1. Who we are
The Greater Manchester Combined Authority (GMCA) is made up of the ten Greater Manchester councils, the Greater Manchester Fire and Rescue Service, and the Mayor of Greater Manchester. We work with other local services, businesses, communities and other partners to improve the city region.
2. Summary of Service
The Deputy Mayor for Police and Crime, supported by the GMCA Police and Crime team, is responsible for the management of police complaint reviews where the complainant is unsatisfied with the way that their original complaint has been handled by Greater Manchester Police. The Police will provide details of how a review can be requested from the relevant review body in their original outcome letter to the complainant.
3. What Data We collect
The data that we collect to process your complaint review are:
- Contact Details
- Complaint Details
- Unique Identifiers
- Allegations of misconduct
- Details of personal characteristics
- Details of personal distress/injury
- Original complaint documentation
4. Why we need your data
We require your data:
- To identify your original complaint and to conduct a review of the way your complaint has been handled.
- To provide recommendations to Greater Manchester Police where the review has identified further actions to be taken.
- To check our performance in responding to you.
- To ensure that we meet all our legal obligations.
5. Our legal basis for processing your data
Our legal basis for processing your personal data are to perform a public task with official authority under the following legislation:
Policing and Crime Act 2017 and the Police Reform Act 2002 (Part 2 and Schedule 3, paragraph 25). This is supported by the Police Complaints and Misconduct Regulations 2020.
6. How long we keep your data
The GMCA will keep your information for six years from the point at which the review is completed. We may keep your information in an anonymised format after this time for statistical purposes and in these cases, all personal information will be removed.
7. How we ensure the security of your data
The information you provide will be subject to rigorous procedures to make sure it can’t be seen, accessed or shared with anyone who shouldn’t see it. These include:
- All staff receive specific information security training.
- All staff comply with Information Security policies and procedures. These set out how your information is protected and what happens if the security of the information is breached
- All the laptops used by staff are encrypted and need a unique logon password and ID to access the computer systems.
- All desktop computers need a unique logon password and ID to access the computer systems.
- Staff only have access to the information they need to do their job. This means if they are not the right person in the right team, they will not be able to see your information.
- Staff with access to the most sensitive information may need to have a Disclosure and Barring Service (DBS) check. This check will show any criminal convictions which may mean the staff member cannot be trusted with your information.
We also have responsibilities to keep our computer systems secure and take steps to stop outside malicious access also known as hacking. This requires us to comply with requirements specified by Central Government. Find out more about the Central Government requirements at www.gov.uk/guidance/public-services-network-psn-compliance.
8. Who we share your data with
- Your data will be shared with Greater Manchester Police to review your original complaint case file.
- The data we collect may be shared with other government departments, agencies and public bodies.
- We will share your data if we are required to do so by law; for example, by court order, or to prevent fraud or other crime.
9. What rights do individuals have?
The GMCA must comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Under data protection law, your rights include:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to make a request, please contact us at:
Post: Office of the DPO GMCA, Broadhurst House, 56 Oxford Street, Manchester, M1 6EU
10. How can I make a complaint?
If you are not satisfied with how the GMCA is using the information we hold about you please contact our Data Protection Officer by emailing email@example.com.
If you are still not satisfied with the GMCA’s response to any request to exercise your individual rights or if you believe that the GMCA is not processing your personal data in accordance with the law, you can contact the Information Commissioners’ Office via their website: www.ico.org.uk.
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Telephone: 0303 123 1113.