Privacy notice

We process personal data to provide public services.

Personal data is information about living identifiable individuals. It can be a name, address, contact details, photograph, sound recording; it can be details of someone’s behaviour, lifestyle, physical or mental health needs; it can be a unique number, such as a vehicle registration plate, National Insurance number, etc.

We decide what personal data we need and how to use it, so we are a Data Controller and registered as such on the Information Commissioner’s Register of Data Controllers.

When we collect personal data, we are required to make sure you are clear what data we need and why, what we intend to do with it, what your individual rights are, and who you can contact for enquiries or concerns about the use of your personal data. This is called a privacy notice and we can do this verbally or in writing.

This page is our general privacy notice and we have included specific privacy notices below for the services that process large amounts of personal data, for example council tax, planning, parking, elections, licensing, housing, etc. 

Why we collect and use personal data

We collect and use personal information to:

  • provide, plan and manage our services
  • carry out our regulatory, licensing and enforcement roles
  • carry out any other tasks which we have to do by law
  • make and take payments and grants and spot fraud
  • listen to your ideas about our services
  • tell you about our services
  • evaluate and improve services

We might collect your personal data directly from yourself, from someone acting on your behalf, or from another third party. We might collect this data in person, over the telephone, in writing, or captured as an image, audio or film recording. 

We can only use your personal data if we have a lawful basis for doing so. The lawful basis will be recorded on the Council’s Record of Processing Activity and, where appropriate, on relevant service area privacy notices. 

If we rely on consent to process your data, you have the right to withdraw that consent at any time. To withdraw consent, either contact the Service that you provided the consent to or contact the information management team. 

Sharing your information

We share personal data internally within the council and also with external third parties so we can carry out our work. Internal sharing might include checking your eligibility for a service (eg free school meals) or keeping accurate records, whereas external sharing might be to ensure you receive the right service (eg social care support). 

Who we share information with depends on the service we are providing and your circumstances, but may include:

  • healthcare, social and welfare organisations and professionals
  • providers of goods and services
  • financial organisations, including debt collection, tracing and credit referencing agencies
  • elected members
  • local and central government
  • ombudsman and regulatory authorities
  • professional advisors and consultants
  • police forces, other law enforcement and prosecuting authorities
  • voluntary and charitable organisations
  • Disclosure and Barring Service
  • Courts and Tribunals
  • utilities providers

When personal data is shared, only the minimum amount is shared and relevant contracts and / or agreements will be in place. 

Fraud prevention and detection

We are required by law to protect the use of public funds and for this reason we share information with internal services and other bodies responsible for auditing or administering of public funds to detect and prevent fraud. This sharing includes, but is not exclusive to the Council’s external auditor, Department for Work and Pensions, other local authorities, HM Revenue and Customs, the Police, credit reference agencies. 

We also share personal data with the Cabinet Office for the National Fraud Initiative. This is a national data matching exercise, which takes electronic data from the private and public sectors to identify potential fraudulent claims and payments.

The Cabinet Office stipulates the data that they need and subsequently provides us with details of the cases where the matching indicates an inconsistency or potential for fraud, so that we can investigate further. This data matching is carried out under the Local Audit and Accountability Act (part 6, Schedule 9) and does not rely on your consent. 

Your data rights

You have the following rights in regard to your personal information, to:

  • access copies of any records we hold about you
  • have any information we hold about you corrected
  • have any information we hold about you deleted or destroyed
  • restrict how information we hold about you can be used or shared
  • object to information about you being held
  • have any information we hold about you transferred to a third party
  • challenge decisions relating to you made using automated decision making and profiling (currently we have no services that use automated decision making or profiling for decision making)

Please note there may be times that we cannot fulfil these rights fully because of legal reasons, for example we cannot delete your data if we still need it.

If you want to exercise any of the above rights, please make a subject access request.

Make a subject access request

Who to contact about the way your personal data is handled

If you have any queries, concerns or complaints about the way we process your personal data, including the way we handle information requests, you can contact our Customer Services or the Data Protection Officer.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to contact the Information Commissioner’s Office.

How we use your information

Our Fostering Service approve, train and support foster carers to take in children in care and provide them with a home. 

To do this we have to process personal data about the foster carers to ensure the carers and the children we intend to place are safe and it is a suitable match. As a minimum, we need to process the following information about the prospective carers:  

  • name, address, contact details, date of birth, gender, language
  • ethnicity, disability, religion and medical information
  • family network and relationship information
  • education, employment and financial information
  • assessments and approvals for suitability to foster children (including DBS checks)
  • bank details, National Insurance number

We process this information in accordance to our legal obligations under the Fostering Services (England) Regulations 2011, Fostering Services Regulations 2002, and Children’s Act 1989. We process the special category (sensitive) information, to provide social care, which is covered under the General Data Protection Regulations Articles 6(1(e) and 9(2)(h).

How we share your information

As part of the application process, we share information with third parties to assess the applicant’s suitability, which will include:

  • our internal services
  • other local authorities
  • past and present employers
  • schools
  • friends and family members
  • health agencies
  • Fostering Panel, external Fostering Agencies

As an approved foster carer, we may share and exchange information with the Fostering Panel, fostering agencies, Inland Revenue, OFSTED, health agencies, schools, other local authorities.

We will also share personal information with law enforcement or other authorities where permitted by law and provide data to the Cabinet Office for the National Fraud Initiative, which aims to match data to detect fraud and error.

How long your information will be kept

This varies depending on the type of information, as well as the legal requirements and reason we are keeping the information. In some instances the law sets the length of time information has to be kept. We also have retention and disposal schedules which give details about how long we need to keep different types of information.

We create a case record for each foster carer applicant (including approved carers, unsuccessful applicants and applicants that withdraw from the process), which holds the information obtained as part of the application, background checks and assessment, decisions and outcomes.

The case files for approved foster carer files are kept for 75 years from the date they cease to be a foster carer. Finance records are kept for 7 years from the date they are created.

The case files for applicants that were not approved or who withdrew from the process are kept for 10 years.

However, we are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual Abuse (aka the ‘Goddard Inquiry’). When the Inquiry concludes and we are no longer required to retain all records, our usual data retention rules will be applied.

What your rights are

You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.