Privacy and security

Personal information can be anything that identifies and relates to a living person. This can also include separate pieces of information that when put together can then identify a person. The information we collect will depend on the service we are delivering to you but may include:

• personal details (such as name, title, contact information, social media profiles)
• details of your family members, representatives, care workers or doctor)
• lifestyle and social circumstances
• interests and preferences such as campaigns you support or how you wish to be contacted
• goods and services offered
• financial information such as bank details if you are making a payment to or receiving payment from us
• employment and education detail and need
• housing details and needs
• visual images, personal appearance, and behaviour
• licenses or permits held
• student and pupil records
• case file information
• your correspondence with us or visits to our website

Some personal information is classed as ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:

• physical or mental health details
• genetic or biometric data
• religious or philosophical beliefs
• sexuality and sexual health
• racial or ethnic origin
• trade union membership
• political opinions
• criminal offences, proceedings, outcomes, and sentences

There are a variety of reasons where we collect and use personal information, some of which are to:

• deliver services and support
• manage the services and support we provide
• notify you about changes to our services
• train and manage the employment of our workers
• help investigate any worries or complaints
• keep track of spending on services
• check the quality of services
• to help with research and planning of new services
• We will only collect and use personal information if we need it to deliver a service or meet a requirement. If we don’t need the information, we won’t ask for it. For example, in a survey we may not need your name and contact details, so we’ll only collect anonymised responses.

We process personal information in accordance with one or more of the lawful bases under Article 6 of the GDPR and Article 9 if we are processing special category data.

Some of the services we provide are required to be done so by law, or we have a public duty to deliver them. This may dictate the lawful basis that we rely on to process the personal data. Each service privacy notice will provide the lawful basis relied upon when processing personal data; for personal data these are:

• Where you, or your legal representative, have given consent for us to process your data for a specific purpose
• Where you have entered into a contract with us or we need to take certain steps before entering into a contract
• Where necessary for us to perform our legal and statutory duties, comply with the law or process a request from a statutory agency
• To protect your vital interests in an emergency
• To perform or carry out tasks in the public interest, for our official functions or in the exercising of the official authority vested in us
• Where necessary to fulfil our legitimate interests or those of a third-party unless the protection of your data overrides those legitimate interests.

We may sometimes need to process special category data; in which case we will rely on one or more of the following lawful bases:

• With explicit consent
• Where necessary for employment, social security, and social protection
• Where necessary for vital interests of an individual
• As an activity of a not-for-profit body
• Where the information has been made public by the individual themselves
• For establishing, exercising, or defending a legal claim or judicial act
• For reasons of substantial public interest
• Where necessary to provide health or social care
• Where necessary for reasons of public interest in the area of public health
• For archiving, research, and statistical purposes

We collect personal data that you provide to us and we only ever collect what we need, with a lawful basis to do so, to enable us to carry out our statutory purposes and services that we provide to you. We may collect your information in any of the following ways:

• You contact us with an enquiry or other correspondence via a paper form, web form, face to face meeting, by telephone, email, or letter.
• You apply for a job with us, become an employee, provide your services via an agency, or provide us with a consultancy service.
• Via someone you know if they are concerned about you, or if you have given them permission to represent you.
• You enter into a contract with us to enable us to deliver a service or provide support to you.
• You register through our Helplines for alarm systems and response services
• You take part in a survey provided by us.
• You register or subscribe to a newsletter or publication.
• Via use of Cookies (please refer to the Cookies section)
• On CCTV (please refer to the CCTV section).

Privacy notices are provided for each service area which explain the specific reasons for collecting and processing data for those services.

As a customer your personal information may be stored on several different internal systems throughout the organisation based on the service you are requesting.

We will anonymise information used for research and analysis unless you’ve agreed that your personal information can be used for that research.

We may on occasion receive personal data from third parties or other external organisations in relation to provision of our statutory duties, service provided or to meet a legal obligation. If we obtain your information from another organisation or third-party, we will tell you as soon as is reasonably possible.

The Council does not sell or allow public access to your data other than in the circumstances provided for in law, for example the provision of Electoral Registration information.

We will share your information with employees within the Council who need it to provide you with the service(s) you need.

In some circumstances we have an obligation to work with and share personal information with an external partner organisation or other third-parties so that we can effectively deliver our services to you. This may include but is not limited to:

• other Councils,
• the NHS,
• schools,
• pension providers,
• the Police,
• emergency services,
• utility services,
• support agencies

We may also contract an external organisation to deliver services on our behalf and it will then become necessary to share information with them so they can provide those services; this may include Housing Maintenance and Repair contractors, Housing Associations or Helplines.

Where we have these arrangements there is either a Data Sharing Agreement in place or a contract clause to make sure that both we and the other organisation comply with data protection law. We will always advise you whenever we need to share your information at the time of collection.

We may also share your personal information where we have a legal duty to do so, or where there is a valid reason to do so that overrides the protection of your privacy. Some examples of this might be to:

• ensure your physical safety or if we feel we need to take action to protect you from harm
• ensure you receive the correct medical treatment in the event of an emergency or life or death situation
• verify your identity
• find and stop crime and fraud
• protect a child
• protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
• prevent serious risks to the public, our staff or to other professionals
• legally provide data to a court as defence or evidence

In these cases, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so.

Under Schedule 2 of the Data Protection Act 2018, we as a local authority are able to disclose information to the Police and other agencies for specified purposes where it is required for:

• The prevention or detection of crime
• The apprehension or prosecution of offenders
• The assessment or collection of tax, duty, or imposition of a similar nature.

Or where

• disclosure of the data is required by an enactment, a rule of law or an order of a court or tribunal
• it`s necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising, or defending legal rights.

On receipt of such a request, disclosure is not automatically given; we assess requests on a case by case basis considering the reason for the request and whether disclosure is both proportionate and necessary to the purpose.

We’ll do what we can to make sure the personal information we hold (on paper and electronically) is safe and secure, and we’ll only make them available to those who have a right to see them.

The majority of personal information we store is held within the UK. Some 3rd party services we use store data within the European Economic Area (EEA), but no personal data we are responsible for is stored outside of the EEA.

Personal information is retained in line with our corporate retention schedule; more details for each service is provided in their privacy notices.

We have a corporate Retention Schedule in place which defines how we manage and retain our physical and digital records and information. There is often a legal reason for keeping personal information for a set period of time which ranges from months to decades depending on the type of record or information it contains.

Where there is no legal reason for retaining personal information for a set period of time, in line with the UK GDPR we will not keep the information any longer than is necessary for the purpose it was collected for.

We need to collect personal data for a variety of reasons, for example when we assess your needs or provide you with services. We will always advise you of this in a fair, lawful, and transparent way, normally via a written or verbal Privacy Notice. This will include what information we are collecting, a description of the purposes for its collection and the recipients we may need to disclose the data to.

You have the right to ask us for a copy of the information we hold on you (this is known as a Data Subject Access Request). You may also nominate a representative to request your personal information on your behalf, although we will need your permission to do so.

All Data Subject Access Requests must be submitted with two forms of identification so that we can validate your identity; this needs to show at the very least your name, date of birth and current address.

When we receive a request from you, we will endeavour to provide you with everything we’ve recorded about you. This applies to personal information that is in both our paper and electronic records. It will help us greatly to deal with your request within the given timeframes if you are able to provide information to us that may identify where your information might be located, for example what you are specifically looking for or teams/staff you may have had dealings with. Please note there will be a significant delay to your request if you ask for ‘all information about me held by the Council’ as this will take a long time to process.

When processing your request, there may be parts of your records that we cannot disclose or let you see, such as:

• confidential information about other people
• sensitive information that may cause serious harm to your, or someone else’s, physical or mental wellbeing
• if we think that giving you the information may stop us from preventing or detecting a crime

To request copies of the information we hold about you please email us at enquiries@somersetwestandtaunton.gov.uk

You should let us know if you disagree with the accuracy of information we hold regarding you.

We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

In some circumstances you can ask for your personal information to be deleted, for example:

• where your personal information is no longer needed for the reason why it was collected in the first place
• where you have removed your consent for us to use your information (and where there is no other legal reason us to use it)
• where there is no legal reason for the use of your information
• where deleting the information is a legal requirement

Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.

Please note that we can’t delete your information where:

• we’re required to hold it by law
• it is used for freedom of expression
• it is used for public health purposes
• it is for, scientific or historical research, or statistical purposes where it would make information unusable
• it is necessary for legal claims

We will record your consent where you signed a form or ticked a box indicating that you give your explicit consent to:

• the processing of your information
• the sharing of your information with partner organisations

We will also pass this information to partner organisations involved so that we can supply you with those services.

You have the right at any time to withdraw your consent to that information processing and sharing by contacting us. We will then stop the processing of your information and inform the other organisations involved, who will remove you from their systems and databases.

Please be aware that in withdrawing consent from the processing of your personal information you may prevent us delivering the services you have been receiving, related to that consent.

You have the right to ask us to restrict the processing of your information in certain circumstances, for example where:

• you have identified inaccurate information, and have told us of it
• where we have no legal reason to use that information, but you want us to restrict what we use it for rather than erase the information altogether

When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of the UK.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.

You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.

Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.

You have the right to object to the processing of your personal data in certain circumstances and ask us to stop. We will investigate whether we can comply with your request as, in many cases, should we stop the processing, we will no longer be able to provide you with services you have requested. Please consider this request very seriously before you ask us to stop processing your personal information.

In some cases, we are obliged by law to retain and process your information. If we are therefore unable to comply, we will formally refuse your request with an explanation of why. We will continue to process your information and will add a comment to your file noting your request.

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

However, this only applies if we’re using your personal information with your consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.

It’s likely that data portability won’t apply to most of the services you receive from the Council.

You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.

You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.

If and when Somerset West and Taunton Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions. You also have the right to object if you are being ‘profiled’.

If you have concerns regarding automated decision making or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we are using your information.

To request copies of the information we hold about you (Data Subject Access Request) please email us at enquiries@somersetwestandtaunton.gov.uk

If you have any worries or questions about how your personal information is handled, you can contact our Data Protection Officer:

• email: dataprotection@somersetwestandtaunton.gov.uk
• telephone: 0300 304 8000

by post at:

The Data Protection Officer
Somerset West & Taunton Council
The Deane House
Belvedere Road
Taunton
Somerset
TA1 1HE

For independent advice about data protection, privacy, and data sharing issues, or to complain about how we use your data, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Alternatively, visit the Information Commissioner's Office website or by email casework@ico.org.uk.

To make this website easier to use, we sometimes place small text files on your device (for example your iPad or laptop) called cookies. Most big websites do this too. The cookies:

• remember the things you’ve chosen while on our website, so you don’t have to keep re-entering them whenever you visit a new page
• remember data you’ve given (for example, your address) so you don’t need to keep entering it
• measure how you use the website so we can make sure it meets your needs

By using our website, you agree that we can place these types of cookies on your device.

We don’t use cookies on this website that collect information about what other websites you visit (often referred to as privacy intrusive cookies).

Our cookies aren’t used to identify you personally. They’re just here to make the website work better for you. You can manage and/or delete these files as you wish.

To learn more about cookies and how to manage them, visit About cookies website.

You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of this website.

There is more information about how to delete or stop using cookies on About Cookies website. You can also opt out of being tracked by Google Analytics.

We use Google Analytics to collect information about how people use this website. We do this to make sure it’s meeting people’s needs and to understand how we can make the website work better.

Google Analytics stores information about what pages on this website you visit, how long you are on the site, how you got here and what you click on while you are here.

We do not collect or store any other personal information (eg your name or address) so this data cannot be used to identify who you are.

We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.

Unless the law allows us to, we do not:

• share any of the data we collect about you with others
• use this data to identify individuals

If you email us we may keep a record of your contact and your email address and the email if we have a lawful reason to do so.

We operate a CCTV system extending across Taunton and Wellington town centres and many Taunton car parks. There are cameras centrally controlled and monitored by Sedgemoor District Council. Active monitoring takes place 24 hours a day, 7 days a week.

The cameras cover the main streets in Taunton town Centre from Station Road to the bottom of East Reach, with High Street and Corporation Street. We also cover many of the car parks. There are several cameras in North and East Taunton. The CCTV operators work closely with Police and businesses. If you have been involved in an incident and would like to see CCTV footage, please contact the CCTV Manager at Sedgemoor District Council on telephone 0845 408 2540 or email cctv@sedgemoor.gov.uk. You can also access more information from Closed Circuit Television (CCTV) website.

Two public space CCTV systems are in operation in Minehead and Watchet. The service is provided by a partnership between Minehead Town Council, Watchet Town Council, this council and Avon and Somerset Constabulary.

We also operate CCTV for security purposes in the public areas of a number of our offices.

We are committed to the highest standards of quality of information. Our web content is managed with an agreed Web Governance policy and associated protocols across the Council.