or Ethnic origin
- Details of suspected criminal offences
- Details of criminal convictions or offences or related information including location data and place of offence
- Details of civil actions taken against individuals
We process Personal Data about Our:
- Members’ employees
- complainants and enquirers
- advisers and other professional experts
- Members’ individuals of interest
What do we do with the Personal Data we collect?
Our Members are national, regional and independent retailers, transport and distribution companies, Business Improvement Districts and Business Crime Partnerships. All Members of the NBCS have a mutual legitimate interest.
Where an individual has been reported by a Member of the NBCS for direct or suspected direct involvement in an incident which represents a threat to a Member of the NBCS, its customer, or the wider community, the NBCS will process the Personal Data of that individual.
We will process the Personal Data in multiple ways in order to achieve Our purpose, including;
- We will store the Personal Data on Our secure database.
- We may match the Personal Data to similar patterns of offending to identify the true scale of the issue and whether an individual is a repeat offender.
- We may pass a series of offending to the police for further investigation and or action.
- Where appropriate, we will share Personal Data with our Members for the purpose of alerting them to potential threats to their businesses and for the prevention and detection of crime. The Personal Data shared may include any of the categories listed above but, in each case, will be limited to what is necessary for this purpose and will only be shared where it is relevant according to geographical area and type of industry.
- The Personal Data may also be used to support civil outcomes such as civil court injunctions and banning notices.
Rights of the Data Subject
The UK GDPR affords Data Subjects with rights. These rights are summarised below. In order to exercise any of these rights, the Data Subject may contact NBCS at any time, using the details given below under ‘Contact Us’.
Right of access: Each Data Subject shall have the right to obtain from the Controller, information about his or her Personal Data stored at any time and a copy of this information.
Right to rectification: Each Data Subject shall have the right to require the Controller without undue delay to rectify any inaccurate Personal Data concerning them. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure (Right to be forgotten): In some circumstances a Data Subject shall have the right to compel the Controller to erase Personal Data concerning them without undue delay.
Right of restriction of Processing: Data Subjects have the right to compel the Controller to restrict the use of Personal Data if it is inaccurate, has been used unlawfully (but the Data Subject does not want the Controller to delete it), where it is not needed any more for the purpose for which it was collected or if the Data Subject has already objected to the processing and confirmation from the Controller as to whether they can comply with the request is pending.
Right to data portability: In some circumstances a Data Subject shall have the right to receive the Personal Data concerning him or her, which was provided to a Controller, in a structured, commonly used and machine-readable format.
Right to object: A Data Subject shall have the right to object to the processing of their personal data where for purposes of direct marketing or where the lawful basis relied upon is “legitimate interests” or “public task”.
Automated individual decision-making, including profiling: Each Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling. The NBCS does not make decisions based solely on automated processing.
Right to Withdraw Consent: Where the NBCS rely on consent as the lawful basis for processing Personal Data, a Data Subject has the right to withdraw their consent at any time. Please note that the NBCS does not rely on consent for any processing of Personal Data. Our lawful basis for the processing of data is legitimate interests.
Right to complain to the Information Commissioner’s Office (ICO) –The contact details for the ICO are contained at the bottom of this Privacy Notice.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
The NBCS lawful basis for processing this data is “legitimate interests” as the Processing is necessary to protect the business interests of Our Members and there is no less intrusive way to achieve those business interests. This legitimate interest is not outweighed by the rights and freedoms of the affected individuals as Our Processing is for the greater public interest, the benefit of the NBCS and its Members.
Where we process Special Category Data, we do so on the basis that it is in necessary for reasons of substantial public interest, in accordance with Article 9 (2) (g) of the UK GDPR. We have assessed this interest against the appropriate provisions within the Data Protection Act 2018 (DPA 2018) and consider that Our Processing is necessary for the purpose of preventing or detecting unlawful act, in accordance with paragraph 10, schedule 1 of Part 2 of the DPA 2018.
Period of storage
Personal Data is held for 25 months before its permanently and securely disposed of. The secure disposal of Personal Data is an automated process. All Personal Data is held on UK based secure servers.
Who do We share your Personal Data with?
The NBCS act as the Controller and any sharing is conducted under information sharing agreements with UK law enforcement bodies, it’s Members, Business Improvement Districts, UK crime partnerships and any other relevant bodies or businesses linked to ongoing criminal investigations, or for the purpose of analysing such data to further investigations into cross company, cross police force, prolific and persistent offenders. The NBCS does not share Personal Data outside of the UK.
We also use Third Party Processors to process data on our behalf. We enter into Data Processing Agreements with these Processors to ensure that they only process the data under our strict instructions.
Security of processing
As the Controller, the NBCS has implemented appropriate technical and organisational measures to ensure Personal Data processed remains secure.
Concerned about how We handle Personal Data?
If you are concerned about the way in which we process your Personal Data, you can contact the ICO via https://ico.org.uk/concerns or tel: 0303 123 1113
If you wish to exercise your rights or if you wish to contact us for any other reason, please use the contact details below.
The name and address of the data Controller is:
National Business Crime Solution Ltd, 4 Dukes Court, Bognor Rd, Chichester, England, PO19 8FX
Changes to this notice
This notice was last updated on 13/12/2021 We may update this notice to reflect changes in the law or Our privacy practices.