Our basic legal requirement is to make sure you know what we intend to do with your information and who it will be shared with.
There may be times when we share your information with those who work on our behalf to provide you with the service you need.
Sometimes we may need to ask other agencies or organisations for relevant information about you, to fulfil our legal responsibilities or to provide services. For example, this could be to enable them to carry out their legal duties, or where it is necessary to prevent harm to yourself or other individuals.
We have a duty to:
- keep sufficient information to provide services and fulfil our legal responsibilities
- keep your records secure and accurate
- keep your information only for as long as is required
You can help us by:
- letting us know when you change address or name
- telling us if any of the information we hold about you is wrong
- allowing us to share as much information about you as we need to
We will only process your personal data if either:
- you have given consent to the processing
- you have entered into a contract with us or on your request we are taking steps to entering into a contract with you
- we must comply with a legal obligation
- we must protect your vital interests or those of another person
- we must carry out a task that is in the public interest
- we must pursue our legitimate interests or those of a third party
'Personal data' is any information about a person where the information includes details that can be used to identify the person – for example, by name, location, a reference number or a description.
Special categories of personal data
Some types of data are classified in special categories – for example:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- sex life or sexual orientation
- health data
- genetic data
- biometric data for the purpose of uniquely identifying a person
We will only process special categories of personal data if either:
- you have given explicit consent to the processing
- we must carry out tasks under employment, social security or social collective law
- we must protect the vital interests of a person who is physically or legally unable to give consent
- processing relates only to members or former members of the council – or those who have regular contact with it in connection with those purposes – and provided there is no disclosure to a third party without consent
- data has already been made public by the individual
- we must establish, exercise or defend a legal claim
- processing is necessary for reasons of substantial public interest
- processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of law or a contract with a health professional
- we must protect the public interest in public health
- we must enable archiving of data that has a public interest – that is, scientific research, historical research or for statistical purposes
Criminal offence data
We are a 'competent authority' for the purposes of law enforcement, and are required to process criminal offence data. Departments that must process criminal offence data include our Youth Offending service and Corporate Fraud service.
Criminal offence data is personal data that relates to criminal convictions, including types of data about criminal allegations, proceedings or convictions that would have been classed as 'sensitive personal data' under the Data Protection Act 1998.
Criminal records disclosed during the recruitment process are not processed as criminal offence data for the purposes of law enforcement.
Law enforcement purposes refer to the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threat to public security.
We will only process criminal offence data if:
- one of the conditions listed for 'sensitive personal data' above applies
- we are processing the data in an official capacity, or have specific legal authorisation and are compliant with additional safeguards set out in data protection legislation
Why we collect and store personal data
For some of our services we need your data so we can get in touch with you, or provide the service. We always try to make sure the information we collect is correct and isn't an invasion of your privacy.
When we don't directly provide the service, we may need to pass your personal data to the people who do provide the service. They must keep your details safe and secure, and use them only to fulfil your request. We will usually only pass your sensitive personal data onto a third party once we have your permission, unless we are legally required to do so.
How long we keep your information
In some instances the law sets the length of time information has to be kept. In most cases, however, we use our discretion to make sure we don't keep records for longer than we need to.
We will always try to keep your personal data secure, whether it is held on paper or electronically. Our privacy statement is our commitment to you when you access our services online.
Using your personal data
We will use the information you provide:
- for the provision of council services
- for regulatory, licensing and enforcement functions
- for all financial transactions, including payments, grants and benefits
- to ask your opinion on specific products and services for which you’ve provided information
- to make sure we meet our legal obligations, including those related to diversity and equal opportunity
- to train our employees
- to investigate any complaints you might have about services we deliver
- to keep track of spending on our services
- to help with research and planning of new services
Profiling and automated decision-making
Profiling means any form of automated processing that uses personal data to:
- evaluate certain personal aspects relating to a person
- analyse or predict aspects of a person’s economic and health situation, reliability, personal preferences and interests
Automated-decision making means any processing that is carried out by automated means without any human review element in the decision-making. For example; carrying out credit checks searches to detect and reduce fraud.
We may use your information from the services with which you engage to create a single view and profile of you. This will help us better understand your specific needs and make sure we are providing the right and efficient services to you in accordance with your needs. It will also create one accurate record of your basic personal data across all our services, with details such as:
- your name
- date of birth
- email address
- changes in circumstances
Profiling will be carried out only when necessary to provide you with the service you requested, or where required by law, or where the law allows. We will notify you if we do this and will ask for your consent where required.
You have the right to:
- be informed about how and why your data is being processed
- access the data held about you
- request changes to be made if the data we hold about you is wrong
- request that the data we hold about you be deleted, in certain circumstances
- request that we limit the processing of your data, in certain circumstances
- data portability – this means we may be able to transfer the data we hold about you to another organisation
- object to your data being processed, in certain circumstances
- withdraw your consent
- complain about the way your data has been processed
- be told if decisions are being made using automated methods or if profiling is taking place
You should contact us using the details at the end of this page if you would like to:
- make a request for your data to be changed, deleted or transferred to another supplier
- withdraw the consent you have given to us to process your data – withdrawing consent may have an impact on the services we are able to provide to you
- complain about the way your data has been handled
- make another request with regards to the list of rights above
How we accept your data
Sometimes someone may call us on your behalf. We will accept calls in good faith and record information we are told about on your record. If we need to send a staff member out to investigate or fix anything, we will.
Sometimes we find the calls were a hoax, or misleading. We do not wish to put bureaucracy in the way of services, however, by refusing to act in good faith – especially in an emergency.
Although we may take calls about you or your account, we will not talk about you or your account with anyone but you, unless you have given us permission to do so.
You should contact us immediately if you suspect someone unauthorised has called us and put incorrect information on your record.
You should use our complaints process if you are a concerned that we have misused your personal information.