Domestic Homicide Reviews (including victim suicides) privacy notice
We keep this privacy notice under regular review and was last updated on 22 June 2022
Kent County Council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
Who we are
Kent County Council (KCC) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information.
KCC is a member of the Kent Community Safety Partnership (KCSP) which is the statutory County Strategy Group which provides the strategic leadership for addressing community safety matters across Kent. One of KCSP’s responsibilities is to provide governance for Domestic Homicide Reviews (DHRs) as they are required in Kent and Medway. Officers within KCC provide the management and administration.
Domestic Homicide Reviews are further explained on the GOV.UK website, and have included domestic abuse related suicides since 2016.
Our Data Protection Officer is Benjamin Watts.
Personal information we collect and use
Information collected by us
In the course of conducting a domestic homicide review we collect the following personal information about the deceased and others associated with them from statutory and voluntary bodies who have been directly involved in the case.
Personal information:
- Name.
- Relationship to deceased.
- Contact details.
- Minutes from meetings and interviews.
We also collect the following ‘special category data’ (personal data which is more sensitive and is treated with extra care and protection) from medical records, social care records and information from specialist providers (such as providers of domestic abuse services or provider of substance misuse services):
- Racial or ethnic origin.
- Religious or philosophical beliefs.
- Health.
- Sexual orientation.
We also collect the following criminal offence data:
- Criminal record information supplied by crime prevention services such as the police or youth justice service.
How we use your personal information
We use your personal information to:
(a) establish what lessons can be learned from the domestic homicide/domestic abuse related death regarding the way in which local professionals and organisations work individually and together to safeguard victims
(b) identify clearly what those lessons are both within and between agencies, how and within what timescales they will be acted on, and what is expected to change as a result
c) apply these lessons to service responses including changes to inform national and local policies and procedures as appropriate
(d) prevent domestic abuse and homicide and improve service responses for all domestic violence and abuse victims and their children by developing a co-ordinated multi-agency approach to ensure that domestic abuse is identified and responded to effectively at the earliest opportunity
(e) contribute to a better understanding of the nature of domestic violence and abuse
(f) highlight good practice.
Information that we collect from you will be obtained via face-to-face discussions and interviews, through email and telephone communications, via review of medical and social care records and via discussions with professionals who have been involved with the victims and their families. Collection and sharing of this information is via Microsoft 365 tools such as Outlook, Forms and Teams. MS Teams meetings may also be recorded to assist with accuracy.
We use your personal information to support the DHR process only and will remove from the published Overview Report any personal details such as:
- names
- identifying locations
- identifying dates
- ages and genders (children only)
We are required by the Home Office to collect data as outlined in this data collection template.
This data is used locally and nationally to understand trends from demographic information relating to victims and perpetrators of domestic abuse. This pseudonymised data may be kept for statistical research/analysis across DHRs to enhance the ability to achieve the aims (a) to (e) stated above.
Reasons we can collect and use your personal information
Where we are processing personal data about you as part of a Domestic Homicide Review, we rely upon the following lawful conditions:
- Article 6(1)(c) – processing that is necessary for KCC to fulfil a statutory obligation, namely those placed upon KCC by the Domestic Violence, Crime and Victims Act 2004
- Article 6(1)(e) – processing that is necessary for the purposes of delivering a public task carried out in the public interest
The legislation underpinning these legal obligations and tasks includes:
- Domestic Violence, Crime and Victims Act 2004
- Crime and Disorder Act 1998 (preventing crime and disorder, Section 17 – Duty to consider crime and disorder implications, Section 115 – Disclosure of information).
- Children Act 2004 (Section 10 – improve wellbeing of children, Section 11 – safeguard and promote the welfare of children).
We rely on the following lawful bases on which we collect and use your special categories of personal data:
- Article 9(2)(g) – processing is necessary for substantial public interest (for statutory purposes and for the purpose of safeguarding children and individuals at risk).
- Article 9(2)(j) – processing for research purposes.
We also rely on condition (4) - research, of Schedule 1 of the Data Protection Act (‘DPA’) 18, where relying on Article 9(2) (j) to process your special category and criminal offence data.
We take the following appropriate safeguards in respect of your special category and/or criminal convictions data when relying on the conditions above:
- We have a Special Category and Criminal Records Appropriate Policy Document.
- This policy is retained throughout the time we use of your data and for 6 months after we cease to use it.
- We have a Retention Schedule which explains how long data is retained.
- We maintain a record of our processing in our ‘Record of Processing Activities’ and record in it any reasons for deviating from the periods in our Retention Schedule.
How long your personal data will be kept
We will hold your personal information for 6 years following the closure of the domestic homicide review and then we will securely destroy your information. An exception to this is the recordings of meetings which will be deleted once minutes have been finalised.
Who we share your personal information with
When the decision to initiate a DHR is taken an Independent Chair is appointed and a multi-agency Review Panel is convened. The review panel is made up of representatives from a range of organisations who are best placed to contribute to the review and take forward any recommendations that come out of the process. This includes members of the KCSP as well as external specialists where required. (Section 9 of the Domestic Violence, Crime and Victims Act (2004) lists the statutory agencies required to participate in DHRs.) We will securely share information relevant to the review with those organisations participating in the review process as described within the Statutory Guidance for the Conduct of Domestic Homicide Reviews. Collection and sharing of this information is via Microsoft 365 tools such as Outlook, Forms and Teams.
Review panel members are signatories to the Kent and Medway Information Sharing Agreement (the KMISA) and a record of processing is kept for this sharing.
We are required by the Home Office to collect data as outlined in this data collection template.
We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.
We will share personal information with our legal and professional advisers in the event of a dispute, complaint or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Your rights
Under the GDPR you have rights which you can exercise free of charge that allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioner's Office
Depending on our reason for using your information you may also be entitled to:
- object to how we are using your information
- ask us to delete information we hold about you
- have your information transferred electronically to yourself or to another organisation object to decisions being made that significantly affect you
- stop us using your information in certain ways.
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individuals’ rights under GDPR.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
KCC uses Microsoft 365 and stores its data on servers based in the UK and in Ireland and the Netherlands.
As we transfer your data to the EU when doing so we rely on UK GDPR Article 45 which states that this transfer may take place where there are ‘adequacy regulations’ determining that data is adequately protected by the laws in that country. A copy of this decision can be found in section 102 of Schedule 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (2019/419).
As Microsoft is an international organisation based in the United States, where necessary, KCC relies on Article 46 of the UK GDPR and appropriate safeguards being put in place, including standard contractual clauses in its data processing agreement with Microsoft. View Microsoft’s data protection addendum.
Who to contact
Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk, or write to: Data Protection Officer, Sessions House, Maidstone, Kent ME14 1XQ.
UK GDPR also gives you right to lodge a complaint with Information Commissioner, who may be contacted via the Information Commissioner's website or call 03031 231113.
Read our corporate privacy statement.