Quickly exit this site by pressing the Escape key Leave this site
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
This Privacy Notice explains how the Met processes personal data relating to members of the public. It also outlines the steps we take to ensure that personal data is protected and describes the rights individuals have in relation to the data we process.
View the child-friendly version of the privacy notice.
Personal data is any data that can be used to identify a living individual, on its own or in combination with other available information. References to names, identification numbers and location data would all be personal data. Processing means anything we do with the data and includes collecting, storing, and sharing.
The Commissioner of the Metropolitan Police Service (MPS) is the controller for any personal data processed by the MPS.
Sir Mark Rowley - MPS Commissioner and MPS Data Controller.
Email: [email protected]
The Data Protection Officer is Darren Curtis. You can contact him at: [email protected]
c/o MPS Data Office
PO Box 313
The Met's Data Office manages the Met's data protection compliance and can be contacted at: [email protected].
The Met collects personal data from a range of sources in the course of the exercise of its statutory Law Enforcement functions. We also process personal data that is collated in the course of our administrative functions, for example staff administration, procurement, property management, advertising and media.
The personal data we collect and use will include personal data and special category personal data.
Types of personal data we process may include information such as;
Special category personal data may include:
The Met will only use the minimum amount of personal information necessary to carry out a particular activity.
Any communication with an Met employee is accessible to Lawful Business Monitoring (LBM).
In order to carry out our functions, we process information relating to a wide variety of individuals including:
We also process data relating to existing and former members of staff.
Information is likely to be held in various forms, including electronically in emails and in the Met's electronic filing system and databases as well as in paper-based records. It may also be held in other electronic forms such as CCTV.
The Met processes personal data for law enforcement purposes as outlined in Part 3 of the Data Protection Act 2018, which are the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. We also process data for the purposes of safeguarding National Security, including National Security Vetting for Met staff.
The legal basis for processing law enforcement data is that it is necessary for the performance of functions. The Met's functions are established in the main under the Police and Criminal Evidence Act 1984 and the Police Act 1996, The Police Reform Act 2002 and include any powers or duties conferred by an enactment, and include:
We will only use personal information when the law allows us to and where it is necessary and proportionate to do so.
We may also process data for non-law enforcement purposes such as when we recruit and vet potential employees, for staff administration, managing media relations and when we provide educational programmes and support. Where we process data for non-law enforcement purposes, the processing is likely to be based on the following grounds:
Where we process special categories of personal data, we will do so in accordance with the specific conditions of processing set out in the Data Protection Act 2018. It is likely that we will use special category data in the following circumstances:
We also collate data via Met social media accounts (such as Twitter, Facebook, YouTube), for the assessment of feedback on the Met's performance and interactions by members of the public.
The Met may ask for your explicit consent in order to lawfully process your data where there are no other appropriate grounds. This will only happen in specific and limited circumstances and won’t usually be relevant to law enforcement data. When we do require consent, we will explain clearly what we are asking for and how we will use it. We will also tell you how we will process your data, how long we will keep it for and the steps we will take to delete it. Consent must be freely given, specific and informed and there must be a genuine choice about offering your data.
You have the right to withdraw consent at any time where we are processing or have processed your personal data based on your consent. Details on how to withdraw can be obtained by contacting [email protected].
The Met retains data in line with the Met's retention policy and in accordance with the Management of police information, taking into account the type, content and sensitivity of the data, related records, the purposes for which we process your personal data, and any legal or business requirements. Personal data will be retained for as long as necessary for the particular purpose or purposes for which it is held.
The sharing of data is a primary business function. For example, it may be necessary to share data with other law enforcement agencies, both nationally and internationally, and with partner agencies working on crime reduction and prevention initiatives. We may also share data with a range of other bodies such as the press and media, service providers, current, past and prospective employers, voluntary sector organisations, financial institutions and regulatory bodies.
The Met takes steps to ensure that any disclosures of personal data, however obtained, comply with the provisions of the Data Protection Act 2018 and General Data Protection Regulations. This includes ensuring that any disclosures are necessary and proportionate. Disclosures will be made on a case-by-case basis, using the personal data appropriate to a specific purpose, and with necessary safeguards in place.
Where you have provided your personal data to us for the purposes of the police constable recruitment process, your data, including biographical monitoring information, will be shared with the College of Policing.
It will be stored on their secure network or within their Assessment Information Management System (AIMS). From this information, your name, email address and candidate reference number will be uploaded to the new online assessment platform for constable recruitment and shared with the third party provider hosting the system in order to progress your application virtually.
Some of the bodies or individuals to which we may disclose personal information are situated outside of the European Union (EU). If we do transfer personal data to outside of the EU, we undertake to ensure that there are appropriate safeguards in place to certify that it is adequately protected as required by the legislation.
We will also disclose personal information to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law, and by court order.
Your personal data will be processed securely. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions. The security, confidentiality and integrity of your data is of utmost importance, and will be stored within UK servers on either standalone drives or cloud based solutions.
View our policies for:
View our strategy for:
No, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Under the Data Protection Act 2018 you have a number of rights that you can exercise in relation to the data we process about you. Under certain circumstances, by law you have the right to:
The Met has an obligation to tell you how we obtain your personal information and describe how it will be used, retained, stored and who we may share it with.
This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it and that it is accurate (commonly known as a Right of Access Request)
This enables you to have any incomplete or inaccurate information we hold about you corrected.
This enables you to ask us to delete or remove personal information where there is no lawful reason for us to continue to process it.
This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
There are other reasons why we may need to restrict your information rights. We would do this only if strictly necessary and in any case we would apply these restrictions in line with Sec. 44 (4), (5) and (6) of the Data Protection Act 2018:
(4) The controller may restrict, wholly or partly, the provision of information to the data subject under subsection (2) to the extent that and for so long as the restriction is, having regard to the fundamental rights and legitimate interests of the data subject, a necessary and proportionate measure to:
(5) Where the provision of information to a data subject under subsection (2) is restricted, wholly or partly, the controller must inform the data subject in writing without undue delay:
(6) Subsection (5) (a) and (b) do not apply to the extent that complying with them would undermine the purpose of the restriction.
The Met takes steps to ensure that any disclosures of personal data, however obtained, comply with the provisions of the Data Protection Act 2018 and General Data Protection Regulations. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under the law to charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances.
We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Further information about these rights can be found within the Data Protection Act 2018 and on the Information Commissioner’s Office website.
If you are not satisfied with the outcome of any of the above mentioned requests which you may have submitted to us you are entitled to contact the Information Commissioner’s Office (ICO) to lodge a complaint and/or to make a request under Section 51 DPA 2018 to check if the restriction or refusal was lawful. You are also entitled to apply to a court under Section 167 DPA 2018 if you believe there has been an infringement of your rights as a data subject under DPA 2018. For further information you may wish to visit the ICO website.
Alternatively, you may wish to phone or write to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Phone 0303 123 1113.
To exercise any of these rights please contact the MPS Data Office at: [email protected].
Or write to us:
MPS Data Office
PO Box 313
Cookies are used on this website to improve user experience and for essential functionality; they are not used for identification purposes.
Learn more about how the Met manages cookies.
The Met tries to meet the highest standards when processing personal data. We take queries and complaints very seriously. If you have any concerns about the way that we have handled your personal data please bring it to our attention via the following means:
MPS Data Office
PO Box 313
Or email [email protected]
You are also able to submit complaints to the Information Commissioner’s Office, advice on how to contact them based on the nature of your concern is available at ico.org.uk/concerns.
Last updated 29 March 2022.