Basildon Council's Main Overarching Data Privacy Notice

Please read the following Privacy Notice carefully.

The purpose of the Council's Main Overarching Data Privacy Notice is to explain how and for what purposes we process your personal data. It applies to personal data that is processed electronically and on paper.

Who we are

We are Basildon Borough Council and our head office address is:

Data privacy key terms...

Personal data

'Personal data' means any information relating to a living person or 'data subject' that can be used to directly or indirectly identify the person. This can include information that when put together with other information can then identify a person.

For example, this could be:

• Identity information (e.g. name, address, telephone number, credit card number)
• Health and genetic records and biometric data
• Racial and ethical data
• Data on political opinions
• Data on sexual orientation
• Web data (e.g. location data, IP address, cookies).

Processing

'Processing' means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means.

Why we process your personal data

We collect and process personal data about you in order to:

• Deliver support services
• Manage the services we provide
• Train and manage the employment of our  staff who deliver those services
• Help investigate any enquiries or complaints you make about our services
• Keep track of spending on services
• Check the quality of services
• For research and planning of new services.

How the law allows us to use your personal data

There are a number of legal reasons why we need to collect and use your personal data. Generally we collect and use personal information where:

• You, or your legal representative, have given consent
• You have entered into a contract with us
• It is necessary to perform our statutory duties
• It is necessary to protect someone in an emergency
• It is required by law
• It is necessary for employment purposes
• You have made your information publicly available
• It is necessary for legal cases
• It is to the benefit of society as a whole
• It is necessary to protect public health
• It is necessary for archiving, research, or statistical purposes.

If we have obtained your consent to use your personal data, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact our Data Protection Officer (DPO) explaining which service you are using so we can deal with your request.

Our DPO can be contacted by...

• Email: Data Protection Officer (opens new window)
• Phone: 01268 533333
• Letter to:

Your rights

You have the following rights in respect of your personal data:

• The right to access the personal data we are holding about you
• The right to have your personal data rectified where it is inaccurate or incomplete
• The right to have your personal data erased in certain circumstances, for example where the personal data  is no longer necessary in relation to the purposes for which we have collected them as set out above
• The right to obtain restriction of processing in certain circumstances, for example where you have contested the accuracy of the personal data, for the period enabling us to verify the accuracy of the personal data
• The right to lodge a complaint to the Information Commissioners Office (ICO) that acts as the UK regulator
• The right to object to processing
• The right to data portability, i.e. to receive your personal data in a structured, commonly used machine readable format, and to have that personal data transmitted directly to another data controller
• The right to withdraw your consent, at any time, for the processing of your personal data.

When we receive a request from you in writing, (which is called a Subject Access Request) we must give you access to all the personal data we hold about you.

However, we cannot let you see any parts of your record which contain:

• Confidential information about other people
• Data we believe will cause serious harm to you or someone else's physical or mental wellbeing
• Data we believe would enable you to stop us from preventing or detecting a crime.

Where your personal data has been shared with other individuals or organisations, we will do what we can to make sure that those parties also comply with data privacy laws.

Retention of your personal data

We will retain your personal data for as long as necessary for the purposes already set out above, or for as long as it is required by law.

Please note that we cannot delete your information where:

• We are required to retain it by law
• It is used for freedom of expression
• It is in the public interest or processed for public health purposes
• It is needed for scientific or historical research, or statistical purposes
• It is necessary for ongoing legal claims

If you cannot ask for your records in writing, you can submit a query about access to your personal data by contacting our Data Protection Officer (DPO) by:

• Email: Data Protection Officer (opens new window)
• Phone: 01268 533333
• Letter to:

Sharing your personal data

For each of the purposes set out above, we are relying on your explicit consent, and may share your details with other third party individuals or organisations such as fraud prevention agencies, the police, hospitals, the fire brigade, courts etc.

We also use a range of organisations to either store personal data or help deliver our services to you. Where we have these arrangements, there is always an agreement in place to make sure that the external organisation complies with data protection law. We will complete a Privacy Impact Assessment (PIA) before we share personal data to make sure we protect your privacy and to comply with the law.

Protecting your personal data

We do all that we can to make sure we hold your personal data in a secure way, and we only share personal data with those who have a right to see it. Examples of our security measures include:

• Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what's called a 'cypher'. The hidden information is said to then be 'encrypted'
• Pseudonymisation, meaning that we'll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours
• Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
• Training for our staff allows us to make them aware of how to handle information and how and when to report incidents when something goes wrong
• Regular testing of our technology and ways of working; including keeping up to date on the latest security updates (commonly called patches).

Storage of your personal data

The majority of personal data processed by us is stored on information systems in the United Kingdom (UK). There are some occasions where your information may leave the UK either in order to be transferred to another organisation or if it's stored in a system outside of the European Union (EU).  We have additional protection measures in place if your data leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with any overseas third party.

We will take all practical steps to ensure that your personal data is not sent to a country that is not seen as 'safe' either by the UK or EU Governments.  If we need to send your information to an 'unsafe' location we will always seek advice from the Information Commissioner's Office (ICO) first.

Help and advice

If you have any enquiries or concerns about how your personal information is handled please contact our Data Protection Officer by:

• Email: Data Protection Officer (opens new window)
• Phone: 01268 533333
• Letter to:

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) by:

• Email: casework@ico.org.uk (opens new window)
• Phone: 0303 123 1113 (local rate) or 01625 545 745
• Letter to:

Further independent advice about data protection, privacy and data sharing issues is available from the Information Commissioner's Office, see:

• Information Commissioner's Office (ICO) (opens new window).

For departmental Data Privacy Notices see Privacy Notices.