EyesOn Privacy Policy (v1.0)
Eyeson logo

EYESON PRIVACY POLICY

Last Updated: 1st March 2026 Version: 1.0

Please read this Privacy Policy together with Schedule 1 (Authorised Organisation Details), which contains specific information about the Authorised Organisation operating the EyesOn App in your area. Schedule 1 also contains the contact details you will need if you wish to exercise your data protection rights against the Authorised Organisation.

 

AT A GLANCE — WHAT THIS POLICY TELLS YOU

 

This box gives you a quick summary. The full details follow in the sections below.

Who collects your data: Three separate organisations handle your data independently for different purposes — EyesOn Community Limited (the App operator), UKPAC (UK Partners Against Crime), and the Authorised Organisation (e.g., your local police force or council). Each is responsible for its own use of your data.

What data we collect: Your name, address, date of birth, incident reports, photos, chat messages, and technical data about how you use the App.

Why we use it: To operate the App, support crime prevention and community safety, enable the Authorised Organisation to carry out its statutory functions, and comply with our legal obligations.

Who we share it with: The Authorised Organisation, other partner agencies for cross-border crime prevention, and our technical service providers.

How long we keep it: This depends on the type of data and whether it is linked to ongoing investigations. Key retention periods are set out in Section 7.

Your rights: You have the right to access, correct, delete, and object to processing of your data. Some rights are more limited where processing is for law enforcement purposes.

How to contact us: EyesOn: info@eyesonapp.com | DPO: info@eyesonapp.com UKPAC: info@uk-pac.com | Authorised Organisation: See Schedule 1.

 

1. INTRODUCTION

 

1.1 About This Privacy Policy

 

This Privacy Policy explains how your Personal Data is collected, used, stored and shared when you use the EyesOn mobile application ("App"). It should be read together with the End User Licence Agreement and Terms of Service ("EULA"), the Acceptable Use Policy ("AUP"), and Schedule 1 (Authorised Organisation Details). Terms used in this Privacy Policy have the same meaning as in the EULA unless otherwise stated.

 

1.2 Who We Are

 

The App is operated by EyesOn Community Limited (Company number 14729903) ("we", "us" or "our"), whose registered address is The Gardens, Fareham, Hampshire, PO16 8SS. The App is operated in partnership with UKPAC (UK Partners Against Crime Limited, Company No. 10397326) and with the Authorised Organisation specified in Schedule 1.

Our contact details are:

Where a Data Protection Officer has been appointed by UKPAC, their contact details are: info@eyesonapp.com. Where a Data Protection Officer has been appointed by the Authorised Organisation, their contact details are set out in Schedule 1. If no DPO has been appointed by a particular entity, that entity's general data protection contact is listed instead.

 

1.3 Purpose of the App

 

The App is designed to support UKPAC and partner agencies (including the Authorised Organisation) in identifying incidents in their areas, which in turn helps identify, match and link cross-border incidents affecting entire geographic regions. The App enables users to submit incident information to UKPAC (which may be shared with the Authorised Organisation), receive alerts, and participate in community discussions.

 

1.4 Importance of Your Privacy

 

We are committed to protecting your privacy and handling your Personal Data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and other applicable data protection laws.

 

1.5 Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. We will notify you of material changes in accordance with Section 15.

 

2. DATA CONTROLLERS AND PROCESSORS

 

What this section tells you: Three organisations are involved in handling your data when you use this App. Each acts independently and is responsible for its own use of your data. The table below gives you a quick overview, followed by the full legal detail.

 

2.1 Who Controls Your Data?

 

EyesOn, UKPAC, and the Authorised Organisation each act as independent data controllers (and not joint controllers) in respect of Personal Data processed via the App and Admin Portal. Each processes Personal Data for distinct purposes and determines the means of its own processing activities. They are independent because they each process Personal Data under different legal regimes and for different purposes.

 

Organisation

Role

What they do with your data

EyesOn Community Limited

Independent data controller (and processor for UKPAC)

Operates and secures the App; manages user accounts; provides the technical platform

UKPAC (UK Partners Against Crime Limited)

Independent data controller

Operates the Platform and Admin Portal; manages communities; creates Collections; crime hub; cross-border analysis; content moderation

Authorised Organisation (see Schedule 1)

Independent data controller

Conducts vetting checks; processes crime reports; carries out its statutory law enforcement, safeguarding and public safety functions

 

The data flows between the parties are governed by the Services Agreement, the Data Processing Agreement (between EyesOn and UKPAC), and the Data Sharing Agreement (between UKPAC and the Authorised Organisation). EyesOn provides the technical platform functionality that enables data sharing between UKPAC and the Authorised Organisation, but the lawfulness of such data sharing is determined by the Data Sharing Agreement.

 

(a) EyesOn as Data Controller

 

As an independent controller, EyesOn processes your Personal Data for the following purposes:

  • User authentication and account security;
  • Platform performance monitoring and service improvement;
  • Sending service-related notifications and responding to your enquiries;
  • Complying with its legal obligations as a platform provider.

 

(b) UKPAC as Data Controller

 

As an independent controller, UKPAC processes your Personal Data for the following purposes:

  • Platform operations, including Crime Reports, incident matching, Collections, and the crime hub;
  • User Account management (approving or rejecting Account Applications based on vetting decisions communicated by the Authorised Organisation);
  • Platform moderation and enforcement of the Acceptable Use Policy and EULA;
  • Community management and configuration (including retention periods, moderation settings, and Community designations);
  • Cross-border analysis across Communities;
  • Coordinating data sharing with the Authorised Organisation via automated exports pursuant to the Data Sharing Agreement;
  • Facilitating appeals processes; and
  • Providing administrative and operational support services.

UKPAC's own privacy notice, which sets out its processing activities as an independent data controller, is available at: https://uk-pac.com/privacy-policy/ You should read UKPAC's privacy notice alongside this Privacy Policy.

 

(c) Authorised Organisation as Data Controller

 

As an independent controller, the Authorised Organisation processes your Personal Data for its own statutory purposes, which may include (depending on its nature) law enforcement, safeguarding, public protection, community safety, incident prevention, housing management, environmental protection, or other public interest functions. The Authorised Organisation is an independent data controller solely for:

  • Vetting Checks conducted using its own systems and databases outside the Platform; and
  • Law enforcement processing of Crime Reports and other data received via automated exports from the Platform pursuant to the Data Sharing Agreement.

For the avoidance of doubt, the Authorised Organisation: (i) has no discretion over what App data is collected or how it is processed within the Platform; (ii) has no Admin Portal access; (iii) has no ability to configure retention periods, moderation settings, or other Platform settings; and (iv) has no instruction authority over EyesOn's processor processing for Platform functions.

Each controller is independently responsible for: (a) complying with its controller obligations under data protection legislation, including transparency requirements, lawful basis for processing, and data subject rights; (b) providing its own privacy notices to data subjects; and (c) responding to data subject access requests and other rights requests in relation to its own processing.

 

(d) EyesOn as Processor

 

In addition to its controller role, EyesOn also acts as a data processor on behalf of UKPAC for certain automated processing activities performed via the Admin Portal, including automated incident matching, notifications, report transmission, and data storage and presentation. When acting as processor, EyesOn processes Personal Data in accordance with UKPAC's documented instructions and the Data Processing Agreement.

EyesOn also acts as a data processor on behalf of the Authorised Organisation for hosting and displaying Authorised Organisation Content, governed by the processor provisions in the Services Agreement.

We are not joint controllers. EyesOn, UKPAC, and the Authorised Organisation do not jointly determine the purposes and means of processing, except where UKPAC moderates Authorised Organisation Content for Acceptable Use Policy enforcement, in which case UKPAC acts independently as controller for moderation purposes only.

 

(e) Data Sharing Between Controllers

 

Where the Authorised Organisation shares Personal Data with UKPAC for UKPAC's own controller purposes (such as crime prevention analysis, Collections, or cross-border intelligence work), this sharing is documented in the Data Sharing Agreement and is based on:

  • the Authorised Organisation's assessment of compatibility with its statutory purposes under Article 6(4) UK GDPR; and/or
  • the Authorised Organisation's lawful processing under Part 3 Data Protection Act 2018 for law enforcement purposes, which permits sharing for crime prevention purposes where appropriate safeguards are in place.

 

(f) Data Sub-Processors

 

EyesOn engages the following third-party sub-processors to support the operation of the Platform:

  • SentrySIS: technical development, maintenance and support services;
  • CO.UK: hosting and data storage services (Manchester data centre).

These processors are contractually obliged to process Personal Data only in accordance with EyesOn's instructions and to maintain appropriate security measures. A full list of sub-processors is maintained in the Data Processing Agreement and is available on request.

 

3. PERSONAL DATA WE COLLECT

 

3.1 Information You Provide When You Sign Up

 

When you sign up to the App, we collect the following: full name, email address, mobile number, address (residential or business), business name (if applicable), and business type (if applicable). Your date of birth is collected for age verification purposes and will be recorded in your Account profile for the lifetime of your Account. Identity documents provided for verification purposes are exported to the Authorised Organisation via automated secure export solely for the purpose of identity verification using the Authorised Organisation's own systems, and are not stored within the Platform. The Authorised Organisation is solely responsible for any retention of identity documents in its own systems in accordance with its own retention policies and data protection legislation.

 

3.2 Information You Provide When Submitting Reports

 

When you submit information through the App, we collect additional details so that a comprehensive incident report (referred to as a "Crime Report" where the Authorised Organisation is a law enforcement authority) can be generated. This may include:

(a) date, time and location of the incident;

(b) description of what happened;

(c) details of suspects, witnesses or victims (where known);

(d) information about property stolen or damaged;

(e) vehicle descriptions and registration numbers; and

(f) any other relevant information about the incident.

 

3.3 Personal Data in Reports — Including Third-Party Personal Data

 

A Crime Report may contain two sets of Personal Data: your own Personal Data as the user who submitted the report (which is likely to be kept for as long as you have an Account), and the Personal Data of any individuals named in or associated with the report (such as suspects, witnesses, or victims).

Where your report contains Personal Data about third parties (such as individuals named as suspects, witnesses, or victims who have not themselves submitted information to the App), that Personal Data has been sourced from you as the reporting user. We are not always able to provide privacy notices directly to such third parties where doing so would be impossible or would prejudice the purposes of law enforcement processing. Where the Authorised Organisation is a competent authority under Part 3 DPA 2018, it may process such data under the law enforcement processing regime, which carries its own transparency obligations.

 

3.4 Photos, Videos and CCTV Footage

 

You may upload:

(a) photographs of incidents, suspects, vehicles or property;

(b) mobile phone video footage; and

(c) CCTV footage.

This visual content may contain Personal Data of individuals captured in the images or footage. When uploading images or footage, you must ensure that content is relevant to the incident being reported, take reasonable steps to avoid capturing unrelated third parties, and ensure that you have a lawful basis to share any Personal Data included. Guidance is displayed within the App before you upload.

 

3.5 Chat Room and Community Content

 

When you participate in Chat Rooms and communities within the App, we collect:

(a) messages, images and videos you post;

(b) comments and replies; and

(c) reactions to other users' content.

Important: All content is logged and monitored by Administrators. Users are verified and traceable — there is no anonymity on the App.

 

3.6 Location Data

 

The App uses location services to help you report incidents accurately. We collect:

(a) location data when you submit information about crimes or incidents (via What3Words and Google Maps integration); and

(b) general location information to assign you to relevant Communities.

 

3.7 Technical and Usage Data

 

We automatically collect certain technical information when you use the App:

(a) device information (device type, operating system, unique device identifiers);

(b) App usage data (features used, frequency of use, time spent in the App);

(c) log data (IP address, access times, error logs); and

(d) authentication data (login credentials, single sign-on tokens for professional users).

 

3.8 Information from Third Parties

 

We receive vetting decision information from UKPAC when they implement Vetting Check results in the Admin Portal (for Gated Communities only). The Authorised Organisation conducts Vetting Checks using its own systems outside the Platform and communicates its decision to UKPAC, who then implements the decision. This includes confirmation of whether your application has been approved or rejected, and may include a message from the Authorised Organisation regarding their decision.

 

3.9 Special Categories of Personal Data

 

In certain circumstances, we may process special categories of Personal Data where you include them in incident reports or posts, including:

  • (a) information about criminal convictions and offences;
  • (b) information revealing racial or ethnic origin (where relevant to crime reporting); and
  • (c) health data (where relevant to incident reports, e.g., injuries sustained).

You should only include sensitive Personal Data in a report where it is genuinely relevant to the incident.

 

3.10 Age Restrictions and Verification

 

By registering for an Account, you confirm that you are at least 18 years of age. Providing false information regarding your age is a material breach of the EULA and may result in immediate suspension or termination of your Account and, where applicable, referral to the Authorised Organisation or reporting to relevant authorities. Date of birth information collected during registration is encrypted both in transit and at rest, stored securely within the Platform, and is accessible only to Administrators for age verification and Account management purposes.

If we become aware or have reason to believe that a user may be under 18 years of age, we will take the following steps:

(a) temporarily suspend the Account pending verification;

(b) request additional age verification documentation from the user;

(c) if the user fails to provide satisfactory evidence of age within 14 days, or if we confirm the user is under 18, permanently terminate the Account and delete all associated Personal Data (except where retention is required by law or for the establishment, exercise, or defence of legal claims); and

(d) where appropriate, notify the Authorised Organisation and, if required, report to relevant authorities.

Where a suspected underage user has submitted incident reports or other content that may be relevant to ongoing investigations by the Authorised Organisation, we will consult with the Authorised Organisation before deletion to determine whether any Personal Data must be retained for law enforcement purposes. Any such retention will be limited to what is strictly necessary and proportionate.

 

4. HOW WE USE YOUR PERSONAL DATA

 

What this section tells you: This section explains what each organisation does with your data and why they are legally permitted to do so.

 

4.1 EyesOn — Account Management and App Operation (Controller)

 

Purpose

Legal Basis

Creating and managing your user account; enabling access to the App

Performance of contract (Art. 6(1)(b) UK GDPR)

Maintaining, securing, and improving the App

Legitimate interests (Art. 6(1)(f) UK GDPR)

Sending service-related notifications and responding to your enquiries

Performance of contract / Legitimate interests

Complying with legal obligations and responding to lawful requests

Legal obligation (Art. 6(1)(c) UK GDPR)

Analysing usage patterns (aggregated and anonymised where possible) to improve App functionality

Legitimate interests (Art. 6(1)(f) UK GDPR)

In addition to its controller role, EyesOn acts as a processor on behalf of UKPAC for certain automated processing activities via the Admin Portal, including: automated incident matching; automated notifications; data storage and presentation; and report transmission. EyesOn processes such data in accordance with UKPAC's documented instructions and the Data Processing Agreement.

 

4.2 Authorised Organisation — Statutory Functions (Controller)

 

Purpose

Legal Basis

Conducting Vetting Checks for Gated Community access

Public task / Legal obligation (Art. 6(1)(e) or (c) UK GDPR); or Part 3 DPA 2018 (law enforcement)

Processing Crime Reports and supporting investigations

Public task (Art. 6(1)(e)); Part 3 DPA 2018

Safeguarding and public protection

Public task; Art. 9(2)(g) UK GDPR; Schedule 1 DPA 2018

Community engagement and statutory communications

Public task (Art. 6(1)(e))

Accessing User Account information for vetting, safeguarding, incident response, and account security

Public task (Art. 6(1)(e)); Part 3 DPA 2018

The Authorised Organisation's full privacy notice is set out at Schedule 1.

 

4.3 UKPAC Platform Administration and Community Safety (Controller)

 

Purpose

Legal Basis

Operating the Admin Portal and managing User Accounts

Legitimate interests (Art. 6(1)(f) UK GDPR)

Implementing vetting decisions; assigning users to Communities

Legitimate interests

Content moderation and Acceptable Use Policy enforcement

Legitimate interests

Crime prevention analysis, Collections, and cross-border intelligence

Legitimate interests

Operating the crime hub and providing community safety services

Legitimate interests

Facilitating multi-area coordination and information sharing

Legitimate interests

Facilitating appeals processes

Legitimate interests

Conducting optional surveys (on an opt-in basis)

Consent (Art. 6(1)(a) UK GDPR)

UKPAC's legitimate interests in processing your Personal Data include: providing community safety and crime prevention services; facilitating incident prevention and intelligence analysis; operating the crime hub; conducting cross-border analysis; administering the Platform and Admin Portal; and conducting research and evaluation. UKPAC has conducted a legitimate interests assessment and determined that these processing activities do not override your fundamental rights and freedoms, having regard to the community safety purpose of the App, the nature of the data processed, and the safeguards in place.

 

4.4 Vetting and Verification (Gated Communities Only)

 

For Gated Communities, the Authorised Organisation conducts Vetting Checks using systems and databases available to it outside the App and Platform. The specific systems used depend on the nature of the Authorised Organisation and are specified in Schedule 1. The App is used only to capture your application details and to export identity data to the Authorised Organisation via automated secure export.

Upon completion of the Vetting Checks, the Authorised Organisation communicates its decision (approve or reject) to UKPAC, and UKPAC implements the decision in the Admin Portal.

  • Where the Authorised Organisation is a law enforcement authority, Vetting Checks may include checks against criminal records databases, intelligence systems, and other law enforcement databases (such as the Police National Computer (PNC), Police National Database (PND), and Records Management Systems (RMS)).
  • Where the Authorised Organisation is not a law enforcement authority (such as a local authority or housing association), Vetting Checks may include identity verification, address verification, and eligibility checks appropriate to the Community.
  • For Non-Gated Communities, Vetting Checks are not required and access is available to any user who self-registers in accordance with the EULA. If you access a Non-Gated Community only, your Personal Data will not be exported to the Authorised Organisation for Vetting Checks. The Authorised Organisation may still receive your Personal Data where you submit an incident report or where sharing is otherwise necessary for the purposes described in Section 6.

 

4.5 Incident Reporting and Crime Reports

 

When you submit information about an incident, the App generates a Crime Report as a PDF with an attached JSON file, which is transmitted to UKPAC's designated recipients (which may include the Authorised Organisation) via secure encrypted email (Transport Layer Security (TLS) encryption). Crime Reports are transmitted within two (2) hours of submission during Business Hours (9:00am to 5:00pm Monday to Friday, excluding public holidays in England and Wales), or by 10:00am on the next Business Day for out-of-hours submissions.

EyesOn does not retain a copy of the PDF after transmission. The underlying data is held in the Admin Portal for intelligence analysis, trend reporting, and statistical purposes. This data is not owned by the Authorised Organisation; it remains owned by the user or Community that submitted it. UKPAC may share such reports with the Authorised Organisation pursuant to the Data Sharing Agreement.

 

4.6 Collections and Cross-Border Analysis

 

UKPAC may create Collections — groupings of related incident reports identifying common trends or patterns across geographic areas — and may share these with the Authorised Organisation for crime prevention purposes pursuant to the Data Sharing Agreement.

The Authorised Organisation may request UKPAC to create specific Collections or analysis reports. UKPAC, acting as an independent data controller, may mine the data to produce requested datasets where such requests are necessary and proportionate for identified policing or community safety purposes, as determined by UKPAC's legitimate interests assessment and Data Protection Impact Assessment.

Where cross-border searching of incident data is required, this is carried out by UKPAC as an independent data controller. Any such cross-border search will only take place following a request from an Authorised Organisation, and the purpose, scope, and lawful basis will be documented by UKPAC, with access and disclosure limited to what is necessary and proportionate.

You will not ordinarily be notified when your incident data is grouped into a Collection. You retain your data protection rights (including rights of access, rectification, erasure, restriction, and objection) in relation to your Personal Data held within Collections, subject to the limitations set out in Section 11. To exercise your rights, please contact UKPAC using the details in Section 11.

 

4.7 Suspect and Vehicle Identification — ID Gallery

 

The Authorised Organisation and UKPAC may upload photos of people and vehicles to an ID Gallery within the App to assist in identifying people and vehicles of interest. You may view the ID Gallery and submit information to the Authorised Organisation, but you must not download, share, or distribute photos, make defamatory statements, harass individuals, or encourage vigilante action.

 

4.8 Community Management, Alerts and News

 

We use your Personal Data to:

  • assign you to relevant Communities based on your location;
  • send you alerts relevant to your area;
  • share news articles from the Authorised Organisation and UKPAC;
  • share updates about activity in your Community; and
  • provide safety advice and prevention information.

 

4.9 Account Inactivity and Yearly Review

 

EyesOn carries out a yearly review of Accounts. If you have not logged into your Account for 12 months, your Account may be automatically disabled. You will receive notice before your Account is disabled. Upon disabling an inactive Account, your Personal Data will be retained in accordance with the retention periods set out in Section 7. Where no specific retention period applies, Personal Data associated with a disabled Account will be deleted within 30 days of the Account being disabled, unless retention is required for ongoing or potential investigations, legal proceedings, or compliance with legal obligations.

 

4.10 Surveys and Research (UKPAC — Optional)

 

UKPAC may invite you to participate in optional surveys conducted on behalf of third-party organisations (such as insurance companies, academic researchers, or public sector bodies) for commercial, academic, or public interest research purposes.

How it works:

(a) You will be invited to participate on an opt-in basis via an in-App notification or prompt;

(b) Survey questions are designed by the third party but administered by UKPAC;

(c) Your responses are collected and anonymised by UKPAC before any sharing;

(d) Only aggregated, anonymised statistics are shared with the third party;

(e) The third party cannot identify you or access your Personal Data.

 

Legal basis: Your consent (Art. 6(1)(a) UK GDPR) for survey participation, and UKPAC's legitimate interests (Art. 6(1)(f)) in conducting research, providing analytical services, and supporting evidence-based community safety initiatives.

Your rights:

  • Participation is entirely voluntary;
  • You may decline any survey invitation;
  • You can withdraw consent and opt out of future survey invitations at any time through your Account settings or by contacting us using the details in Section 11;
  • You may choose to participate in some surveys but not others;
  • You can request deletion of your survey responses before they are anonymised; and
  • Once data is anonymised, it cannot be linked back to you.

 

Anonymisation safeguards: UKPAC maintains an Anonymisation Policy governing the anonymisation of survey data before sharing with third parties, which includes: (i) minimum sample size thresholds (reports will only be generated where there are at least 50 completed responses overall and at least 10 respondents in any demographic category); (ii) suppression rules where a demographic breakdown has fewer than 10 respondents; (iii) aggregation requirements ensuring only statistical summaries are shared; (iv) limitations preventing combinations of variables that could create identifiable profiles; and (v) contractual prohibitions on third parties attempting re-identification.

 

5. LEGAL BASES FOR SPECIAL CATEGORIES AND CRIMINAL OFFENCE DATA

 

(a) Where special categories of Personal Data are processed, this is based on Article 9(2)(g) UK GDPR — processing necessary for reasons of substantial public interest — under Schedule 1 Part 2 DPA 2018.

(b) Processing of criminal convictions and offences data is carried out:

(i) by the Authorised Organisation under Article 10 UK GDPR and (where applicable) Part 3 DPA 2018 for law enforcement processing under the control of official authority;

(ii) by UKPAC under Article 10 UK GDPR for incident prevention and community safety purposes where authorised by UK law with appropriate safeguards under Schedule 1 Part 2 DPA 2018; and

(iii) by EyesOn as a processor on behalf of the controllers, or as controller where necessary for Platform operation under appropriate safeguards.

 

6. WHO WE SHARE YOUR PERSONAL DATA WITH

 

What this section tells you: This section explains who receives your data and why.

The table below summarises the recipients of your Personal Data, the purpose of each sharing, and the basis on which it takes place.

 

Recipient

Purpose

Basis

UKPAC

Platform administration, vetting implementation, crime prevention, Collections, crime hub

Data Processing Agreement; Data Sharing Agreement

Authorised Organisation

Vetting Checks; Crime Reports; statutory law enforcement, safeguarding, and public safety functions

Data Sharing Agreement; Authorised Organisation's own legal bases

Other Authorised Organisations / partner agencies

Cross-border crime prevention and intelligence analysis

UKPAC's legitimate interests; Data Sharing Agreement

Local authorities

Non-criminal matters (e.g., potholes, fly-tipping)

Legal obligation / Legitimate interests

Sub-processors (SentrySIS, ANS.co.uk)

Technical support, hosting, and data storage

Data Processing Agreement

What3Words / Google Maps

Location services (only data necessary for the functionality)

Their own privacy policies

Law enforcement / regulatory bodies

Where required by law, court order, or to protect safety

Legal obligation

 

6.1 Sharing with Authorised Organisations

 

Your name and address (residential or business) and location will be shared with the Authorised Organisation to enable Vetting Checks. Crime Reports are transmitted to UKPAC's designated recipients via automated secure data exports from the Platform. The disclosure of Personal Data by UKPAC to the Authorised Organisation is governed by the Data Sharing Agreement. UKPAC discloses such data as controller and the Authorised Organisation receives and processes it as an independent controller for its own statutory purposes.

 

6.2 Cross-Border Sharing Between Authorised Organisations

 

Reports generated from your submissions may be shared between Authorised Organisations by UKPAC, pursuant to the Services Agreement and/or separate data sharing arrangements, to identify cross-border incidents and repeat patterns.

 

6.3 Sharing with Local Authorities

 

The App includes functionality to report non-criminal matters (such as potholes or fly-tipping). When you submit such information, you will be directed to the relevant local council website where you can formally report the matter. We may also share such information with local councils if they request it to follow up with you.

 

6.4 Third-Party Integrations

 

The App integrates with the following third-party services:

 

(a) What3Words: Location services (we pull location information but do not provide your Personal Data to What3Words beyond what is necessary for the location functionality to work);

 

(b) Google Maps: Mapping services (we pull mapping information but do not provide your Personal Data to Google beyond what is necessary for the mapping functionality to work).

 

6.5 Legal Obligations and Law Enforcement

 

We may disclose your Personal Data if required to do so by law or in response to: court orders or legal processes; requests from law enforcement agencies or regulatory authorities; legal obligations to prevent or detect crime; and protection of our rights, property, or safety, or that of others.

We may proactively report unlawful content or activity identified on the App to relevant authorities, including the Authorised Organisation and other law enforcement agencies, and cooperate fully with law enforcement investigations. This is not based on your consent but on our legal obligations under applicable law (including the Serious Crime Act 2007, the Proceeds of Crime Act 2002, and other applicable legislation). This may occur without prior notice to you where such notice would prejudice the prevention, detection, or investigation of criminal offences, or where we are legally prohibited from giving notice. Full details of the legal bases for such disclosure are set out in this Privacy Policy.

 

6.6 Authorised Organisation Access to User Account Information

 

The Authorised Organisation may access your User Account information (including your name, email address, Community membership, and registration details) for the following purposes:


(a) Vetting your Account Application — Before you are granted access to a Gated Community, the Authorised Organisation vets your Account Application to ensure you are a genuine resident, business owner, or community member, and to conduct safeguarding checks. This is necessary to maintain Platform security and protect users from fraud, impersonation, or malicious actors.

(b) Safeguarding — The Authorised Organisation may access your User Account information to identify and contact vulnerable individuals for proactive safeguarding purposes. For example:

  • conducting welfare checks for elderly or isolated users who may be at risk;
  • reaching out to users in high-risk areas about safety concerns; and
  • identifying users who may need support or referral to safeguarding services.
  • Incident Response — The Authorised Organisation may access your User Account information when investigating crimes, missing persons, or public safety incidents within your Community. For example:
  • cross-checking user lists against intelligence databases when investigating crimes in your area;
  • identifying potential witnesses to crimes or incidents; and
  • verifying user identities when responding to Crime Reports or witness appeals.

(c) Account Security — The Authorised Organisation may access User Account information to monitor for duplicate accounts, banned users attempting to re-register, or suspicious registration patterns that may indicate fraud or abuse.

What the Authorised Organisation can view:

  • Your name (as provided in your Account Application);
  • Your email address;
  • Your Community membership (which Communities you belong to);
  • Your registration date and account status (pending, approved, suspended).

 

What the Authorised Organisation cannot view:

  • Your password or login credentials;
  • Your private messages (unless you report a message or the Authorised Organisation obtains lawful authority, such as an interception warrant for serious crime investigations);
  • Your Crime Reports submitted through the reporting function (these are exported separately to the Authorised Organisation via a separate automated process and do not form part of your User Account information).


The Authorised Organisation views your User Account information within the Platform only. It is not automatically copied into Authorised Organisation systems. However, if the Authorised Organisation lawfully obtains your information for a specific investigation (for example, if you are identified as a witness to a crime), it may retain your information in its own systems in accordance with its statutory retention obligations and, where applicable, the Management of Police Information (MoPI) Code of Practice.


Lawful basis for the Authorised Organisation accessing your User Account information:
The Authorised Organisation's lawful bases for accessing your User Account information are:

  • Article 6(1)(e) UK GDPR: Performance of a task carried out in the public interest (the Authorised Organisation's statutory policing, safeguarding, and law enforcement functions); and
  • Part 3 Data Protection Act 2018: Law enforcement processing by a competent authority, where necessary for preventing, detecting, investigating, or prosecuting criminal offences, or safeguarding vulnerable individuals.


Where your User Account information includes special category Personal Data (such as health information, racial or ethnic origin, religious beliefs, or disabilities), the Authorised Organisation also relies on:

  • Article 9(2)(g) UK GDPR: Processing necessary for reasons of substantial public interest; and
  • Schedule 1 Data Protection Act 2018: Substantial public interest conditions for safeguarding children and vulnerable adults, and preventing or detecting unlawful acts.


Is access to my User Account information audited?

Yes. All Authorised Organisation access to User Account information is logged and audited. Audit logs record:

  • which Authorised Organisation personnel accessed User Account information;
  • when they accessed it;
  • which users' information was accessed; and
  • the purpose for which access was made.


Authorised Organisations must review audit logs regularly to detect unauthorised or inappropriate access. Authorised Organisation personnel who access User Account information without operational justification or for unauthorised purposes (such as stalking, harassment, or personal use) may face disciplinary action, criminal prosecution, or civil liability.


Your rights regarding the Authorised Organisation's access to your User Account information:

You can exercise the following data protection rights in relation to the Authorised Organisation's access to your User Account information:


(a) Right of access (Article 15 UK GDPR / section 45 DPA 2018): You can request confirmation of whether the Authorised Organisation has accessed your User Account information, for what purposes, and when. The Authorised Organisation must respond within one month but may refuse where disclosure would prejudice ongoing law enforcement activities.


(b) Right to rectification (Article 16 UK GDPR / section 46 DPA 2018): If your User Account information is inaccurate, you can request correction. You can also update most of your Account information directly within the App.


(c) Right to erasure (Article 17 UK GDPR / section 47 DPA 2018): You can request deletion of your User Account information, but the Authorised Organisation may refuse where retention is necessary for law enforcement purposes or statutory retention obligations.


(d) Right to restriction (Article 18 UK GDPR): You can request that the Authorised Organisation restricts processing of your User Account information in certain circumstances, for example where you contest its accuracy.


(e) Right to object (Article 21 UK GDPR / section 48 DPA 2018): You can object to the Authorised Organisation processing your User Account information, but processing may continue where it is necessary for statutory law enforcement or safeguarding functions.


To exercise these rights, contact the Authorised Organisation's Data Protection Officer using the details in Schedule 1.


6.7 Authorised Organisation Access to and Participation in Chat Rooms


Authorised Organisation personnel may view messages posted in public Community Chat Rooms, and may also participate in Chat Rooms as part of their community engagement and safeguarding functions.


When Authorised Organisation officers post messages in Chat Rooms, they are clearly identified as Authorised Organisation representatives by their display name, which shows their role and organisation (for example, "PC Smith, [Authorised Organisation Force]" or "[Force Name] Community Team"). The Authorised Organisation does not participate in Chat Rooms anonymously or using fake accounts.


Can the Authorised Organisation remove my chat messages?

No. The Authorised Organisation cannot remove your chat messages directly. If the Authorised Organisation considers that a message breaches the Acceptable Use Policy (for example because it contains illegal content, harassment, or hate speech), it may flag the message to UKPAC. UKPAC will then investigate and determine whether to remove the message. You can also flag concerning messages yourself using the Platform's flagging mechanism.


Can the Authorised Organisation use my chat messages in investigations?

If your chat messages contain information relevant to a crime investigation, missing person appeal, or safeguarding concern, the Authorised Organisation may use this information for law enforcement purposes. For example:

  • if you post about witnessing a crime, the Authorised Organisation may contact you to request a witness statement;
  • if you post content suggesting criminal activity, the Authorised Organisation may investigate; and
  • if you post content suggesting you may be at risk, the Authorised Organisation may conduct a welfare check.


The Authorised Organisation's processing of your chat messages for law enforcement purposes is governed by Part 3 of the Data Protection Act 2018. All Authorised Organisation access to Chat Rooms is logged and audited, recording which Authorised Organisation personnel accessed Chat Rooms, when, and for what purpose.


Can I limit the Authorised Organisation viewing my chat messages?

Public Community Chat Rooms are viewable by all Community members, including the Authorised Organisation. If you do not wish the Authorised Organisation to view your messages:

  • use private peer-to-peer messaging instead of public Chat Rooms — the Authorised Organisation cannot access private messages without your consent or lawful authority (such as an interception warrant for serious crime investigations); and
  • treat public Community Chat Rooms as public forums and be mindful of what Personal Data you include in any messages posted there.

 

6.8 Authorised Organisation Content

 

The Authorised Organisation may publish content through the App using Authorised Organisation Content Functions ("Authorised Organisation Content"). This includes community safety alerts, witness appeals, missing person notices, CCTV images, crime prevention advice, road safety information, and other public communications.

The Authorised Organisation (not UKPAC or EyesOn) is the data controller for Authorised Organisation Content and any Personal Data contained in it. This means the Authorised Organisation decides what content to publish, which Communities receive it, what Personal Data to include, and how long to retain it on the Platform. UKPAC may remove (but not edit) Authorised Organisation Content that breaches the Acceptable Use Policy or EULA.

Authorised Organisation Content may contain Special Category Personal Data, including:

  • Health information (e.g., medical conditions of missing persons);
  • Physical descriptions revealing racial or ethnic origin (e.g., in witness appeals);
  • Biometric data (e.g., CCTV images showing identifiable faces); and
  • Information about criminal convictions or offences.

The Authorised Organisation processes such data under Article 9(2)(g) UK GDPR (substantial public interest) and Part 3 DPA 2018.

When you interact with Authorised Organisation Content, the Authorised Organisation receives information about your engagement, including: your User ID; the date and time of engagement; your Community membership; demographic information (if available); and the text of any comments you post.

The Authorised Organisation processes your engagement data for the following purposes under its statutory law enforcement, safeguarding, and public protection functions:

  • identifying witnesses or persons with information: if you engage with a witness appeal or missing person notice, the Authorised Organisation may contact you to request information relevant to its investigation;
  • assessing the effectiveness of community engagement: understanding which communities engage with particular safety content, to improve public safety communications and resource allocation;
  • safeguarding: if you repeatedly view or engage with sensitive safeguarding content, the Authorised Organisation may reach out to offer support or conduct a welfare check; and
  • community consultation and accountability: understanding which topics or initiatives are of interest to communities as part of its statutory consultation obligations.

The lawful basis for this processing is the Authorised Organisation's statutory public task (Article 6(1)(e) UK GDPR). Where engagement data is processed for law enforcement purposes (such as identifying witnesses to crimes), the Authorised Organisation relies on Part 3 of the Data Protection Act 2018 (law enforcement processing regime).

If you have concerns about Authorised Organisation Content or wish to exercise your data protection rights in relation to it, contact the Authorised Organisation directly using the details in Schedule 1.

 

6.9 Anonymised Survey Data

 

UKPAC may share anonymised, aggregated survey results with third-party commissioning organisations, subject to: only anonymised, aggregated statistical data being shared; no Personal Data being disclosed; the anonymisation safeguards in Section 4.10 being applied; contractual prohibitions on re-identification; and sharing being for legitimate research, analytical, or public interest purposes.

 

7. DATA RETENTION

 

What this section tells you: This section explains how long we and the other organisations keep your data. Some data linked to crime reports or ongoing investigations may be kept for longer than your general Account data.

Personal Data is retained only for as long as necessary for the purposes for which it was collected, in accordance with applicable legal requirements and operational needs.

 

Data Category

Default Retention Period

Registration and Account information

For the lifetime of your Account, and for a period after closure as required for security, accountability, and investigative purposes

Original registration details (name, email, mobile number)

Retained for the lifetime of your Account and post-closure for security and law enforcement purposes

Date of birth

Retained in your Account profile for the lifetime of your Account

Identity documents

Not stored in the Platform; exported to the Authorised Organisation for verification only; not retained beyond the verification process

Rejected Gated Community applications

14 days (unless an appeal is pending)

Approved applications

Form part of the User record for the lifetime of the Account

Crime and incident reports

Configurable by UKPAC at Community level; where the Authorised Organisation is a law enforcement body, non-personal information is generally retained for 7 years; personal information is retained in accordance with MoPI guidelines or equivalent frameworks applicable to the Authorised Organisation

Chat Room messages

30 days from date of last interaction (default); may be configured differently by UKPAC

Community posts

6 months from date of last interaction (default); may be configured differently by UKPAC

Verification check records

Application forms deleted after verification; log of checks and Account creation retained by UKPAC

Survey responses

Anonymised before sharing; once anonymised, data is no longer Personal Data

Inactive Accounts

Personal Data deleted within 90 days of Account disabling, unless retention is required for investigations, legal proceedings, or legal obligations

 

7.1 General Retention Principles

 

All retention periods — whether standard or configured — are subject to regular review to ensure they remain necessary, proportionate, and legally justified. UKPAC has access to retention controls within the Admin Portal, allowing Administrators to define how long specific data fields are retained (including incident descriptions, profile names, media, and vehicle registration details) in accordance with UKPAC's Data Protection Impact Assessment and internal policies. Retention periods for Chat Room messages and posts run from the date of last interaction with the relevant content.

 

7.2 Retention After Account Deletion

 

Where your Content has been incorporated into Crime Reports, Collections, or other records shared with or held by UKPAC, the Authorised Organisation, or other law enforcement agencies, such content may be retained beyond the deletion of your Account for as long as necessary for ongoing or potential criminal investigations, prosecutions, legal proceedings, or compliance with applicable law or regulatory requirements. Retention of such content is based on Article 6(1)(e) UK GDPR (public task) and/or Article 6(1)(c) UK GDPR (legal obligation), and not solely on the contractual content licence granted under Section 8.1 of the EULA (which continues in parallel as a matter of contract).

 

7.3 Original Registration Detail Records

 

When you update your Account information, we will retain a record of your original registration details (including your first name, surname, email address, and mobile number) for security, accountability, and law enforcement purposes, in addition to your updated information.

 

7.4 Offender and Named Third-Party Data

 

The Personal Data of any individuals who may be named in or associated with a Crime Report (including alleged offenders where the Authorised Organisation is a law enforcement authority) is processed and retained under Articles 6(1)(e), 9(2)(g) and 10 UK GDPR by the relevant controller. Such individuals are not users of the App. If you have submitted a report containing the Personal Data of a third party, please note that such data may be retained for investigative and law enforcement purposes beyond any period applicable to your own Account data.

 

7.5 Verification Check Records

 

UKPAC will delete application forms after verification checks are conducted but will maintain a log and record of Accounts created and verification checks performed. The Authorised Organisation's retention of vetting-related data in its own systems is governed by its own retention policies and the Data Sharing Agreement.

 

8. DATA SECURITY

 

8.1 Security Measures

 

We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, accidental loss, destruction, or damage. These measures include:

(a) encryption of data in transit and at rest;

(b) secure data storage in a data centre in London (ANS.co.uk);

(c) optional access controls and authentication (including single sign-on);

(d) regular security assessments and audits;

(e) staff training on data protection; and

(f) incident response procedures.

 

8.2 Secure Data Transmission

 

App data (including Personal Data provided during the sign-up and verification process) is securely transmitted to and stored in the Admin Portal. When you submit an incident report, the incident details are securely uploaded to and stored in the Admin Portal, and a Crime Report is automatically generated as a PDF with a JSON file, transmitted via TLS-encrypted email to the Authorised Organisation. All data transmissions use industry-standard encryption protocols.

 

8.3 Administrator Access Controls

 

Admin Portal access is limited to UKPAC personnel. The Authorised Organisation has no access to the Admin Portal and no ability to configure retention periods, moderation settings, or other Platform settings, and no instruction authority over EyesOn's processor processing for Platform functions.

 

8.4 Personal Data Breaches

 

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 UK GDPR. Such notification will describe the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address it. You should ensure that your contact details held in your Account are kept up to date so that we are able to contact you if required.

 

8.5 Your Responsibility

 

You are responsible for:

(a) keeping your Account credentials confidential;

(b) not sharing your login details with others;

(c) notifying us immediately if you suspect unauthorised access to your Account; and

(d) using a secure device and internet connection when accessing the App.

 

8.6 No Guarantee

 

Whilst we take all reasonable steps to protect your Personal Data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your Personal Data.

 

9. INTERNATIONAL TRANSFERS

 

9.1 Data Storage Location

 

Your Personal Data is stored in a data centre in Manchester operated by ANS.co.uk. Personal Data is not routinely transferred outside the United Kingdom.

 

9.2 Transfers Outside the UK

 

If we need to transfer your Personal Data outside the UK (for example, to third-party service providers located overseas), we will ensure that:

(a) the transfer is to a country that has been deemed to provide an adequate level of protection for Personal Data; or

(b) appropriate safeguards are in place (such as standard contractual clauses approved by the UK authorities); and

(c) you have enforceable rights and effective legal remedies.

 

9.3 Third-Party Services

 

What3Words and Google Maps may process location data in accordance with their own privacy policies. Please refer to:

(a) What3Words Privacy Policy: https://what3words.com/privacy

(b) Google Privacy Policy: https://policies.google.com/privacy?hl=en&gl=uk

 

10. AUTOMATED DECISION-MAKING AND PROFILING

 

What this section tells you: The App uses software to automatically identify links between incident reports. This section explains how that works and what rights you have.

 

10.1 Automated Incident Matching

 

The Platform uses automated algorithms to match and link incident reports based on common data points. This automated matching:

(a) analyses incident reports for patterns, commonalities, and potential links, including vehicle registration marks, location data (GPS coordinates, addresses, areas), descriptions of suspects, vehicles, or property, dates and times, incident types, and other submitted data points;

(b) automatically creates or suggests links between related incidents, which may result in incidents being grouped together in Collections, flagged to Administrators for review, or alerts or notifications being generated; and

(c) is performed entirely by software without human intervention at the matching stage, although Administrators may subsequently review, modify, or remove automatically-created links.

The automated matching helps identify crime patterns, repeat offenders, linked incidents across Communities, and trends that may require investigation or intervention.

 

10.2 Collections and Pattern Analysis

 

UKPAC's incident desk collates submitted reports to find common trends and creates Collections where incidents are grouped based on commonalities. This involves both automated and manual processes and is used to identify incident patterns and support investigations — not to make decisions that significantly affect you individually.

 

10.3 Vetting Decisions

 

Vetting decisions are made by the Authorised Organisation using its own systems outside the Platform and involve human review. Vetting decisions are not based solely on automated processing within the Platform.

 

10.4 Your Rights in Relation to Automated Processing

 

The Platform's automated incident matching does not produce decisions that have legal effects on you as an individual user. However, where you believe that automated matching has resulted in your data being incorrectly linked to an incident or Collection in a manner that has a significant effect on you, you have the right to:

(a) request human review of the automated match;

(b) express your point of view; and

(c) contest the outcome.

To exercise these rights, please contact us using the details in Section 11. We will review the automated match and provide a response within one month.

 

11. YOUR DATA PROTECTION RIGHTS

 

What this section tells you: This section explains your rights as a data subject. Some rights work differently depending on which organisation holds your data and for what purpose.

You have the following rights under UK GDPR in relation to Personal Data processed by EyesOn and UKPAC. Where the Authorised Organisation processes your data for law enforcement purposes under Part 3 DPA 2018, your rights may be different or more limited — contact the Authorised Organisation's Data Protection Officer (see Schedule 1) for details.

 

Right

What it means

Key limitation in this context

Access (Art. 15)

Request confirmation of and access to your Personal Data, and information about how we process it

The Authorised Organisation may refuse where disclosure would prejudice ongoing law enforcement activities

Rectification (Art. 16)

Request correction of inaccurate or incomplete data

You can also update most Account information directly in the App

Erasure (Art. 17)

Request deletion of your Personal Data in certain circumstances

Does not apply where data is required for ongoing investigations, legal proceedings, legal obligations, or has been incorporated into Crime Reports or Collections shared with law enforcement

Restriction (Art. 18)

Request that we limit processing in certain circumstances

E.g., while accuracy is contested, or where you have objected to processing

Portability (Art. 20)

Receive your data in a structured, machine-readable format

Applies only where processing is based on consent or contract and carried out by automated means; does not apply to public task processing

Objection (Art. 21)

Object to processing based on legitimate interests or public task

Given the community safety purpose of the App, we may not be able to stop processing where it relates to investigations

Automated decisions (Art. 22)

Not to be subject to decisions based solely on automated processing that significantly affect you

Request human review, express your view, and contest the decision — see Section 10.4

 

11.1 Additional Detail on Key Rights

 

Right to Erasure: This right does not apply where processing is necessary for compliance with a legal obligation; the performance of a task carried out in the public interest; the establishment, exercise, or defence of legal claims; or archiving purposes in the public interest. In particular, where your Content has been incorporated into Crime Reports, Collections, or other records shared with or held by law enforcement agencies, or is required for ongoing or potential criminal investigations, your right to erasure may not apply.

Right to Object: Given that the App is designed for incident prevention and community safety (a public interest purpose), we may not be able to stop processing your Personal Data if you object, particularly where it relates to investigations by the Authorised Organisation.

Rights Against the Authorised Organisation: When exercising rights against the Authorised Organisation, please note: the Authorised Organisation may be unable to comply with certain rights requests where doing so would prejudice law enforcement purposes under Part 3 DPA 2018; the Authorised Organisation may be required to retain certain data under statutory retention obligations (including the Management of Police Information (MoPI) Code of Practice); and the Authorised Organisation will explain any restrictions when responding to your request.

Exercising Rights Regarding Authorised Organisation Content: If your request relates to Authorised Organisation Content or your engagement with such content, please contact the Authorised Organisation directly using the contact details in Schedule 1. If you are unsure which organisation to contact, you can submit your request to us and we will forward it to the appropriate controller.

 

11.2 How to Exercise Your Rights

 

Response timescale: We will respond to your request without undue delay and within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt.

Identity verification: We may need to verify your identity before responding to your request, to ensure that Personal Data is not disclosed to unauthorised persons.

Refusal: If we refuse your request, we will explain why and inform you of your right to complain to the Information Commissioner's Office (see Section 12).

To exercise any of these rights, please contact:

  • EyesOn: Email: info@eyesonapp.com | Address: The Gardens, Fareham, Hampshire, PO16 8SS
  • UKPAC: Email: info@uk-pac.com | Address: The Gardens, Fareham, Hampshire, PO16 8SS
  • Authorised Organisation: See Schedule 1

For appeals against Gated Community application rejections, contact the Authorised Organisation using the contact details in your rejection notification. UKPAC will coordinate with the Authorised Organisation as necessary to facilitate the appeals process. For appeals against Account suspension or termination, see the appeals process in the Acceptable Use Policy.

 

12. COMPLAINTS

 

12.1 Right to Complain

 

If you are unhappy with how we have handled your Personal Data or how we have responded to a request to exercise your rights, you have the right to complain to the Information Commissioner's Office ("ICO").

 

12.2 ICO Contact Details

 

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk Email: casework@ico.org.uk

 

12.3 Complain to Us First

 

Whilst you have the right to complain directly to the ICO, we would appreciate the opportunity to address your concerns first. Please contact us using the details in Section 13.

 

13. CONTACT US

 

13.1 General Enquiries

 

If you have any questions about this Privacy Policy or how we handle your Personal Data:

EyesOn Community Limited Address: The Gardens, Fareham, Hampshire, PO16 8SS Email: info@eyesonapp.com

 

13.2 Data Protection Officer

 

You can contact our Data Protection Officer at: Email: info@eyesonapp.com

 

13.3 UKPAC Contact

 

For queries about how UKPAC uses your Personal Data: https://uk-pac.com/contact/  

UKPAC DPO: info@uk-pac.com

 

13.4 Authorised Organisation Contact

 

For queries about how the Authorised Organisation uses your Personal Data, see the contact details specified in Schedule 1.

 

14. COOKIES AND TRACKING TECHNOLOGIES

 

What this section tells you: This section explains how we use cookies and similar technologies on the App, and what choices you have.

 

14.1 Use of Cookies

 

The App may use cookies and similar tracking technologies to: (a) authenticate your login; (b) remember your preferences; (c) analyse how you use the App; and (d) improve App performance.

 

14.2 Types of Cookies

 

We use the following types of cookies:

(a) Strictly Necessary Cookies: Essential for the App to function (e.g., authentication, security). These do not require your consent as they are essential to provide the App functionality you have requested.

(b) Performance Cookies: Help us understand how you use the App (e.g., analytics).

(c) Functionality Cookies: Remember your preferences and settings.

 

14.3 Your Consent for Non-Essential Cookies

 

For cookies that are not strictly necessary (including performance and functionality cookies), we will obtain your consent before they are placed on your device in accordance with the Privacy and Electronic Communications Regulations 2003. You can manage your cookie preferences or withdraw consent at any time via your account. Disabling certain cookies may affect the functionality of the App.

 

14.4 Third-Party Cookies

 

Third-party services integrated with the App (What3Words, Google Maps) may set their own cookies. Please refer to their privacy policies for information about their use of cookies.

 

15. UPDATES TO THIS PRIVACY POLICY

 

15.1 Changes

 

We may update this Privacy Policy from time to time to reflect:

(a) changes in the App's functionality;

(b) changes in data protection laws;

(c) changes in our data processing practices;

(d) feedback from users or regulators; and

(e) other operational, technical, or regulatory changes.

 

15.2 Notification

 

We will notify you of material changes by:

(a) posting the updated Privacy Policy within the App;

(b) updating the "Last Updated" date at the top of this Privacy Policy;

(c) sending you an email notification (if you have provided an email address); and

(d) displaying a prominent notice within the App.

 

15.3 Material Changes — 30-Day Notice Period

 

For material changes that significantly affect your rights or obligations, we will provide at least 30 days' notice before the changes take effect and will require you to affirmatively accept the new terms to continue using the App. Your continued use of the App after the 30-day notice period constitutes acceptance of the revised terms. If you do not accept the revised terms, you may terminate your Account by deleting it, and we will handle your Personal Data in accordance with our data retention obligations set out in Section 7.

For minor or non-material changes, your continued use of the App after changes are posted will constitute acknowledgement of the updated Privacy Policy.

 

16. LEGAL FRAMEWORK

 

16.1 Applicable Laws

 

This Privacy Policy and our processing of your Personal Data are governed by:

(a) UK General Data Protection Regulation (UK GDPR);

(b) Data Protection Act 2018;

(c) Privacy and Electronic Communications Regulations 2003; and

(d) other applicable UK data protection laws.

 

16.2 Law Enforcement Processing

 

Where the Authorised Organisation is a competent authority (as defined in the Data Protection Act 2018) and processes Personal Data for law enforcement purposes (prevention, investigation, detection, or prosecution of criminal offences), the processing may be subject to Part 3 of the Data Protection Act 2018 (Law Enforcement Processing) rather than the UK GDPR. In such cases, your rights may be different or more limited.

 

16.3 Management of Police Information (MoPI)

 

Where the Authorised Organisation is a police force, the retention and use of Personal Data relating to criminal investigations is governed by the Management of Police Information (MoPI) guidelines and Authorised Professional Practice (APP). Other Authorised Organisations will apply their own retention policies in accordance with applicable legal requirements and their statutory functions.

 

SCHEDULE 1 AUTHORISED ORGANISATION DETAILS

 

AUTHORISED ORGANISATION DETAILS

 

Organisation Name: Hampshire & Isle of Wight Constabulary

Legal Status: Police Force

Address: Police Headquarters, Tower Street, Winchester, Hampshire SO23 8ZD

Main Contact Email: eyeson@hampshire.police.uk

Data Protection Officer / Privacy Contact: eyeson@hampshire.police.uk

Privacy Notice URL: https://www.hampshire.police.uk/hyg/fpnhc/privacy-notice/

 

DEPLOYMENT COVERAGE AREA

 

Geographic area covered by this Community: Hampshire and Isle of Wight

Community name: Hampshire Rural

Community type: Gated

Incident types covered: Crime and anti-social behaviour", "Environmental incidents and fly-tipping", Community safety concerns"

 

REPORTING AND CONTACT CHANNELS

 

Emergency reporting channel: 999 (UK police emergency)

Non-emergency reporting channel: 101 (UK police non-emergency)

Authorised Organisation main contact: eyeson@hampshire.police.uk

Vetting and application queries: eyeson@hampshire.police.uk

 

VETTING AND VERIFICATION (GATED COMMUNITIES ONLY)

 

Systems used for vetting checks: For law enforcement Authorised Organisations, e.g., "Police National Computer (PNC), Police National Database (PND), Records Management System (RMS), Contact Management Platform (CMP)"

Identity verification methods: secure email submission / video call / in-person -  see eyeson@hampshire.police.uk for more info

Vetting criteria: see eyeson@hampshire.police.uk for vetting policy

 

DATA RETENTION

 

Default retention periods for this Community: As per the DATA RETENTION section of this Privacy Policy.

Configurable retention settings (if applicable): Default retention periods as per Section 7 of this Privacy Policy.

 

ADDITIONAL INFORMATION

 

N/A