Privacy notice
About us
We process personal data to provide public services.
Personal data is information about living identifiable individuals. It can be a name, address, contact details, photograph, sound recording; it can be details of someone’s behaviour, lifestyle, physical or mental health needs; it can be a unique number, such as a vehicle registration plate, National Insurance number, etc.
We decide what personal data we need and how to use it, so we are a Data Controller and registered as such on the Information Commissioner’s Register of Data Controllers.
When we collect personal data, we are required to make sure you are clear what data we need and why, what we intend to do with it, what your individual rights are, and who you can contact for enquiries or concerns about the use of your personal data. This is called a privacy notice and we can do this verbally or in writing.
This page is our general privacy notice and we have included specific privacy notices below for the services that process large amounts of personal data, for example council tax, planning, parking, elections, licensing, housing, etc.
Why we collect and use personal data
We collect and use personal information to:
- provide, plan and manage our services
- carry out our regulatory, licensing and enforcement roles
- carry out any other tasks which we have to do by law
- make and take payments and grants and spot fraud
- listen to your ideas about our services
- tell you about our services
- evaluate and improve services
We might collect your personal data directly from yourself, from someone acting on your behalf, or from another third party. We might collect this data in person, over the telephone, in writing, or captured as an image, audio or film recording.
We can only use your personal data if we have a lawful basis for doing so. The lawful basis will be recorded on the Council’s Record of Processing Activity and, where appropriate, on relevant service area privacy notices.
If we rely on consent to process your data, you have the right to withdraw that consent at any time. To withdraw consent, either contact the Service that you provided the consent to or contact the information management team.
Sharing your information
We share personal data internally within the council and also with external third parties so we can carry out our work. Internal sharing might include checking your eligibility for a service (eg free school meals) or keeping accurate records, whereas external sharing might be to ensure you receive the right service (eg social care support).
Who we share information with depends on the service we are providing and your circumstances, but may include:
- healthcare, social and welfare organisations and professionals
- providers of goods and services
- financial organisations, including debt collection, tracing and credit referencing agencies
- elected members
- local and central government
- ombudsman and regulatory authorities
- professional advisors and consultants
- police forces, other law enforcement and prosecuting authorities
- voluntary and charitable organisations
- Disclosure and Barring Service
- Courts and Tribunals
- utilities providers
When personal data is shared, only the minimum amount is shared and relevant contracts and / or agreements will be in place.
Fraud prevention and detection
We are required by law to protect the use of public funds and for this reason we share information with internal services and other bodies responsible for auditing or administering of public funds to detect and prevent fraud. This sharing includes, but is not exclusive to the Council’s external auditor, Department for Work and Pensions, other local authorities, HM Revenue and Customs, the Police, credit reference agencies.
We also share personal data with the Cabinet Office for the National Fraud Initiative. This is a national data matching exercise, which takes electronic data from the private and public sectors to identify potential fraudulent claims and payments.
The Cabinet Office stipulates the data that they need and subsequently provides us with details of the cases where the matching indicates an inconsistency or potential for fraud, so that we can investigate further. This data matching is carried out under the Local Audit and Accountability Act (part 6, Schedule 9) and does not rely on your consent.
How long we keep information for
This varies depending on the type of information, as well as the legal requirements and reason we are keeping the information. In some instances the law sets the length of time information has to be kept. We also have retention and disposal schedules which give details about how long we need to keep different types of information.
Your data rights
You have the following rights in regard to your personal information, to:
- access copies of any records we hold about you
- have any information we hold about you corrected
- have any information we hold about you deleted or destroyed
- restrict how information we hold about you can be used or shared
- object to information about you being held
- have any information we hold about you transferred to a third party
- challenge decisions relating to you made using automated decision making and profiling (currently we have no services that use automated decision making or profiling for decision making)
Please note there may be times that we cannot fulfil these rights fully because of legal reasons, for example we cannot delete your data if we still need it.
If you want to exercise any of the above rights, please make a subject access request.