The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (GDPR”, the Data Protection Act 2018, and other legislation relating to personal data and rights such as the Human Rights Act.
Under GDPR, we are required to inform people about how we will use people’s personal data and for what purposes. We do this using privacy notices.
However, there are exceptions to the applicable data protection laws which require us to share personal data wherever necessary to the purposes of safeguarding, law enforcement and prevention of fraud.
Our privacy notice
This corporate privacy notice provides general information about the council’s personal data processing activities overall. As the range of services the council provides is so varied, we have also produced individual privacy notices to explain specifically how your data will be used within each service area. You can find links to these on the left of this page.
The personal data processed by the council in order to perform its official tasks includes:
- names, titles, aliases, photographs
- contact details such as telephone numbers, addresses and email addresses
- gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition and dependants
- social care records for adults and children in our care
- financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers and claim numbers
Consent and GDPR
When you are asked to consent to a data controller’s use of your personal data this implies the controller is relying on “consent” as the legal basis for such use.
Consent may not be used as the legal basis for processing your personal data if:
- you do not have a free choice
- you have not been provided relevant privacy information (what personal data may be used, how, and why)
- refusing consent may have a negative impact on you (this is the case where consent is a condition of receiving the service you want)
- there is an imbalance of power between the person and the organisation requesting the consent. This is likely when the organisation is a public authority
- GDPR provides a more appropriate basis for processing (such as for processing by public authorities in the exercise of their tasks)
The council does not generally request consent for using your personal data as, in accordance with the rules above, it is not a valid legal basis for processing involved in carrying out our official functions and tasks.
We will, however, request your consent for us to provide the actual support service we are offering you. This choice should also be informed by relevant privacy information. Therefore, we will always tell you about how and why we will use your information to provide the service before you decide whether you agree to receive it.