Worcestershire County Council Full Privacy Notice

Worcestershire County Council Full Privacy Notice

Introduction

Our privacy notices set out how we, Worcestershire County Council, collect, store and handle your personal information and what your information rights are.  Your rights will vary with the service being used.  We provide a wide range of public services, so one notice for all services may not give you enough detail.  You can also find links to further notices for each service area.  There may be a service specific privacy notice for you to find out how your information is used and your rights. 

Personal information may be collected on a paper or online form, by telephone, email, CCTV or by a member of our staff, or one of our partners. 

Who we are

Worcestershire County Council is a ‘Controller’ under the UK GDPR and pay the required annual Controller fee to the ICO under registration number Z5699200.  We are a public authority and have a nominated Data Protection Officer in place.

We are responsible for managing the information we hold and we recognise that this information is important to you.  We take our responsibilities seriously and use personal information fairly, correctly and safely in line with the legal requirements set out by the UK GDPR. Anyone who receives information from us is also under a legal duty to do the same and our suppliers and providers have a set of data protection clauses included in their contract.

Where we need to share sensitive or confidential information, such as medical details, we will do so with your consent or where we are legally required or able to do so.  We may share information to prevent risk of harm to an individual.

Changes to this notice

We keep our privacy notice under regular review, and we will place any updates on this page. This privacy notice was last updated on 29 January 2024.

What personal information do we hold

When deciding what personal information to collect, use and hold, we are committed to making sure that we will:

  • only collect, hold and use personal information where it is necessary and fair to do so
  • keep your personal information secure and safe
  • securely dispose of any personal information when it is no longer needed
  • be open with you about how we use your information and who we share it with; and
  • adopt and maintain high standards in handling any personal information

We may hold the following types of information about you:

  • details about you including full name, date of birth, and contact details (for example phone number, address, and email address)
  • details about any contact with you
  • information relevant to the services being provided for example library services, social care services, education, parking badges etc.
     

Why we collect information about you

We will use your personal information for a limited number of purposes and always in line with our responsibilities, where there is a legal basis, and in line with your rights under the UK GDPR.  

In general, we process your information in order to:

  • deliver public services
  • confirm your identity to provide some services
  • contact and communicate with you
  • understand your needs to provide the services you request, for example joining the library or applying for a school place
  • monitor our performance in providing services to you
  • obtain your opinion about our services
  • meet various legal requirements and statutory obligations
  • to enable us to perform statutory law enforcement functions for example child employment, school attendance, and trading standards
  • prevent and / or detect crime or fraud
  • process financial transactions (including grants, payments and benefits directly involving the Council or where we are acting on behalf of other government bodies such as Department for Work and Pensions)
  • for general processing where you have given your consent for us to do so
  • protect individuals from harm or injury
  • allow the statistical analysis of data so we can plan the provision of services
  • fulfil our duty to improve the health of the population we serve
  • where it is otherwise permitted under the UK GDPR (for example to comply with legal obligations or for us to seek legal advice or undertake legal proceedings)

We may not be able to provide you with a product or service if we do not have enough information and, in some instances, your consent to use that information.

We aim to keep your information accurate and up to date. You can help us to do this at any time by letting us know if any of the information you have given us changes, such as your address. Visit our Contact Us page for more details.
We use data and information from a range of source data, including data relating to births or deaths, to understand more about the health and care needs in the area.

We may process your information overseas using ICT systems and services that are hosted outside the European Economic Area, but only with data processing agreements that meet our obligations under the UK GDPR.
 

How the law allows us to use your personal information (legal basis)

There are a number of legal reasons why we need to collect and use your personal information.  Generally we collect and use personal information where:

  • you, or your legal representative, have given consent
  • you have entered into, or are potentially entering into, a contract with us
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for a task in the public interest or in the exercise of official authority, including performing our statutory duties 
  • it is in our legitimate interests (if we are processing for a legitimate reason other than performing our tasks as a public authority) including security

Where we process information that is considered to be more sensitive and requires more protection, including your racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding your physical and mental health) we also meet one of the special category personal data conditions: 

  • it is necessary for employment, social security or social protection purposes
  • it is necessary to deliver health or social care services 
  • it is necessary to protect someone in an emergency
  • you, or your legal representative, have given consent
  • you have made your own information publicly available
  • it is necessary for legal cases
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes

If we have your consent to use your personal information, you have the right to remove it at any time.  If you want to withdraw your consent, please contact the Council service or team holding your information in the first instance.  Alternatively please contact our data protection team, email: dataprotection@worcestershire.gov.uk, and tell us about the service you are using and the consent you would like to withdraw so we can deal with your request.

Ways we collect your information from you

Face to face

We may keep a record of your visit to us to assist us in the delivery and improvement of the services that we provide to you and to others.  Any such records that include personal information will be kept securely.

Telephone calls and live chat

We will inform you if we record or monitor any telephone calls you make to us.  Calls made direct to, or from, our Customer Service line (01905 765765) are recorded and kept for 12 months.  Calls may be recorded if telephoning direct to other service teams on alternative numbers including the Adult Access Centre, Family Front Door, Emergency Duty Team, Shared Lives Team, and BACS teams.

We do not record any financial card details if you make any payments by telephone.  If the call is transferred to a member of staff outside the Customer Service team, the recording stops.

Live chat is an alternative to the telephone. You will receive an email of your chat transcript each time you use the service.

These records will be used to increase your security and for our record keeping of the transaction.

Emails

If you email us we may keep a record of your contact, your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you unless you agree to this.  

We suggest that you keep the amount of confidential information you send to us via email to a minimum and use email encryption or if possible, our secure online forms and services.

Online

Our systems will capture and record personal information if you:

  • subscribe to or apply for services that require personal information
  • report a fault and give your contact details for us to respond
  • contact us and leave your details for us to respond

Any forms on our website that capture personal information are secure. 

Cookies

We employ cookie technology to help log visitors to our web site. A cookie is a string of information sent by a website and stored on your hard drive or temporarily in your computer’s memory. The information is collected in order to make websites work, or to make them work more efficiently, and provide information for the administration of the website.  You can reject the use of cookies but you may be asked for information again, e.g. to participate in a survey.  Further information, including how to block cookies, is available on the cookies page

Other websites

This privacy notice applies only to Worcestershire County Council websites maintained by us.  On our website you will find links to other external websites which we have provided for your information and convenience.  We are not responsible for the content of these external websites and recommend that when you visit other websites you take time to read their privacy notices.

How long we will keep your information

We will not keep your information longer than it is needed.  In some instances, the law sets the length of time information has to be kept.  We may keep your data longer if we need to retain it for legal, regulatory, or evidential or best practice reasons.  We will dispose of all records in a secure way, whether they are on paper or electronic. Our Disposal Schedule provides a list of the retention periods for key records we hold in the Council and can be found on our website: Information and records management.

Download the Disposal Schedule (Excel spreadsheet)

Who we may share your information with

We may disclose personal information to a third party, but only where it is required by law, where it is otherwise allowed under UK GDPR, or where we have obtained your consent to do so.  

We may disclose information when necessary to prevent risk of harm to an individual.

Your personal information may be shared within the Council or with external partners and agencies involved in delivering services on our behalf.  They will only have access to your information if it is needed to fulfil your request or deliver the service.  These providers are obliged to keep your details securely, and use them only to fulfil your request or deliver the service.  

The Council may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under the UK GDPR e.g. where the disclosure is necessary for the purposes of the prevention and / or detection of crime or fraud.  In some of these arrangements, we may become joint controllers with the other organisation(s).  Examples of third parties who we may share your information with include (but are not limited to):

  • Health organisations
  • Police
  • Ofsted
  • Local authorities
  • Regulatory bodies such as the Department of Work and Pensions or the Care Quality Commission

The Council will seek to ensure that the third party has sufficient systems and procedures in place to prevent the loss or misuse of personal information. If your personal information is transferred outside the European Economic Area (EEA) for processing or storage purposes the Council will ensure that safeguards are in place to protect it to at least the standard applied within the EEA.

Public sector partners across Worcestershire have agreed the principles in the Worcestershire Data Sharing Charter so you can be confident that members all comply with the same data sharing standards.  The Council aims to publish sharing agreements where information is shared with specific partners for specific purposes.

At no time will your information be passed to organisations external to Worcestershire County Council for marketing or sales purposes or for any commercial use without your prior express consent.
 

How we protect your information

Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions.  The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.

We have an Information Governance Policy Framework that includes polices on Data Protection, Information Security, and Freedom of Information and Environmental Information.  These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas.  We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.  

We will investigate data incidents where we have found that your personal information may have, or has been, disclosed inappropriately and attempt to recover any data.  We will report incidents to the ICO that pose a risk to your rights and freedoms if these risks are high we will also inform you unless it would present a risk to you.

Use of personal information for marketing and promotion

We will only send you information about our services and / or products if you have opted in to receive them.  We may also share your information with other service providers who may contact you with details of services they provide if you give us permission to do this. You can change your mind at any time by letting us know using the contact details below.

Use of CCTV

We have installed CCTV systems in some of our premises used by members of the public for the purposes of public and staff safety and the prevention and detection of crime.  CCTV is also installed outside in some of our carparks and on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.

They are also installed in our recycling sites for the purposes of public and staff safety, crime prevention and detection, and the abuse of council policies.  In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about them.

Images captured by CCTV will not be kept for longer than necessary.  However, on occasions there may be a need to keep images for a longer period, for example where a crime is being investigated.

We will only disclose CCTV images to third parties for the purposes stated above.  CCTV images will not be released to the media, used for entertainment purposes or placed on the internet.

You have the right to see CCTV images of yourself and be provided with a copy.  Please see 'How to access the information we hold about you' for information about how to make a request.

We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Surveillance Camera Commissioner.
 

Prevention and detection of fraud

Worcestershire County Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of fraud to comply with the law.  

In addition to our own 'data matching' exercises we may also share this information with other public bodies.  These include, but are not limited to:

  • Cabinet Office – including the national data matching exercises under Part 6 of the Local Audit and Accountability Act 2014
  • National Anti Fraud Network (NAFN)
  • Cifas
  • Department for Work and Pensions (DWP)
  • other Local Authorities
  • HM Revenue and Customs (HMRC)
  • Police
  • NHS

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud, money-laundering and to verify your identity. They will also share your information with a range of information providers to obtain documentation or information that will allow us to verify the information you have provided us is accurate. If fraud is detected, you could be refused certain services, finance, or employment.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights can be found on the privacy notices of Cifas and National Anti Fraud Network (NAFN).

We also participate in the National Fraud Initiative (NFI) data matching exercise to assist in the prevention and detection of fraud. More information about the NFI can be found in our NFI privacy notice.

We may also share information with utility companies, credit reference agencies, service providers, or contractors and partner organisations where the sharing of information is necessary, proportionate, and lawful.

In limited situations we may monitor and record electronic transactions (website, email and telephone conversations).  This will only be used to prevent or detect a crime, or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.

Emergency response management

Data matching may also be used to assist the council in responding to emergencies or major accidents, by allowing the council, in conjunction with the emergency services, to identify individuals who may need additional support in the event of e.g. an emergency evacuation.

Your information rights

You have the right to request the Council take action to fulfil your rights.  We will seek to comply with your request wherever possible. However, action may be restricted or refused in certain circumstances, for example where we are required to hold, retain, or process personal data to comply with a legal obligation or as a public task and the Council may not be able to comply with some requests received.

You have the right to:

  • be informed about what we do with your data
  • access to the information we hold about you
  • request rectification of any information about you that is incorrect
  • request records we hold about you are erased or "forgotten", depending on the service and legal basis
  • restrict processing of your personal information if you have an objection to that processing, whilst your objection is investigated
  • request any information that you have provided to us is given back to you in a format that you can give to another service provider if required, depending on the service and legal basis - "data portability"
  • object to processing of your personal information, depending on the service and legal basis
  • safeguards in relation to automated decision making and profiling

We try to ensure that any information we hold about you is correct but there may be situations where you find the information we hold is no longer accurate.  Please contact the Council service or team holding your information in the first instance.  

More information about how to make a request to exercise your rights can be found on our Make a Data Protection request webpage.
 

Contacts

Worcestershire County Council

Address: County Hall, Spetchley Road, WORCESTER WR5 2NP.

Telephone: 01905 765765

Online: http://www.worcestershire.gov.uk/contactus

Online enquiry form

If you would like to contact the Data Protection Officer directly, please contact:

Address: Data Protection Officer, Corporate Information Governance Team (CIGT), Worcestershire County Council, County Hall, Spetchley Road, WORCESTER WR5 2NP.

Telephone: 01905 845571 

Email: dataprotection@worcestershire.gov.uk 

How to complain

If you wish to complain about your privacy or rights please contact the service in the first instance.

If you wish to raise the matter directly with the Data Protection Officer, please use the details in the Contact Us section above.

You have the right to complain to the supervisory authority, the Information Commissioner's Office (ICO).  The ICO is an independent body set up to uphold information rights in the UK.  They can also provide advice and guidance and can be contacted:

Online through their website: www.ico.org.uk

Address: Information Commissioner's Office, Wycliffe House, Water Lane, WILMSLOW, Cheshire SK9 5AF.  

Telephone: 0303 123 1113
 

Equalities information

We may use information such as your ethnic background, first language, gender, sexual orientation and age to gather statistics about the population of the area and the take up of our services.  This is to help comply with our legal obligations and to plan the provision of services in the future.  Such analysis will not identify individuals or have impact on entitlement to services and facilities. 

This notice can be made available in a different format i.e. large print, audio or a language other than English. If you would like to know more then please contact us.  
 

Further information

If you require further information about data protection legislation and the GDPR is available on the Information Commissioner's website: www.ico.org.uk.

Was this page useful?