We are committed to protecting your privacy when you use our services.
When we use your personal data, we are the data controller.
As a data controller, we must:
- only keep data we need to provide services and do what the law says we must
- keep your records safe and accurate
- only keep your data as long as we have to
- collect, store and use your data in a way that does not break any data protection laws
This Privacy Notice explains how we use information about you and how we protect your privacy.
Personal information can be anything that identifies and relates to a living person. This includes information that when put together with other information can identify someone. For example, your name and contact details.
Some information is special and needs more protection due to its sensitivity. This is likely to include anything that reveals your:
- sexuality and sexual health
- religious and philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic or biometric data
- criminal history
Using your personal data
We will use your data to:
- provide Council services and anything we must do by law
- carry out our regulatory, licencing and enforcement roles which we have to do by law
- make payments, grants and benefits and sport fraud
- listen to your ideas about our services
- tell you about our services
If we have consent to use your personal information, you have the right to remove it at any time.
Reasons for collecting your information
There are several legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- you or your legal representative have given consent
- you've entered into a contract with us
- it's necessary to perform our statutory duties
- it's necessary to protect someone in an emergency
- it's required by law
- it's necessary for employment purposes
- it's necessary to deliver health or social care services
- you've made your information publicly available
- it's necessary for legal cases
- it's to the benefit of society as a whole
- it's necessary to protect public health
- it's necessary for archiving, research or statistical purposes
Our main statutory duties are set out in the Local Government Acts and the Localism Act 2011, but there are hundreds more.
We only use what we need
Where we can, we'll only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don't need personal information, we'll either keep you anonymous (if we already have it for something else) or we will not ask you for it. For example, in survey we may not need your contact details - we'll only collect your survey responses.
If we use your personal information for research and analysis, we'll always keep you anonymous or use a different name, unless you've agreed that your information can be used for that research.
We do not sell your personal information to anyone else.
Your information rights
The law gives you a number of rights to control what personal information is used by us and how it's used by us - visit the page on your rights in this guide for more information.
Who we share your information with
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements, there's always an agreement in place to make sure the organisation complies with data protection law.
We’ll often complete a Data Privacy Impact Assessment before we share personal information, to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including if:
- we take a child into care
- the court orders that we provide the information
- someone is taken into care under mental health law
We may also share your personal information if we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
- to find and stop crime and fraud
- if there are serious risks to the public, our staff or other professionals
- to protect a child
- to protect adults who are thought to be at risk - for example if they're frail, confused or cannot understand what's happening to them
The risk must be serious before we can override your right to privacy.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why, if we think it's safe to do so.
How we protect your information
We'll do what we can to make sure paper and electronic records are held in a secure way. We'll only make them available to people who have a right to see them.
Examples of our security include:
- encryption - information is hidden so it cannot be read without special knowledge, like a password. This is done with a secret code (cypher)
- pseudonymisation - we'll use a different name so we can hide parts of your personal information from view. This means someone out the Council could work on your information for us, without knowing it's yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information gaining access to it
- training our staff on how to handle information and how to report when something goes wrong
- regularly testing our technology and ways of working, including keeping up to date on the latest security updates (patches)
Where you information is stored in the world
The majority of personal information is stored on systems in the UK.
There are some occasions where your information may leave the UK to get to another organisation or if it's store in a system outside the EU.
We have additional protections on your information if it leaves the UK, ranging from secure data transfers to making sure we have robust contracts in place with third parties.
We'll take all practical steps to make sure your personal information is not sent to country that's not seen as 'safe' by the UK or EU governments.
If we need to send your information to an unsafe location, we'll always seek advice from the Information Commissioner first.
How long we keep your information for
There's often a legal reason for us to keep your information for a set period of time. We try to include these in our Data Retention Schedule.
Where to get advice
Our Data Protection Officer makes sure we respect your rights and follow the law.
For independent advice about data protection, privacy and data sharing issues, contact the Information Commissioner’s Office (ICO) online at Information Commissioner's Office, email email@example.com or call: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
You can also write to:
Information Commissioner's Office
Cheshire, SK9 5AF