City Safe Privacy Notice

General Data Protection Statement This statement confirms that City Safe Birmingham Business Crime


Privacy Notice – General Data Protection Statement

This statement confirms that City Safe Birmingham Business Crime Partnership (CSB), a division of Retail Birmingham Ltd, has a commitment to protect your privacy and to process your personal information in a manner which meets the requirements of the General Data Protection Regulations (GDPR ) and the current Data protection legislation of the Data Protection Act (DPA ) 2018 . This includes both Personal information about Members and also Special Category Data and Criminal Activity around identified and unidentified Offenders.

Who we are and what we do

City Safe Birmingham (CSB ) is a membership organisation established to assist member businesses torespond in an organised manner to Business Crime that affects their businesses , profitability , staff ,customers and the local economy . By working together and sharing information about crime and thosecommitting it, the partnership provides greater protection for its members and the local business community. Business crime is identified by the National Police Chiefs’ Council as “any criminal offence that is committed against a person or property which is associated by the connection of that person or property to a business”.

The partnership is registered with the Information Commissioner for the purpose of ‘the prevention and detection of crime and the prosecution of offenders’ under Registration Number ZA242355

We operate lawfully using the provisions of the Data Protection Act 2018.

We process Personal Data as we have identified a LEGITIMATE INTEREST on behalf of our Members.

We also process Special Category Data under Schedule 1, Part 2 of Date Protection Act 2018 as we have a substantial public interest in preventing and detecting unlawful acts.We also process alleged or suspected criminal activity under Schedule 1 Part 3 of the Data Protection Act 2018 for the purposes of establishing or defending legal rights.

What personal information we may process

The Personal information we collect for Members may include:-

  • Names, business addresses.
  • Contact information, Occupation and company details

We may use this information for the following reasons:-

  • To manage membership and payment details.
  • To send you information which we think may be of value or interest or to improve our member services
  • We may monitor or record any communication between you and City Safe Birmingham (CSB) for quality control and training purposes.
  • Members may at any time ‘unsubscribe’ from receiving any electronic communications from CSB, but that will also discontinue access to our data platform, SentrysSIS.

The Personal Data, Special Category Data and Criminal Activity we collect aroundidentified and unidentified Offenders may include:-

  • Names, date of birth, descriptions, ethnicity, aliases, associates who commit retail crime (including partners), vehicles, arrests, suspected/attempted criminal or anti-social activity, convictions and warning markers. (bold indicated Special Category Data)
  • We may use this information for the following reasons:-
  • We have defined a Legitimate Interest working on behalf of our Retail Business Members.
  • The prevention and detection of crime and the prosecution of offenders who are, or are suspected of being involved in business crime, where that crime, anti-social behaviour or other criminal activity impacts upon our members or the business community.
  • Special Category Data is processed under Schedule 1, Part 2 of the DPA 2018 in that we hold a ‘Substantial Public Interest’ in ‘preventing and detecting unlawful acts’ and that we use ethnicity and associates data for the purposes of identification.
  • Alleged or Suspected Criminal activity (Partnership data supplied by Members) is processed under Schedule 2, Part 3 of the DPA 2018 for the ‘purposes of establishing and exercising or defending legal rights to share data with our Members only if it’s necessary for the purposes of the Scheme. Criminal Convictions data will only be processed from the Public Domain.

How we may use this information operationally

We analyse data and examine whether it is capable of being used to detect, prevent or reduce crime which is committed in our area of operation.

Where this data is assessed as being relevant to our purpose as defined above, we may make it available to our members through electronic or other means.

An Individual must be classed as Prolific and therefore a potential risk to our members for their image details and activity to be shared with members.

Prolific is defined as three incidents or intelligence of Retail Crime activity within the past 12 months. This information or intelligence can come from Members (Partnership Data), Partner agencies or Police (Police Data)

CSB operates under an Information Sharing Agreement (ISA ) with West Midlands Police (WMP ) and British Transport Police (BTP). These agreements allow CSB to access and share the Police Images of Prolific Offenders where there is a necessity and proportionality, through SentrySIS our data sharing platform.

Where there is evidence that offenders are operating over a wider region, we may share that information with other accredited business crime reduction partnerships (BCRPs) or police forces.

We may communicate data to the police or other public agencies, where it is relevant to do so for the purposes of the prevention and detection of crime, and the prosecution of offenders, or for other lawful reasons relating to the public objectives of those organisations.

Where a person has been notified that they have been excluded from the premises of our members for criminal or anti-social behaviour, we will endeavour to serve a copy of the notice on the excludee personally or by post.

We process Prolific Offender data of persons aged 18 to 65 years.

We DO NOT process any data of Children under 16 years old unless requested to do so by an appropriate and authorised public agency for the well being of that child.

Any actual or attempted illegal activity or breach of an Exclusion Order notified to the CSB by our Members may be processed and shared to other CSB Members. However, we do not process addresses or contact details and the provision of notifying the Data Subject would be impossible and could prove to be a disproportionate effort. It would also potentially seriously impair the achievement of the objectives of the processing of that activity of Data Subjects classed as Prolific.


City Safe Birmingham has appropriate technical and organisational measures in place to prevent theunauthorised or unlawful processing of your personal and/or sensitive information, and accidental loss or destruction of, or damage to, your personal and/or sensitive information.

Retention of personal information

Members – We will not keep your personal information for longer than is necessary for ourpurposes and in any case no longer than 7 years after you cease being a member. This isreflected in our Terms and Conditions and the SentrySIS EULA.

Offenders – We will not retain sensitive information for no longer than is necessary for our purposes and in any case no longer than 3 years after last reported activity, when any record willbe securely deleted. Additionally, we will not retain any information that is longer than 5 years old.This is in conjunction with your ‘Right To Be Forgotten’ (Data Erasure)

Your rights to access your personal information:

You are entitled, pursuant to the Act, to ask for a details of the personal information that we hold aboutyou and to have any inaccuracies in your information corrected. Disclosure will only be permitted in accordance with the Act to persons who have provided identification.

Where we hold data for which we are not the data controller, we will not release that data.Where data relates to other persons, we will not release that data unless an application is received from that person.

We will NOT release any data or investigate whether we hold any data until we have firmly established identity. This may mean that the applicant will need to produce their original Passport, Driving Licence or other Identity Documents in person.We may not release data to you, the Data Subject, which we assess as confidential and which may either interfere with a criminal investigation or which may assist persons committing crime.

We may have to redact (censor or obscure) information for legal or security purposes, especially if the information is concerning another Individual or classed as confidential as above. This is in accordance with the DPA 2018.

Should you wish to access your information, or have any other enquiries or complaints about data protection, please go to the “Contact us” page on the website or email us at

Or write to us below at:-

The Data Controller
City Safe Birmingham
Level 4, Upper Mall West
Bullring, Birmingham
B5 4BU

Should we not resolve any issue to your satisfaction you may contact: The Information Commissioner’s Office