top of page
FCS Logo Website (WHITE TEXT)_3x.png

Data Privacy Policy

Introduction

The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). Forensic Courier Services (FCS) staff members are aware of the seriousness with which FCS views its responsibilities under this legislation.

This policy outlines the FCS directive, requirement, and stance with regard to compliance with the legislation and in safeguarding personal data.

This privacy notice explains:

  • how we collect, store, use, disclose, retain, and destroy personal data

  • the steps we take to ensure personal data we process is protected properly

  • the rights individuals have when we process their personal data

What is personal data?

Personal data is any information we handle that relates to an identified or identifiable natural person. An 'identifiable natural person' is anyone who can be identified, directly or indirectly from information, including by reference to a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

DPA & UK GDPR Principles

FCS fully supports and complies with the eight principles of the DPA which are summarised below. Personal data:
1. Shall be processed fairly and lawfully
2. Shall be obtained/processed for specific lawful purposes
3. Held must be adequate, relevant and not excessive
4. Must be accurate and kept up to date
5. Shall not be kept for longer than necessary
6. Shall be processed in accordance with rights of data subjects
7. Must be kept secure
8. Shall not be transferred outside the European Economic Area (EEA) unless there is adequate protection

 

Under the UK GDPR, FCS fully supports and complies with the main data protection principles and in line with Article 5 of the UK GDPR, has processes in the place to ensure that personal data shall be:


a) Processed lawfully, fairly and in a transparent manner in relation to individuals
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
d) Accurate
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the UK GDPR in order to safeguard the rights and freedoms of individuals
f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures
 

Why do we process your personal data?

The type of categories of personal data FCS holds in which we process on behalf of a data controller, and also as data controller, includes but is not exclusive to:


• To administer the activity of the business for employees and associated partners (controller/processor)
• Staff information regarding employment (controller)
• Customer, Supplier and Subcontractor information (controller/processor)
• Business related information (controller/processor)
• To manage and run the Human Resource and contractual requirements of the business (controller)
• To fulfil customer orders, requirements and services (processor)
• To respond to any enquiries submitted by a data subject (controller/processor)
• To carry out transactions or agreements (processor)
• Where permitted we may use information such as e-mail addresses to provide news, newsletters and to seek feedback on services (controller)

Whose personal data do we process?

We process information relating to a range of individuals, including:

  • victims of crime

  • people convicted of an offence

  • people suspected of committing an offence;

  • complainants, correspondents and enquirers

  • advisors, consultants and other professional experts

  • suppliers

  • current and former employees, agents, temporary and casual workers, and volunteers

  • representatives of individuals in this list, such as parents, other relatives, guardians, and people with power of attorney

What types of personal data do we process?

We may process personal data relating to or consisting of the following categories:

  • personal details (such as name, address, and biographical details)

  • family, lifestyle, and social circumstances

  • education and training details

  • racial or ethnic origin

  • political opinions

  • religious or other beliefs of a similar nature

  • trade union membership

  • physical or mental health or condition, both declared and suspected

  • sexual life

  • offences (including alleged offences)

  • criminal proceedings

  • physical identifiers (including DNA, and other genetic or biometric samples)
    sound and visual images (e.g. CCTV)

  • financial details

  • references

  • information relating to health and safety

  • complaint, incident, and accident details

 

The types of personal data we process will vary depending on the purpose. We aim to process the minimum amount of personal data necessary for the relevant purpose. You should not assume that we hold personal data in all of the categories identified for every person whose personal data we process.

The categories identified may not be complete as occasionally we may gather personal data in other categories for the purposes described.

Where do we get the personal data we process?

We collect personal data from a variety of sources, including:

  • law enforcement agencies and bodies

  • partner agencies involved in crime detection

  • legal representatives, prosecuting authorities, and courts

  • auditors

  • current, past or prospective employers of individuals

  • education, training establishments and examining bodies

  • business associates and other professional advisors

  • our employees, agents, and others

  • persons making enquiries or complaints

  • trade, employer associations, and professional bodies

  • our own CCTV systems

  • directly from data subjects

What is our lawful basis for processing personal data?

Data Protection Act 2018 Part 2 processing

Where we process personal data, the legal basis for doing so will vary depending on the circumstances. Ordinarily, the relevant legal basis is that the processing is:

  • necessary for performing a contract

  • necessary to comply with a legal obligation (including employment law)

  • in the public interest or for official purposes

  • necessary to protect your vital interests

  • for legitimate interests

  • with your explicit consent (which you may withdraw at any time)

What security measures do we use when processing your personal data?

We take the security of all personal data under our control seriously.

We ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse. We only permit access when there is a legitimate reason and under strict guidelines on what use may be made of any personal data contained within them. We continuously manage and enhance our compliance with relevant standards and guidance to achieve adequate and up-to-date personal data security.

FCS takes all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information. FCS will store all personal information provided in appropriate, fit for purpose and secure environments.

FCS will provide all commercially reasonable precautions on physical and electronic basis including where appropriate but not exclusive to:

• Password protection

• Encryption

• Firewalls

• Internal access restrictions

• Security passes and restricted physical access

• CCTV

 

The security of any data transmission requested by data subjects or data controllers over the internet cannot be guaranteed. It is not FCS policy to transmit sensitive data over the internet.

What disclosures do we make of your personal data?

We may disclose personal data to a wide variety of recipients in any part of the world (including outside of the United Kingdom and the European Economic Area), including to those from whom we originally obtain personal data. FCS will only pass personal data to third parties or other companies in order to fulfil contractual or legal obligations.

Recipients may include:

  • law enforcement agencies

  • local authorities, national and local government departments and agencies (including the Home Office, HM Revenue and Customs, the Serious Fraud Office, the Child Maintenance Service, the National Fraud Initiative, and private safeguarding agencies)

  • legal representatives, prosecuting authorities, courts, prisons, and other partners in the criminal justice arena

  • bodies or individuals working on our behalf

  • ombudsmen, auditors, and regulatory authorities

  • other bodies or individuals where required under any legislation, rule of law, or court order

 

We decide on disclosure case-by-case, disclosing only the personal information that is necessary and proportionate to a specific purpose and with appropriate controls and safeguards in place.

How long do we retain your personal data?

We keep your personal data for as long as necessary for the particular purpose or purposes for which we hold it.

What are your rights over your personal data we process, and how can you exercise them?

Under the Act you have a number of rights that you can exercise in relation to personal data we process about you.

 

You do not have to pay to exercise your rights (other than a reasonable fee if a request for access is clearly unfounded or excessive but we agree to fulfil it anyway).

 

We sometimes need to request specific information from you to help us confirm your identity and ensure your authority to exercise the rights.

 

Where FCS is the data processor of personal data and not the data controller it will seek permission from the relevant data controller before releasing any information to any party.

Right of Access: You can request access to the personal data we hold about you usually free of charge. Normally we will provide it within one month of receipt of your request unless an exemption applies. You can request access to the personal data we hold about you using the contact details of the DPO in this privacy notice.

Right to be Informed: You are entitled to be told how we obtain your personal information and how we use, retain, and store it, and who we share it with. This privacy notice gives you that information, as well as telling you what your rights are under the relevant laws.

Right to Rectification: If we hold personal data about you that is inaccurate or incomplete you have the right to ask us to correct it. You can ask us to correct your personal data using the contact details in this privacy notice. We will reply to you within one month unless the request is complex.

 

Right to Request Erasure: Under certain circumstances you have the right to ask us to delete your personal data to prevent its continued processing where there is no justification for us to retain it. The circumstances most likely to apply are:

  • where holding your personal data is no longer necessary in relation to the purpose for which we originally collected and processed it

  • where you withdraw your consent to us holding your personal data if we are relying on your consent to hold it

 

The right of erasure does not apply if we are processing your personal data:

  • to comply with a legal obligation

  • for the performance of a task carried out in the public interest or in the exercise of official authority

  • for the establishment, exercise or defence of legal claims

  • to exercise the right of freedom of expression and information

  • for archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to make it impossible to carry out or seriously impair that processing

 

If you would like to request the deletion of your personal data, you can do so using the DPO contact details in this privacy notice. We will respond to you within one month unless the request is complex.

 

Right to Restrict Processing: Under certain circumstances you have the right to ask us to restrict the processing of your personal data. This may be in cases where:

  • you are contesting the accuracy your personal data while we are verifying the accuracy

  • your information has been unlawfully processed and you oppose its erasure and have requested a restriction instead

  • where we no longer require your personal data but you need it to establish, exercise,  or defend a legal claim and do not want us to delete it

 

You can ask us to restrict processing of your personal data using the DPO contact details in this privacy notice.

 

Right to Data Portability: You have the right to obtain and reuse your personal information for your own purposes, transferring it from one environment to another. This right only applies to personal data provided by an individual, where the processing is based on their consent or for the performance of a contract and when that processing is carried out by automated means. If you wish to discuss this right, you can do so using the DPO contact details in this privacy notice.

 

Right to Object: You have the right to object to:

  • processing based on legitimate interests or performance of a task in the public interest and or exercise of official authority

  • processing of your information for scientific and historical research and statistics

  • direct marketing

 

Any objection must be on grounds relating to your particular situation. If you want to exercise your right to object you can do so using the DPO contact details in this privacy notice.

 

Rights related to automated decision making and profiling: You have the right not to be subject to a decision when it is based on solely automated processing (including profiling) and which produces a legal effect or similar significant effect on you. This right does not apply if the decision is authorised by law, is necessary for entering into or performance of a contract, or is based on your consent. We are unlikely to carry out automated decision making because our processes involve some type of human interaction and decision-making. Profiling is any form of automated processing of personal data intended to evaluate certain personal aspects about you to predict things about you such as your behaviour, interests, movements, or performance at work. We do not currently carry out automated profiling. If you have any questions about automated decision-making or automated profiling you can raise them using the DPO contact details in this privacy notice.

Data Protection Officer & Contact Details

Our Data Protection Officer can be contacted using the contact details below.

We are committed to protecting your personal data and take our responsibilities seriously. We handle your information with care to ensure proper processing, maintaining your trust and confidence. If you have any questions or concerns about how we manage your personal data, our DPO is available to assist you.


Email: office@forensiccouriers.co.uk

 

Address: Data Protection Officer, Forensic Courier Services, Unit1 Wessex Business Park, Halfway, Newbury, Berkshire RG20 8NS

How you can complain

The Information Commissioner's Office (ICO) regulates the processing of personal data. You can complain to the ICO if you are unhappy with how we have processed your personal data.

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: Make a complaint | ICO

Policy Updates

We keep this privacy policy under regular review and update it if any of the information in it changes.

Last reviewed and updated on 10/11/2025.

bottom of page