Covid-19- Privacy information relating to how the council will deal with your data during the current coronavirus crisis
This privacy notice is an addendum to our overarching Privacy Notice (below) and explains how Corby Borough Council (as a Data Controller) will collect, use and protect personal data specifically with regard to the Covid-19 (coronavirus) Pandemic.
The council already holds data regarding residents, employees and stakeholders. You may have provided this information for a specific reason. Normally, the council would seek to inform you that the data provided would be used for a different purpose. Due to the rapidly emerging situation regarding the current pandemic this will not always be possible. If we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health England, (opens in new window) we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council.
The Information Commissioners Office has published its own FAQs on data handling during the pandemic.
We may in this current crisis need to ask you for personal information including sensitive personal information for example your age or if you have any underlying illnesses or are vulnerable, that you have not already supplied. This is so the council can assist and prioritise its services.
Your personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. Some of your personal data is classed as 'special category data' because it is the information that is considered to be more sensitive and therefore requires more protection. This includes your medical data.
Legal basis for processing your personal data
How we are processing your personal data will determine the legal basis for processing. The legal bases for processing by the council as a public authority will be:
1. Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR)
2. Where it is necessary for the reasons of substantial public interest Article 9(2)(g)
3. Where it is in the interest of public health Article 9(2)(i)
Sharing your personal data
In this current pandemic we may share your information with other public authorities, emergency services, and other stakeholders as necessary and where it is proportionate to do so.
For people who contact us requesting assistance, we will ask you to share some personal data with us such as details of your circumstance, needs and requirements so we can assess how we can help you, and where to signpost or refer you for help during the crisis. Where you have asked for help we will assess what help we can provide and will share your information with council teams and voluntary and community agencies to deliver support. Most of this sharing will be done under our powers and duties as a local council and not require consent. Where we need your consent we will ask for it and you will have the option of saying no. Where the information you give us suggests there is an immediate risk to your or someone else’s life or safety, or there is a safeguarding issue the council will share this data with appropriate agencies so urgent care and interventions can be made, and consent is not required for this. If we contacted you previously to check if you needed any help during the crisis you would have been asked if you gave consent for us to contact you about non statutory support. If you consented to this we may be in touch to ask for your feedback on the service you received. This is to help us review of the effectiveness of our support. Your response will be anonymised which means we would take all personal data out so you could not be identified. This anonymised feedback may be shared with third parties who are helping us with our reviews, but no personal details within your responses will be shared with any third parties assisting us.
The council is working with the central government department DEFRA to provide a scheme whereby self-isolating people (who are not ‘shielded’) who have no support network and who are unable to access food deliveries can ask for their data to be shared with DEFRA for onward sharing with supermarkets to offer delivery slots for home delivery of food. All information shared with DEFRA will be at the person’s request and the system used by DEFRA will be secure. Please see their privacy information here (opens in new window).
Test & Trace Self-Isolation Support Payment Processing
The Self-Isolation Support Payment scheme provides a £500 benefit payment to individuals who are required to self-isolate under the Health Protection (Coronavirus, Restrictions) (Self-Isolation) (England) Regulations 2020, where those individuals meet the eligibility criteria for a support payment.
The resident applies to the council for a support payment, and must provide evidence of their entitlement to the benefit. This is personal and special category data. This application will generally be online, although provision is being made for telephone applications to be made.
The council can access DWP information on benefit status, and NHS data on whether an individual has tested positive and been required to isolate, to check eligibility criteria. The council will share data with HMRC and DWP on operation of the scheme. Sections 6 and 7 of the Test and Trace Support Payment Scheme: Implementation Guide for Local Authorities in England (Version 0.3 pub 7 Oct) describes the process for the eligibility checks and data sharing with PHE and DWP. Section 9 describes the data that the council will provide back to PHE on the outcome of the application. In some cases where fraud is suspected, the council will need to make fraud referrals to DWP.
Council’s lawful basis
The support payment can be considered a public task for local authorities stemming from the Housing Benefit Regulations 2006, Test & Trace Support Payment Scheme falls under the definition of ‘local welfare provision’ as well as a broader public interest in both supporting individuals on low incomes, and supporting self-isolation to reduce the spread of COVID-19. The lawful basis for our processing of benefits claim is therefore
Article 6(1) (e) public task, Article 9(2)(i) public health and Article 9(2)(g) substantial public interest
Where the council is required to provide information to DWP and HMRC, (for example as described in Appendix 2 of the Test and Trace Support Payment Scheme) this is separate processing. There is a lawful basis under normal benefit legislation (eg Housing Benefits Regulations 2000) as well as a broader public task to ensure public money is paid only to those eligible. The lawful basis for sharing data with DWP and HMRC therefore would be Article 6(1) (e) public task and Article 9(2)(g) substantial public interest.
In terms of sharing with DWP in terms of fraud, the councils has a lawful basis to share information regarding fraud under the Article 6(1) (e) public task and Article 9(2)(g) substantial public interest basis.
All sharing will be undertaken by secure means, will only be used for Covid-19 response purposes, and will only be accessed by those with a need to know to help deliver a response to the crisis.
The data protection principles will be met and security of the data is paramount.
Where possible we will anonymise this data so that you cannot be identified.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. At this stage it is not known how long data relating to the management of the pandemic will be retained. We will ensure that we follow any published guidance in this respect as it becomes available.
Where we do not need to continue to process your personal data, it will be securely destroyed.
Please visit the Information Commissioner's website (opens in new window) for further information about data protection and coronavirus
As a Local Authority, Corby Borough Council processes a considerable amount of information, including personal data about the citizens it serves, to allow it to provide services effectively. The Council recognises that this information is important to their citizens and that it has a responsibility to these citizens regarding the information it holds about them. As such, it takes seriously its responsibilities to ensure that any personal information it collects and uses is done so proportionately, correctly and safely and is committed to protecting the privacy and security of those individuals.
This notice explains what we do with any information that you provide us with, or is gathered automatically, to ensure you remain informed and in control of your information (which within the legislation is referred to as “personal data”).
The personal data you supply to Corby Borough Council will be processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Data Protection Act 2018.
Your data will only be used for the specified purpose for which you have given it or for purposes that are compatible with that purpose. Any personal data you have given us will not be passed to third parties for commercial purposes. This notice is for guidance only and does not form a contract.
Information/personal data will be shared among officers, councilors and other partner agencies where the law allows or requires it, to help improve the service you receive and to develop other services. We may also be legally required to share your personal data with law enforcement bodies such as the Police, government authorities and other organisations, for the prevention and detection of crime. If you do not wish certain information about you to be exchanged within the Council, you can request that this does not happen, although this may affect the ability of the Council to provide some services to you and would not be possible for information which we must legally process.
Any questions you have in relation to this policy or how we use your personal data should be sent to email@example.com or addressed to The Data Protection Officer, Corby Borough Council, The Cube, Parklands Gateway, George Street, Corby, Northants, NN17 1QG. A copy of the privacy notice can be found in The One Stop Shop, The Cube, George Street, Corby, within our leisure facilities, online at www.corby.gov.uk or by telephoning Customer services on 01536 46400 and a copy can be posted out to you.
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Corby Borough Council (data controller number Z5560361) and Electoral Registration Officer Corby Borough Council (data controller number) ZA270853. For the purposes of data protection law, Corby Borough Council will be the data controller.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
As a local authority, the council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.
If you use a specific council service, we will usually let you know how that service will use your personal information via a separate privacy notice.
The EU General Data Protection Regulation requires us as data controllers to comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
Information from third parties
We sometimes receive personal data about individuals from third parties. For example, if we are partnering with another organisation (e.g. you provide your information to the Department of Work and Pensions or other government authorities).
We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
Sensitive personal data
We collect and store special categories of personal data (such as information relating to health) about some of our customers. We are required to take extra care to ensure your privacy rights are protected for these special categories.
Accidents or incidents
If an accident or incident occurs on our property, then we’ll keep a record of this(which may include personal data and special category data).
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
Corby Borough Council will use your personal data for the purpose or purposes it was collected for (or for closely related purposes):, and at all times within the rules set out in the Data Protection Legislation. .
This means that we will process personal data for the following purposes:
- Personal information relating to identified natural persons used to deliver services such as:
- Adult and children's social care, human resources, special educational needs, planning applications, access to information requests, legal claims, school appeals, library cards, blue badges, customer services, highways claims and complaints, pensions, children's services, parking services, care homes, early years, youth offending, trading standards and more.
- Sensitive information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life where processing is necessary for reasons of substantial public interest to safeguard the fundamental rights of the data subject.
- Health and wellbeing information. All local authorities have a duty to improve the health of the population they serve. To help with this, we use information from a range of source data, including data collected at the registration of a birth or death to understand more about the health and care needs in the area.
- Research and statistical data to provide intelligence including demographic data, population projections, the economic situation, health and wellbeing information. This personal information is often pseudonymised when an identifier such as name is replaced with a unique number.
- Where otherwise permitted under the Data Protection Legislation.
5. DISCLOSING AND SHARING DATA
Information will be shared among officers, councilors and other partner agencies where the law allows or requires it, to help improve the service you receive and to develop other services. We may also be legally required to share your personal data with law enforcement bodies such as the Police, government authorities and other organisations, for the prevention and detection of crime or fraud. If you do not wish certain information about you to be exchanged within the Council, you can request that this does not happen, although this may affect the ability of the Council to provide some services to you such as:
- District Councils
- Fire Service
- Voluntary organisations
We will also need to supply your information to organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
We will not send your information to marketing agencies.
Before sharing information the council will ensure that:
- Privacy Notices are completed if appropriate.
- Technical security such as encryption and access controls are in place to keep information secure.
- Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
- Privacy Impact Assessments are completed to assess any risks or potential negative effects.
- Common retention periods and deletion arrangements are set for the information.
- Subject access rights are catered for.
For more details relating to information kept by the following Service Areas, please click on the link below:-
- CB Property Services
- Chief Executive’s Office
- Corporate Services
- Culture & Leisure
- Democratic Services
- Housing & Neighbourhood Services
- Human Resources
- Planning & Environmental Services
From 01.04.2018, Corby Borough Council will ask its customers to “opt-in” for marketing communications. This is due to a change to the rules which govern how we can communicate with you and a new regulation on personal data (the General Data Protection Regulation), which came into force in May 2018. Therefore we are introducing a new approach that relies on you giving us your consent about how we can contact you. This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (email, phone, or post).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact to firstname.lastname@example.org or addressed to The Data Protection Officer, Corby Borough Council, The Cube, Parklands Gateway, George Street, Corby, Northants, NN17 1QG.
Newsletters and magazines
Council newsletters, magazines, and waste collection information, are provided as a benefit to our customers. We send these out to all our tenants and registered addresses within the Borough.
7. YOUNG PEOPLE
Parental permission: If your child is under 18 then we’ll need permission from you as their parent or guardian for them to enter one of our competitions or to share a picture, photo or story with us.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in one of our magazines, we’ll need you to confirm you’re happy for us to do so.
8. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a credit card to we will pass your credit card details securely to our payment provider. Other payment methods are handled in a similar manner. Corby Borough Council complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Corby Borough Council. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
Corby Borough Council complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
Where we store information
Corby Borough Council stores our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if your data is adequately protected.
How long we store information
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion. Once your information is no longer needed it will be securely and confidentially destroyed.
10. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights under the Data Protection Legislation , which are as follows:
- The right to be informed via Privacy Notices such as this.
- The right of access to any personal information the council holds about you. To request a copy of this information you must make a subject access request in writing, either via a letter to Data Protection Officer, Corby Borough Council, The Cube, Parklands Gateway, George Street, Corby, Northants, NN17 1QG, or via email to: email@example.com .
- To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.
- From 25th May 2018 the Council will not be charging for making a subject access request. You are entitled to receive a copy of your personal data within 30 calendar days of our receipt of your subject access request.
- The right of rectification, we must correct inaccurate or incomplete data within one month.
- The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
- The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
- The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
- The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
- You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
Please keep in mind that there are exceptions to the rights above and, though we will always respond to your request to exercise your rights, there may be situations where we are unable to do what you have asked. If this is the case we will explain why.
If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer at Corby Borough Council, or email firstname.lastname@example.org.
We can provide you with a template subject access form which includes guidance on how to make your request (and will help us respond more quickly). Please contact us for a copy of this.
Access to Council Official information
In addition to your personal data under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 you have a right to request any recorded official information held by the council. The information you require may already be publicly available. The council has a duty to make official recorded information available via a publication scheme. Before you submit a request please check the publication scheme.
If you need to make a request, it must be done in writing. You can:
- Submit a request online at www.corby.gov.uk
- Email: email@example.com
- Write to: Freedom of Information Officer, Corby Borough Council, The Cube, Parklands Gateway, George Street, Corby, Northants, NN17 1QG
You do not need to say why you want the information. Your request must include your name, and an address for correspondence (if you apply by email, your email address is a suitable address for correspondence). Please ensure you identify the information you want as clearly as possible.
With certain limited exceptions, you are entitled to a response within 20 working days.
It costs nothing to make a freedom of information request. However, the council can refuse to deal with your request if doing so would cost more than £450 (which equates to 18 hours' work). In extreme circumstances, the council may also charge for the cost of photocopying and postage.
You may not get the information you asked for:
- If the council does not hold the information you have requested
- If the information is exempt from disclosure
- if finding the information you have requested would take longer than 18 hours
If we are unable to supply any of the information you have requested, we will tell you the reasons why. For more details please refer to the Information Commissioner's Office website, this can be found at www.ico.org.uk.
You can complain to Corby Borough Council directly by contacting our data protection officer using the details set out above. If wish to make a complaint which does not directly relate to your data protection and privacy rights, you can do so in accordance with Corby Borough Councils complaint policy.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
Web statistics about your visit to our site are collected automatically. This information is used to help us follow browsing preferences so that we can regularly improve our website. These statistics do not contain personal data.
If your experience would be improved by our website knowing your location, we will ask permission to obtain your current location from your device. This can include coordinates, direction of travel and the time the data was recorded. This location data is not tracked and is used in providing specific service requests.
E-mails / forms
In some areas of the Council website, we may ask you to register your name and e-mail address. We may also collect personal data from you if you complete any forms or if you contact us with comments or specific requests. The personal data collected will only be used for the specified purpose(s), stated on the form. E-mails to councillors are confidential between yourself and your councillor.
If you are using a public computer and do not wish others to be able to go back to view the details you have typed into a form on the web it is advisable to clear the contents of the form and your cache (temporary internet files) before leaving the computer
11. COOKIES AND LINKS TO OTHER SITES
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality.
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the 'Contact us' link at the top of the page).
Although we make reasonable efforts to keep the information on this website up-to-date and accurate, we make no representations, warranties or guarantees whether express or implied that the content on our site is accurate, complete or up-to-date. Corby Borough Council, its employees or agents will not be held responsible for any loss, damage or inconvenience caused as a result of reliance on such information.