Greater Manchester Violence Reduction Unit

The Violence Reduction Unit is part of Greater Manchester Combined Authority, which is a public authority and we have a number of legal responsibilities to provide services to you.

To do this we collect, hold and process a large amount of information including personal information about you. Holding this information about you makes us a ‘data controller’ under Article 4(7) of the General Data Protection Regulation (GDPR).  The GDPR works together with the Data Protection Act 2018 to make sure that your information is collected, stored and shared appropriately.

We will collect your information in many forms dependant on how you are accessing our services.  This may include using paper or online forms, by telephone, email or in person. This information is important and we make sure that it is stored safely and in accordance with current Data Protection Legislation.

You should expect that we will keep a record of any contact you make with us and that we will only hold the information we need.

More details about what the Data Protection Act 2018 and the General Data Protection Regulations are and what they mean for you can be found on the Information Commissioner’s Website (opens in a new tab)

The legislation requires us to appoint a Data Protection Officer who is responsible for protecting individuals’ personal data according to current legislation.  You can contact the Data Protection Officer via email at

Types of information that we process

To allow us to deliver our required services we may process different types of information. This includes the information shown below:

Personal data

Special classes of personal data

Using your personal information

In deciding what personal data we need, we will:

What do we do with your information?

We may use your personal information to:

We may also use your information or pass it to external organisations for other purposes allowed under relevant Data Protection and other legislation or where you have consented for it to be used for a particular purpose.

We may also use your information to calculate statistical information to prioritise activities, target and plan the provision of services. We make sure that you cannot be identified when we use your information like this.

Specifically this means that we may use your information to:

We may also use your information to help to target some of our services and let you know what information or activities may be available to help you. This may include:

Who do we share your information with?

We sometimes share your information with service providers. This could include Hospitals, GPs or other Health and Care services along with other groups like Housing Associations, Voluntary and Charitable Societies, and the Greater Manchester Police. This will make it easier for you to get the services you need when you need them and will reduce the number of times you have to provide the same information.

We may also share information for research and evaluation purposes. This helps us to make sure we are providing the right services, in the right areas, in the right way.

We will always make sure we have a legal basis for processing or sharing your personal information and that we comply with current GDPR and Data Protection legislation.  Anyone working with us must follow the same strict rules we do when using your personal information.

Legal basis for processing

As a Public Authority we have legal responsibilities to provide services to residents.  As a result of these responsibilities we can use your information to support us in providing these services.  This makes us a ‘data controller and processor’ under Article 4(7 and 8) of the General Data Protection Regulation.  Processing includes collection, recording, storing, changing, sharing or destroying your information.

We have listed below some of the legal acts and regulations that detail the responsibilities and powers we have to provide our services to you:

We will use this and other legislation to make sure that what we do with your information is lawful.

When we are sure that the way we want to use your information is lawful, we will only process it in line with the General Data Protection Regulations (GDPR) and current Data Protection Legislation.

According to Article 6 of the GDPR, at least one of the conditions below must apply whenever we process your personal data:

  1. Consent: you have given clear consent for us to process their personal data for a specific purpose.
  2. Contract: the processing is necessary for a contract we have with you.
  3. Legal obligation: the processing is necessary for us to comply with the law.
  4. Vital interests: the processing is necessary to protect someone’s life.
  5. Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of someone else unless there is a good reason to protect your personal information

More sensitive information or ‘special categories’ of information have stricter rules for processing according to Article 9 of the GDPR. These categories include:

Information on criminal offences is also considered a special category and must be processed according to Article 10 of the GDPR.

Research and Evaluation

In addition to sharing information to improve the delivery of services, we may also share information with other public organisations to create statistical and anonymised data to:

By anonymising the data we can make sure that it will not contain any personal information. So you, your family or any individual person cannot be identified.

The personal information we use may include names, contact details, family details, lifestyle and social circumstances, financial details and information about services that have been provided or offered and not accepted.

We may also share ‘special categories’ of information which may include physical or mental health details, racial or ethnic origin and religious or other beliefs.

Your information may be shared with service providers, survey and research organisations.  Information will be anonymised before any research is used or made public.  This means that any information that identifies you as a person or your family or carers will be removed before the information or results of any research or evaluation are made public.

When we use your information for research and evaluation reasons we still comply with current Data Protection legislation and the General Data Protection Regulation.

Detect and prevent fraud or crime

By law we have to protect the public funds we are responsible for. This means we may use the information you provide to prevent and detect fraud. This may involve sharing your information with organisations responsible for auditing or administering public funds including the Audit Commission, the Department for Work and Pensions, other public bodies, HM Revenue and Customs, and the Police.

Data matching may also be used to identify errors and potential frauds. This means that we take information from different places and put it together to give a better picture of what is happening.  We may also take part in national data matching exercises undertaken by the Audit Commission.

Information may be shared with organisations such as the Police to prevent or detect crime, apprehend or prosecute offenders or prevent harm to an individual.

What we do before we share information

Whenever we want to share your information with anyone we will carry out a Data Protection Impact Assessment and record the results.  These include but are not limited to:

The Information Commissioner’s Office have issued a Code of Practice (opens in a new tab), that explains the process we must go through when we do a Data Protection Impact Assessment

Find out more about how and when it is appropriate to share your information from the Information Commissioner’s website (opens in a new tab).

We may also pass your information to other people and organisations providing a service on our behalf. These providers are legally obliged to keep your details securely and use them only to provide the service to you in accordance with our instructions.

Additional information processing

Your information may also be shared with other people and organisations where the organisations are required by law to do so or with appropriate justification under the Data Protection Act 2018, for example where a crime is being investigated we may share your information with the police without your knowledge or consent.

What do we do to make sure your information is secure?

The information you provide will be subject to rigorous procedures to make sure it cannot be seen, accessed or shared with anyone who should not see it.
These include:

We also have responsibilities to keep our computer systems secure and take steps to stop outside malicious access also known as hacking. This requires us to comply with requirements specified by Central Government, along with requirements specified by NHS Digital.

Find out more about the Central Government requirements (opens in a new tab)

Find out more about the NHS Digital requirements (opens in a new tab)

How long will you hold onto my information?

There is legislation to tell us how long we must keep some of your information. This can vary from 1 year up to 100 years depending on what the information relates to

Your information will be held for no longer than this legislation says it must be held for.  Not all of the information we hold has its retention stated in law and in these cases we use recommendations from legal advisors and other specialists to decide how long to keep it.

All decisions that are not based on legal requirements have good, solid reasoning to make sure information is not kept longer than required.

All of these legal requirements and formal decisions are recorded in our retention schedule which should be available on our website.  If you cannot find the retention schedule please contact us on

What are my rights of access to my information?

The GDPR gives you the following rights over your information

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

For more information on the GDPR and your rights go to the Information Commissioners website (opens in a new tab).

How can I exercise these rights?

To find out what information we hold about you, you need to make a Subject Access Request in writing. We have appointed a Data Protection Officer, if you wish to exercise any of your other information rights please email

If you are not satisfied with the response from us you can complain to the Information Commissioner’s Office. For further details on this and your information rights please visit the Information Commissioner’s website (opens in a new tab).

Who we process information about

We will process information about:


The Violence Reduction Unit collects certain information or data about you when you visit and any other websites that include ‘’ in the address. For more information read our website privacy notice

Skip to content