North East Lincolnshire Council’s Overarching Privacy Notice
Last updated: May 2018
North East Lincolnshire Council as a data controller is committed to being transparent in its processing of personal data to meet its legal obligations and provide our services. This privacy notice explains broadly how we collect, use and protect your personal data in accordance with the General Data Protection Regulation.
A DATA CONTROLLER is the person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
PROCESSING means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
North East Lincolnshire Borough Council is registered as a data controller with the Information Commissioner’s Office under the Registration Number Z5951373.
Separate registrations are also in place for North East Lincolnshire Borough Council Superintendent Registrars Service (Z7097889) and North East Lincolnshire Borough Council Electoral Registration Officer (Z8809111).
You can view these notifications detailing the purposes we process information for on the Information Commissioner’s website.
As a public authority we are required to have a Data Protection Officer, who is responsible for:
- Informing and advising the council in respect to their data protection obligations;
- Monitoring the council’s compliance with their data protection obligations;
- Providing advise advice where requested; and
- Acting as a point of contact and cooperating with the Information Commissioner’s Office.
Our Data Protection Officer is Paul Ellis
Telephone: 01472 323372
Postal: North East Lincolnshire Council, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU
PERSONAL DATA means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
SPECIAL CATEGORIES OF PERSONAL DATA relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Whenever possible we will always look to use aggregated, anonymised or pseudonymised data rather than using identifiable personal data. Explanations of these terms can be found in our Records Management Policy and Information Governance Framework.
When processing your personal data we will at all-times comply with our obligations under the General Data Protection Regulation and other data protection law. These obligations are there to protect you and ensure that we:
- Process your personal data lawfully, fairly and in a transparent manner;
- Collect your personal data for a specified, explicit and legitimate purposes and do not process it for further purposes that are incompatible;
- Ensure that the personal data we process is adequate, relevant and limited to what is necessary for the processing purpose;
- Ensure your personal data is accurate and, where necessary, kept up to date;
- Keep your personal data for no longer than is necessary;
- Keep your personal data protected and secure, to do this we have put in place appropriate organisational and technical measure, to prevent its unauthorised or accidental lose or destruction and ensure it is only accessed by those authorised to do so in the performance of their duties.
We will use your personal data for the following purposes and at all times in accordance with our data protection obligations, including:
- Where you have consented to or asked us to process of your data for a particular purpose;
- To deliver our services effectively and efficiently to you including communicating with you and confirming your identity;
- To meet our statutory obligations;
- For the promotion or improvement of the economic, social or environmental well-being of North East Lincolnshire;
- For employment purposes and duties;
- To carry out our Public Health duties – all Local Authorities have a duty to improve the health of the population they serve. To help with this, we use data and information from a range of sources, including pseudonymised hospital data, and personal data collected at the registration of a birth or death, to understand more about the nature and causes of disease and ill-health, and about the health and care needs in the area;
- To identify and protect those at risk of harm;
- To respond in the event of an emergency or a major accident;
- To carry out our enforcement functions;
- For the prevention and detection of fraud and crime and the protection of public funds including the use of Data Matching;
- The use of CCTV images for the purposes of public safety and the prevention and detection of crime;
- For research and statistical purposes to provide intelligence about North East Lincolnshire and its residents and help us plan efficient and effective services for the future. These activities are normally undertaken using aggregated, anonymised or pseudonymised data; and
- Where otherwise permitted under the Data Protection Act.
Services processing large amounts of personal data or special categories of personal data will have their own dedicated privacy notice to tell you how your personal data is being processed.
We are required by law to protect the public funds we administer, and may use any of the personal information you provide to prevent and detect potential fraud and crime, by conducting data matching on our own or in conjunction with others. The other bodies responsible for auditing or administering public funds we may share information with for data matching, include the Cabinet Office, the Department for Work and Pensions, HM Revenue and Customs, the Police and other local authorities.
Data Matching involves the comparison of computer records held by one body against other computer records held by the same or another body. The data matched is usually personal information, allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can or will be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Cabinet Office requires us to take part in the National Fraud Initiative, which is a national data matching exercises to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out on the National Fraud Initiative website.
The use of data by the Cabinet Office for data matching is carried out under its powers in Part 6 of the Local Audit and Accountability Act (LAAA) 2014, and does not require the consent of the individuals concerned under the Data Protection Act 1998. The full text of the National Fraud Initiative privacy notice can be found here.
Data matching by the Cabinet Office is subject to a Code of Practice.
Further information about the Cabinet Offices’ legal powers and why it matches particular information can be found on the National Fraud Initiative website.
Depending on the purpose we using your personal data for will determine our legal basis for processing your personal data. Generally, the legal basis for processing will be one of the conditions set out in Articles 6 and 9 of the General Data Protection Regulation, the main ones of which are:
- To perform a task or provide a service carried out in the public interest (Article 6 1 (e));
- To comply with a legal obligation (Article 6 1 (c));
- The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6 1 (b));
- The processing or disclosure is in your vital interests or of another person (Articles 6 1 (d) and 9 2 (c));
- The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Article 9 2 (f)); or
- You have given your explicit consent (Articles 6 1 (a) and 9 2 (a)).
When processing is on the basis of consent you will be able to withdraw your consent to processing at any time. Please contact the Council’s Data Protection Officer for further details about this.
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. However, where possible we will anonymise your data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely disposed of.
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, we may share or disclose your personal data with others. For example:
- To comply with our legal obligations or as permitted by the General Data Protection Regulation;
- With partner organisations that support the delivery of the services you receive;
- With organisations we have contracted to provide services on our behalf;
- For the purpose of the prevention and / or detection of crime;
- To protect the public funds we administer (including data matching);
- When it is in your vital interests or that of another person; or
- When you have asked us to do so.
We will only share your personal data if we are satisfied that the recipient has sufficient measures in place to protect your information in the same way that we do, and when sharing your information we will only share the minimum necessary.
We will not share or sell your personal data for marketing purposes.
We do not routinely store or transfer your personal data outside of the European Economic Area (EEA)
You have the following rights in relation to your personal data:
- Access – You can ask us for the personal data we hold about you (a Subject Access Request) and for details about that data and it has been used.
- Rectification – You can ask for inaccurate data to be corrected, incomplete data to be completed or a supplementary statement attached to your information.
- Erasure – You can ask us to delete any data we hold about you, if legislation and our retention schedules no longer require us to hold it.
- Restriction – You can ask us to temporarily stop processing your personal data in certain circumstances. For further details see Article 18.
- Data Portability – You can ask us for copies of the data in an electronic format we hold about you in certain circumstances. For further details see Article 20.
- Objection – You can ask us to stop processing your personal data in certain circumstances. For further details see Article 21.
- Automated decisions / profiling – You have the right not to be subjected to a decision based solely on automated processing, including profiling, which has legal effects for you or significantly affects you.
- Complain – You can make a complaint to the Information Commissioner’s Office if you are unhappy with how we have processed your personal data.
We strive to meet the highest standards when collecting and using personal data. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you wish to make a suggestion, ask a question or make a complaint (request an internal review) about how your personal data has been used, please visit our Data Protection page or contact the Council’s Election and Complaints.
If following this you remain dissatisfied with our handling of your personal data, you can contact the Information Commissioner’s Office for an independent review.
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
We will continually review and update this privacy notice to reflect changes in our services, feedback from you and to comply with any changes in the law. When we make a change, we will revise the ‘last updated’ date, which can be found at the beginning of this notice.