Privacy Notice

How and Deane Borough Council use your information

This notice explains how and why we may use your data at Borough Council (TDBC) and Somerset County Council (SCC) and how and why we share it with our partner organisations.

For the purposes of the contact database, SCC and TDBC are joint data controllers under an information sharing agreement. This means we can share customer contact data but not the data you provide to back-office services in each organisation.

Both councils are registered Data Controllers under the 1998 Data Protection Act, and your personal information will be retained, stored and processed in accordance with the Act. We are committed to compliance with UK law, including Data Protection legislation, as well as to your rights to confidentiality and respect for privacy.

We believe keeping your personal information accurate and secure is a vital part of providing efficient services to you. We work closely with other council and community organisations and often need to share contact information with them to deliver your services.

However, we will not give your information to these organisations, unless we are certain that equal measures are in place to protect the information from any unauthorised access.

From time to time we may contact you (with your consent) to take part in postal or telephone surveys so that the councils can: • Offer other services • Monitor performance • Improve quality and plan for future services

We will never pass your information to organisations outside to the councils for marketing or sales purposes, without your prior consent.

What is Personal Data? Personal Data is information that relates to a living individual who can be identified either: • From the information, or • From the information combined with any other information which is already in the possession of, or could come into the possession of, the person or organisation holding information (for example, from credit reference agencies)

1 The information includes any expression of opinion about the individual, and any indication of the intentions of the Data Controller or any other person in respect of the individual.

Personal data in the new database will therefore cover basic details such as name, address, date of birth and phone numbers.

What is Sensitive Personal Data? Certain data is also categorised as ’Sensitive Personal Data’, for example: • Racial or ethnic origin • Physical or mental health or condition • Offences (including alleged offences)

Sometimes we will need your consent to process this type of data. Usually we will ask for your consent when you make an application for council services. The law says that we should seek the explicit opt-in before using your Sensitive Personal Information, unless there are other statutory reasons (such as crime prevention and detection) where we could use your data without your consent.

How we use your personal information We will process (that means collect, store, transfer and use) the information you provide in accordance with the Data Protection Act.

We aim to keep your information accurate and up to date, and also not keep it for longer than is necessary.

Our aim is not to be intrusive, and we try not to ask irrelevant or unnecessary questions. The information you provide is protected by various security measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t have access to it.

We will use information about you for the provision of services, for example for the following: • TDBC – All law enforcement, regulation and licensing, criminal prosecutions and court proceedings which we are obliged to undertake • SCC – Enforcing functions like Trading Standards and related functions, social care inspections, highways functions • All uses of information relating to situations where you owe us money, or where we are paying you money, or you are claiming grants, housing or council tax benefits. Where money is owed due or outstanding, we reserve the right to use all the available information at our disposal to protect public funds • Where you have agreed, for the purpose of consulting, informing and gauging your opinion, about our products and services • To make sure we meet our statutory obligations (those that the law requires us to do), including those related to diversity and equal opportunity

When we delete your personal information In some instances the law sets the length of time information has to be kept. Where it doesn’t we will not keep records outside of our normal business requirements, in accordance with our published records management policy and schedules.

2

Why do we want to jointly collect, share and retain Personal Data in a database? We need to do this because: • The benefit of this is that once an enquiry is made with either council about a service and details are provided such as name, address and phone number, it will help to identify you in future if you need to contact us again • It will help to reduce the number of times we have to ask for your details when you use different services • It allows us to provide a better service to you and co-ordinate what we can do for you. In time, we aim to have one record containing your basic details, and information about your transactions with the councils. The database is not meant to detail the services you have received – but to make sure we’re not asking you to repeat basic information all the time across both our organisations. Knowing the type of services you have used will also help us to tailor our services to meet your needs, and make sure that your requests are being dealt with, and not lost in ‘the system’ • It helps us to build up a picture of how we are performing when we deliver services to you, allows us to join-up service delivery and make sure that we improve the quality of those services. It also allows us to plan more effectively for future service developments • It helps us make sure that public (Council Tax payers’) money is spent effectively and should reduce the risk of people being paid money they are not entitled to. It also enables us to provide you with efficient and effective services, and should help us to reduce fraud and crime

Sharing information with other partner agencies and contractors We may pass your personal data on to the people who provide services on behalf of the councils. These providers are obliged by agreements or contracts and the law to keep your personal details secure and use them only to provide the service. Once your request has been dealt, with or the case has been closed, they will dispose of the details in accordance with our retention / disposal instructions.

If we wish to pass your sensitive personal data onto a third party, we will only do this with your consent, unless we are legally entitled to do so.

Sharing information with bodies that administer public fund We are required by law to protect the public funds we are responsible for. We may share information provided to us with other public bodies responsible for auditing or administering public funds, to prevent and detect fraud.

From time to time, these organisations undertake data matching exercises which involve comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information that, in some cases, you have supplied.

Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it only indicates that there is an inconsistency which requires more investigation. No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.

3 Somerset Schools and Academies Under the Data Protection Act 1998, every school and academy exists as a Data Controller in its own right.

This means that each year every establishment has a duty to notify the Information Commissioner’s Office, http://www.ico.gov.uk , about all personal data that it is responsible for processing.

For guidance on notification with the ICO see: http://www.ico.gov.uk/for_organisations/data_protection/notification.asPx

Similarly, each school and academy needs to issue its own Privacy Notice to highlight how and why it processes personal data and who this data might be shared with. This can be posted on the School Prospectus, the website and on the school notice board.

Schools will share information with Somerset County Council (SCC) about children, their parents, carers and staff who it provides services for, so that it can carry out specific functions. These include: • To assess any special educational needs • To contribute to statutory obligations with partner agencies, such as safeguarding vulnerable children • To collate statistics to inform decisions on (for example) the funding of Schools (This data is used in such a way that individuals cannot be identified.) • To assess the performance of schools and set targets for them (This data is used in such a way that individuals cannot be identified.)

SCC uses information about school staff for research and statistical purposes and to evaluate and develop education policies and strategies. SCC may also use this data to support and monitor schools about staff sickness and recruitment.

To make sure the electronic system holding the data is functioning properly and to upgrade it, it is necessary for SCC to allow a third party company, Capita One, to have access to this information.

NHS Primary Care Trusts (PCTs) PCTs use information about pupils for the following purposes: • Research and statistics • To monitor the performance of local health services

The statistics are used in such a way that individual pupils cannot be identified from them.

Any other health related student activity, for example inoculations and height/weight checks, will need separate written consent from parents/carers.

Careers South West (formerly known as Connexions) For pupils aged 13 to 19, schools are legally required to pass on certain information to the local careers advisory services.

The school must provide:

4 • The pupil’s name, address, home telephone number and date of birth • The parents’ / carers’ name, home telephone number and address • Other information relevant to the support services’ role

Until pupils are aged 16, their parent(s) can ask that no information apart from the pupil’s name, address and date of birth, and the parents’/carers’ own name and address, is passed to Careers South West.

Once a pupil is aged 16 they are responsible for deciding how much information, apart from the pupil’s name, address and date of birth, is passed to Careers South West and also for notifying the school of their choice.

Unless the school is told about other options, the information as set out above will automatically be passed to Careers South West.

You can find online information, advice and support on a range of issues affecting young people on the Directgov Young People page at: www.direct.gov.uk/en/YoungPeople/index.htm with access to trained helpline advisors, by SMS text message, phone, web chat and email.

For more information held by the Department for Education contact: Department of Education Castle View House East Lane Runcorn Cheshire WA7 2GJ Phone: 0370 000 2288 Web address: http://www.education.gov.uk/help/contactus

Local council contacts To know more about how your information is being processed please contact:

The Information Governance Team Somerset County Council County Hall Taunton TA1 4DY Email: [email protected] Phone: 01823 357194

The Data Protection Officer Taunton Deane Borough Council Deane House Belvedere Road Taunton TA1 1HE Email: [email protected] Phone: 01823 356417

5