Privacy Notice

Erewash Borough Council Privacy Notice

Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act and the General Data Protection Regulation. The most common way to provide this information is in a privacy notice.

This privacy statement tells you what to expect when Erewash Borough Council collects personal information. It applies to information we collect about:

• Visitors to our website
• People who register for an online account
• People who use our website to register for and use our services
• People who contact us with an enquiry or complaint
• Job applicants and our current and former employees

Data Controller

Erewash Borough Council is registered as a data controller with the Information Commissioner's Office, Registration Number Z5708006

Contact details for the council’s data controller are:

Data Protection Officer - Head of Law and Governance.
Erewash Borough Council, Ilkeston Town Hall, Wharncliffe Road, Ilkeston
Derbyshire, DE7 5RP email This email address is being protected from spambots. You need JavaScript enabled to view it.
Call 0115 9072244

What is Personal Data?

Personal data is basic details such as name, address, telephone number, and date of birth, or notes and comments made about a person, and information held about that person in files. This can include but is not limited to written correspondence, emails, photographs, audio recordings and video recordings.

Information classed as sensitive personal data include details of racial or ethnic origin, religious or political beliefs, health, trade union membership and criminal record.

You usually need to give us consent to hold sensitive data. We will always try and tell you why and how the information will be used.

What do we use personal data for?

We may need to use personal data for the following purposes:

• Promoting the services we provide
• Licencing and regulatory activities
• The provision of all commercial services including the administration and enforcement of parking regulations and restrictions
• The provision of all non-commercial activities including refuse collections from residential properties
• Supporting and managing our employees
• Carrying out health and public awareness campaigns
• Managing our property
• Providing leisure and cultural services
• Maintaining our own accounts and records
• Carrying out surveys
• Administering the assessment and collection of taxes and other revenue including benefits and grants
• Local fraud initiatives
• Data matching under local and national fraud initiatives
• Crime prevention and prosecution including the use of CCTV
• Corporate administration and activities we are required to carry out as a data controller and public authority
• Undertaking research

We will use personal data where one or more of the following apply:

• We have your consent; for example, you may have given your consent on a paper form, or online form through our website or during a telephone conversation with our staff.
• Where we have a contract with you or you asked us to process your data prior to entering into a contract.
• Where we are under a legal obligation that requires us to process your personal data.
• We are protecting your vital interests, or those of other persons. For example sharing details of your health with a medical professional in an emergency.
• Where the council is carrying out a public function, for instance collection of council tax, safeguarding, or planning function.
• It is required for the prevention or detection of crime.
• It is required for obtaining legal advice or for the purpose of legal proceedings.
• It is used for research purposes.

Purpose of Processing Personal information

As a local authority, the council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.

When you fill in a form, register online, contact us, or interact with us in any other way the council may receive personal information about you such as your:

• Name
• Address
• Email
• Telephone number
• Debit or credit card details
• Date of birth

If we collect personally identifiable information we will be transparent about this. We will make it clear when we collect personal information, and explain what we intend to do with it.

For some of our services, we need to collect personal data so that we can get in touch, or provide the service. We always try to make sure the information we collect is correct and isn’t an invasion of your privacy.

If you use a specific council service, we will let you know how that service will use your personal information via a separate privacy notice.

Where we do not directly provide the service, we may need to pass your personal data onto the people who do. These providers are obliged to keep your details safe and secure, and use them only to fulfil your request. If we wish to pass your sensitive personal data onto a third party, we will usually only do so once we have obtained your specific and written consent, unless we are legally required to do so.

The Data Protection Act and the UK General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and make sure that we:

• Process all personal information lawfully, fairly and in a transparent manner.
• Collect personal information for a specified, explicit and legitimate purpose.
• Ensure that the personal information processed is adequate, relevant and limited to the purpose for which it was collected.
• Ensure the personal information is accurate and up to date.
• Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
• Keep your personal information secure using appropriate technical or organisational measures.

Consent

When relying on consent our method of obtaining it will:
• Be displayed clearly and prominently;
• Ask you to positively opt-in, in line with good practice; and
• Give you sufficient information to make a choice.

In addition where we process your information for a range of purposes we will:
• Explain the different ways we will use your information; and
• Provide a clear and simple way for you to indicate you agree to different types of processing.

We will usually seek your consent prior to processing or sharing your information; however, if there is a legal reason, as outlined under the Data Protection Act we may not require your consent, for example, where the disclosure is necessary for the purposes of the prevention and/or detection of crime. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.

Where consent has been used as the lawful basis for using your personal data, you have the right to withdraw your consent at any time.

Information Sharing

We have a legal requirement to make sure you know what we intend to do with your information and who it will be shared with.

In order to provide you with the service you require, there may be occasions when your information is shared with those who carry out work on our behalf.

Sometimes we may need to ask other agencies or organisations for relevant information about you to fulfil our legal responsibilities or to provide services. This may include requesting information from Credit Reference Agencies (CRA), predominantly for Revenue and Benefits services. The CRA that Erewash Borough Council utilise have their own privacy notice on the Transunion website

We may pass your information to other agencies or organisations as allowed or required by law, for example to carry out their statutory duties where it is necessary to prevent harm to yourself or other individuals.

We want to be able to provide appropriate, timely and effective services – it is important to us that we co-ordinate what we do for you properly. To do this, we share basic information such as name and address between services within the council. This is so that we can keep our information on you as up to date as possible and so that we can improve our services to you. For example, if you tell the contact centre that you have moved, they will pass this information on to other parts of the council such as council tax.

Even though our systems are joined-up, we ensure that staff within the council can only access the information they need to do their job. In addition, we have a duty to protect the public funds we administer and so may use the information we hold to prevent and detect fraud and any other legally required purposes.

We will also need to supply your information to organisations we have contracted to provide a service to you.

We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.

We do have specific information sharing agreements in place with some of our partners and sometimes the law requires that we may have to pass your details on to a third party – to prevent crime for example.

Details of transfers to third country safeguards

Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA). The UK is subject to an ‘Adequacy Decision’ for sharing data within the EEA; should this change, our storage and transfers will be reviewed.

Retention Periods

We will only keep your information for as long as it is required to be retained. The retention periods are either dictated by law or by our discretion. Once your information is no longer needed it will be securely and confidentially destroyed. Retention periods are identified in service specific privacy notices as these will differ by service and Legislation.

Your Rights

You have a number of rights in relation to your personal data, Please note that not all rights are automatic and some may not be available in certain circumstances:

• The right to be informed via Privacy Notices such as this.

• The right to find out about personal data we hold and ask for a copy of it (Subject Access Request) – you can ask us whether we hold personal data and you can request a copy of the information we hold

• The right to withdraw your consent – if you have provided us with consent for the use of your data for instance, marketing purposes, you have the right to withdraw your consent to stop the further use of your data for this purpose. This right may not be available where use of your data is not reliant on obtaining consent, for instance compliance with a legal obligation.

• The right to object to use of your information which is likely to cause substantial damage or distress – you may object in writing to us explaining why such use of your data is likely to cause you damage or distress and what should be done to prevent this. This right is not automatic and the use of your personal data for purposes you disagree with may be justified in certain circumstances even if it causes you some damage or distress.

• The right to refer to the Information Commissioner’s Office – for independent advice about data protection, privacy and data sharing issues, or if you are still dissatisfied with how the council has handled a complaint about the use of your personal data.

• You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.

Under the General Data Protection Regulation additional rights will be available from the 25 May 2018.

• The right of rectification, we must correct inaccurate or incomplete data within one month.

• The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.

• The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.

Emails

Emails and any attachments are confidential and may contain personal views which are not the views of Erewash Borough Council unless specifically stated.

If you have received an email in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.

Please note that the council monitors emails sent or received for the purposes of ensuring compliance with its policies and procedures. Further communication will signify your consent to this.

The contents of emails sent or received may have to be disclosed if a relevant request is made under current legislation, such as, but not limited to, the Data Protection Act and the Freedom of Information Act 2000.

Email messages are scanned for Viruses and Content.

Registering for online services

We collect personal data that you provide to us when you register for an online account. By registering with us online either in relation to your account or a specific service, you consent that Erewash Borough Council may process the personal data that we collect from you in accordance with this privacy notice.

In general, we will hold your personal data for the purpose of maintaining and operating your account or registration and will use your personal information:

  • For the purpose you provided the information for and to carry out our statutory duties.
  • To verify your entitlement to access the services you have requested, such as verification of your residence in the borough.
  • To communicate with you and provide information about services appropriate to your needs.

We will retain your information for the period necessary to fulfil the relevant purpose for which it is held and we will also retain any external verification so long as it remains accurate based on the information you provide to use. This will allow us to reuse that information when you register for additional services.

Visitors to our website

The computers which host our website log the IP details of all machines accessing our pages. We only use such logs to determine website usage and not as a means of identifying or obtaining information about specific users. Any IP information is treated as strictly confidential and is not published or divulged to any third party.

CCTV

We have installed CCTV systems in public spaces and in some of our premises used by members of the public, for the purpose of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purpose of monitoring building security and crime prevention and detection. More information can be found in our CCTV Policy.

In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.

Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.

You have the right to see CCTV images of yourself and be provided with a copy of the images.

Fair Processing Notice

The council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
As a result of this obligation, the council is required to participate in the National Fraud Initiative and does transfer some information to the Cabinet Office for those purposes.  For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, please refer to its privacy notice on gov.uk.

Access to the council’s Decision Making process

Information on the constitution of the council can be found on the council's website.

Access to Council Official Information

Under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 you have a right to request any recorded official information held by the council. The information you require may already be publicly available. The council has a duty to make official recorded information available. The council has a duty to make information available via a publication scheme. Before you submit a request, please check the publication scheme to see if we already hold and have published the answer to your request.

If you need to make a request, you can:

• Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
• Write to Erewash Borough Council, Ilkeston Town Hall, Wharncliffe Road
Ilkeston, Derbyshire, DE7 5RP

You do not need to say why you want the information. Your request must include your name, and an address for correspondence (if you apply by email, your email address is a suitable address for correspondence). Please ensure you identify the information you want as clearly as possible.

With certain limited exceptions, you are entitled to a response within 20 working days.

It costs nothing to make a Freedom of Information (FOI) request. However the council can refuse to deal with your request if doing so would cost more than £450 (which equates to 18 hours work). In extreme circumstances, the council may also charge for the cost of photocopying and postage.

You may not get the information you asked for:

• If the council does not hold the information you have requested.
• If the information is exempt from disclosure.
• If finding the information you have requested would take longer than 18 hours.

If we are unable to supply any of the information you have requested, we will tell you the reason why.

For more details please refer to the Information Commissioners Officer website.

How do we keep your information secure?

We will take appropriate steps to make sure we hold records about you in a secure way, including:

• All employees who have access to your personal data or are associated with the handling of that data are obliged to respect the confidentiality of your personal data.
• We will have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.

The Council has in place a hierachy of officers that are responsible for protecting your data, as follows:

  • Senior Information Risk Officer (SIRO) – Director of Resources. Has overall responsibility in the Council for managing information risks. Appoints the officers below to manage these risks.
  • Data Protection Officer – Head of Law and Governance. Monitors internal compliance, informs and advises on our data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs) and acts as a contact point for data subjects and the Information Commissioner's Office (ICO).
  • Information and Cyber Security - ICT Manager. Responsible for developing, implementing and managing cyber security and information security strategy. This includes vulnerabilities and risks in software and systems, and firewall, spyware and malware detection.
  • Information Governance Officer – Performance and Information Security Officer. Supports the overall development, management and delivery of the council’s Information Governance Framework and work programme and assists/deputises for the Head of Law and Governance/Data Protection Officer.

Service or Project Specific Privacy Notices

Services using large amount of personal or sensitive information will have their own dedicated privacy notice to tell people what information is being shared. These notices will map out how personal information flows through the service or project and how it is processed. Service/Project specific privacy notices can be found within data collection forms and on the relevant service’s website page, where appropriate.

Concerns about the use of personal data or its accuracy

If you have concerns about the use of your personal data by Erewash Borough Council or its accuracy, you may contact us at the address above.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Call 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. Alternatively, visit the ICO website or email This email address is being protected from spambots. You need JavaScript enabled to view it.