Worcestershire County Council Full Privacy Notice
Who we are
Worcestershire County Council is a ‘Controller’ under the General Data Protection Regulation (GDPR) and pay the required annual Controller fee to the Information Commissioner's Office (ICO). We are a public authority and have a nominated Data Protection Officer in place.
We are responsible for managing the information we hold, and we recognise that this information is important to you. We take our responsibilities seriously and use personal information fairly, correctly and safely in line with the legal requirements set out by the GDPR. Anyone who receives information from us is also under a legal duty to do the same and our suppliers and providers have a set of data protection clauses included in their contract.
Where we need to share sensitive or confidential information, such as medical details, we will do so with your consent or where we are legally required or able to do so. We may share information to prevent risk of harm to an individual.
Changes to this notice
We keep our privacy notice under regular review, and we will place any updates on this page. This privacy notice was last updated on 23 May 2018.
What personal information do we hold
When deciding what personal information to collect, use and hold, we are committed to making sure that we will:
- only collect, hold and use personal information where it is necessary and fair to do so
- keep your personal information secure and safe
- securely dispose of any personal information when it is no longer needed
- be open with you about how we use your information and who we share it with
- adopt and maintain high standards in handling any personal information
We may hold the following types of information about you:
- details about you including full name, date of birth, and contact details (for example phone number, address, and email address)
- details about any contact with you
- information relevant to the services being provided for example library services, social care services, education, parking badges etc.
Why we collect information about you
We will use your personal information for a limited number of purposes and always in line with our responsibilities, where there is a legal basis, and in line with your rights under the General Data Protection Regulation (GDPR).
In general, we process your information in order to:
- deliver public services
- confirm your identity to provide some services
- contact and communicate with you
- understand your needs to provide the services you request, for example joining the library or applying for a school place
- monitor our performance in providing services to you
- obtain your opinion about our services
- meet various legal requirements and statutory obligations
- to enable us to perform statutory law enforcement functions for example child employment, school attendance, and trading standards
- prevent and / or detect crime or fraud
- process financial transactions (including grants, payments and benefits directly involving the Council or where we are acting on behalf of other government bodies such as Department for Work and Pensions)
- for general processing where you have given your consent for us to do so
- protect individuals from harm or injury
- allow the statistical analysis of data so we can plan the provision of services
- fulfil our duty to improve the health of the population we serve
- where it is permitted under the GDPR (for example to comply with legal obligations or for us to seek legal advice or undertake legal proceedings)
We may not be able to provide you with a product or service if we do not have enough information and, in some instances, your consent to use that information.
We aim to keep your information accurate and up to date. You can help us to do this at any time by letting us know if any of the information you have given us changes, such as your address. Visit our Contact Us page for more details.
We use data and information from a range of source data, including data relating to births or deaths, to understand more about the health and care needs in the area.
We may process your information overseas using ICT systems and services that are hosted outside the European Economic Area, but only with data processing agreements that meet our obligations under the GDPR.
How the law allows us to use your personal information (legal basis)
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties or in the exercise of our official authority
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for a task in the public interest
Where we process information that is considered to be more sensitive and requires more protection, including your racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding your physical and mental health) we also meet one of the special category personal data conditions:
- it is necessary for employment, social security or social protection purposes
- it is necessary to deliver health or social care services
- it is necessary to protect someone in an emergency
- you, or your legal representative, have given consent
- you have made your information publicly available
- it is necessary for legal cases
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
If we have your consent to use your personal information, you have the right to remove it at any time. If you want to withdraw your consent, please contact the Council service or team holding your information in the first instance. Alternatively please contact our data protection team and tell us about the service you are using and the consent you would like to withdraw so we can deal with your request:
Ways we collect your information from you
Face to face
We may keep a record of your visit to us to assist us in the delivery and improvement of the services that we provide to you and to others. Any such records that include personal information will be kept securely.
Telephone calls
We will inform you if we record or monitor any telephone calls you make to us. Calls made direct to, or from, our Customer Service line (01905 765765) are recorded and kept for 12 months. Calls may be recorded if telephoning direct to other service teams on alternative numbers including the Adult Access Centre, Family Front Door, Emergency Duty Team, Shared Lives Team, and BACS teams.
We do not record any financial card details if you make any payments by telephone. If the call is transferred to a member of staff outside the Customer Service team, the recording stops.
Live chats
Live chat is an alternative to the telephone. You will receive an email of your chat transcript each time you use the service. These records will be used to increase your security and for our record keeping of the transaction.
Emails
If you email us, we may keep a record of your contact, your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you unless you agree to this.
We suggest that you keep the amount of confidential information you send to us via email to a minimum and use email encryption or if possible, our secure online forms and services.
Online
Our systems will capture and record personal information if you:
- subscribe to or apply for services that require personal information
- report a fault and give your contact details for us to respond
- contact us and leave your details for us to respond
Any forms on our website that capture personal information are secure.
Cookies
We employ cookie technology to help log visitors to our website. A cookie is a string of information sent by a website and stored on your hard drive or temporarily in your computer’s memory. The information is collected in order to make websites work, or to make them work more efficiently, and provide information for the administration of the website. You can reject the use of cookies, but you may be asked for information again, e.g., to participate in a survey. For further information including how to block cookies see the Cookies page.
Other websites
This privacy notice applies only to Worcestershire County Council websites maintained by us. On our website you will find links to other external websites which we have provided for your information and convenience. We are not responsible for the content of these external websites and recommend that when you visit other websites you take time to read their privacy notices.
How long we will keep your information
We will not keep your information longer than it is needed. In some instances, the law sets the length of time information has to be kept. We may keep your data longer if we need to retain it for legal, regulatory, or evidential or best practice reasons. We will dispose of all records in a secure way, whether they are on paper or electronic. Our Disposal Schedule provides a list of the retention periods for key records we hold in the Council.
Who we may share your information with
We may disclose personal information to a third party, but only where it is required by law, where it is otherwise allowed under the General Data Protection Regulation (GDPR), or where we have obtained your consent to do so.
We may disclose information when necessary to prevent risk of harm to an individual.
Your personal information may be shared within the Council or with external partners and agencies involved in delivering services on our behalf. They will only have access to your information if it is needed to fulfil your request or deliver the service. These providers are obliged to keep your details securely and use them only to fulfil your request or deliver the service.
The Council may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted, under the GDPR for example where the disclosure is necessary for the purposes of the prevention and / or detection of crime or fraud. In some of these arrangements, we may become joint controllers with the other organisation(s). Examples of third parties who we may share your information with include (but are not limited to):
- Health organisations
- Police
- Ofsted
- Local authorities
- Regulatory bodies such as the Department of Work and Pensions or the Care Quality Commission
The Council will seek to ensure that the third party has sufficient systems and procedures in place to prevent the loss or misuse of personal information.
If your personal information is transferred outside the European Economic Area (EEA) for processing or storage purposes the Council will ensure that safeguards are in place to protect it to at least the standard applied within the EEA.
Public sector partners across Worcestershire have agreed the principles in the Worcestershire Data Sharing Charter so you can be confident that members all comply with the same data sharing standards. The Council aims to publish sharing agreements where information is shared with specific partners for specific purposes. For more information visit Worcestershire LEP - Worcestershire Data Sharing Charter.
At no time will your information be passed to organisations external to Worcestershire County Council for marketing or sales purposes or for any commercial use without your prior express consent.
How we protect your information
Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.
We have an Information Governance Policy Framework that includes polices on Data Protection, Information Security, and Freedom of Information and Environmental Information. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
We will investigate data incidents where we have found that your personal information may have, or has been, disclosed inappropriately and attempt to recover any data. We will report incidents to the Information Commissioner's Office (ICO) that pose a risk to your rights and freedoms if these risks are high we will also inform you unless it would present a risk to you.
Use of personal information for marketing and promotion
We will only send you information about our services and / or products if you have opted in to receive them. We may also share your information with other service providers who may contact you with details of services they provide if you give us permission to do this. You can change your mind at any time by contacting us.
Use of CCTV
We have installed CCTV systems in some of our premises used by members of the public for the purposes of public and staff safety and the prevention and detection of crime. CCTV is also installed outside in some of our car parks and on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.
They are also installed in our recycling sites for the purposes of public and staff safety, crime prevention and detection, and the abuse of council policies. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of whom to contact for further information about them.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for a longer period, for example where a crime is being investigated.
We will only disclose CCTV images to third parties for the purposes stated above. CCTV images will not be released to the media, used for entertainment purposes or placed on the internet.
You have the right to see CCTV images of yourself and be provided with a copy. Please see your information rights for information about how to make a request.
We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Surveillance Camera Commissioner.
Prevention and detection of fraud
Worcestershire County Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of fraud to comply with the law.
In addition to our own 'data matching' exercises we may also share this information with other public bodies. These include, but are not limited to:
- Cabinet Office – including the national data matching exercises under Part 6 of the Local Audit and Accountability Act 2014
- Department for Work and Pensions
- other Local Authorities
- HM Revenue and Customs (HMRC)
- Police
- NHS
We may also share information with utility companies, credit reference agencies, service providers, or contractors and partner organisations where the sharing of information is necessary, proportionate, and lawful.
In limited situations we may monitor and record electronic transactions (website, email and telephone conversations). This will only be used to prevent or detect a crime, or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.
Emergency response management
Data matching may also be used to assist the council in responding to emergencies or major accidents, by allowing the council, in conjunction with the emergency services, to identify individuals who may need additional support in the event of e.g. an emergency evacuation.
Your information rights
You have the right to request the Council take action to fulfil your rights. We will seek to comply with your request wherever possible. However, action may be restricted or refused in certain circumstances, for example where we are required to hold, retain, or process personal data to comply with a legal obligation or as a public task and the Council may not be able to comply with some requests received.
You have the right to:
- be informed about what we do with your data
- access to the information we hold about you
- request rectification of any information about you that is incorrect
- request records we hold about you are erased or "forgotten", depending on the service and legal basis
- restrict processing of your personal information if you have an objection to that processing, whilst your objection is investigated
- request any information that you have provided to us is given back to you in a format that you can give to another service provider if required, depending on the service and legal basis - "data portability"
- object to processing of your personal information, depending on the service and legal basis
- safeguards in relation to automated decision-making and profiling
We try to ensure that any information we hold about you is correct but, there may be situations where you find the information we hold is no longer accurate. Please contact the Council service or team holding your information in the first instance.
More information about how to make a request to exercise your rights can be found on our make a Data Protection request page.
Contacts
If you would like to contact the Data Protection Officer directly, please contact the Council's Corporate Information Management Unit:
- email: dataprotection@worcestershire.gov.uk
- telephone: 01905 845571
- address: Data Protection Officer, Corporate Information Governance Team (CIGT), Worcestershire County Council, County Hall, Spetchley Road, Worcester, WR5 2NP
For general enquiries, see the Contact Us page.
How to complain
If you wish to complain about your privacy or rights, please contact the service in the first instance.
If you wish to raise the matter directly with the Data Protection Officer, please use the details in the Contacts page.
You have the right to complain to the supervisory authority, the Information Commissioner's Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted:
- website: Information Commissioner's Office
- telephone: 0303 123 1113
- address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Equalities information
We may use information such as your ethnic background, first language, gender, sexual orientation and age to gather statistics about the population of the area and the take-up of our services. This is to help comply with our legal obligations and to plan the provision of services in the future. Such analysis will not identify individuals or have impact on entitlement to services and facilities.
This notice can be made available in a different format i.e., large print, audio or a language other than English. If you would like to know more then please contact us.
Further information
If you require further information about the data protection legislation and the General Data Protection Regulation (GDPR) please visit the Information Commissioner's Office site.