e+ card privacy notice
Published: 30 April 2021
Our contact details
Name: Data Protection Officer
Address: Time Square, Market Street, Bracknell, RG12 1JD
Phone Number: 01344 352000
The type of personal information we collect
We currently collect and process the following information:
- personal identifiers, contacts and characteristics (for example, name and contact details)
- postal address
- email address
- date of birth
- landline and mobile number
- photo image
We currently collect and process the following special category data:
- data concerning sex life or orientation
- racial or ethnic origin
- religious or philosophical beliefs
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons.
Your personal data will be used to process your e+ card application and join you to the services you need under your e+ card account. This may include the following, if selected:
- local discounts
- promote your business
- library card
- leisure card
- leisure Saver Scheme
- bus pass
- proof of age card
- rewards for recycling
- organ donor register
- R-bus journeys
- BFC My Choice
Data entry and online validation or provision of proofs enables e+ card applicants access to multiple services through a single enrolment process.
Having a single, central data source for registration and updates means all relevant data are cascaded to all selected services in real time. Applicants can apply online or visit one council site and join more services by simply selecting additional options presented on the screen.
We also receive personal information indirectly, from the following sources in the following scenarios:
- services within the card management system can be added or removed when requested by the cardholder
- cardholders have access to their own accounts and can view the data held and activity in their own account through secure online password access
We use the information that you have given us in order to:
- create a smartcard member’s record and a physical smartcard for use as a personalised token for membership and access to various council services
Equality data is collected at registration and held anonymised to assist service access and monitoring
How the law allows us to use your personal information
Lawful basis for processing
Under the Data Protection Act 2018 General Data Protection Regulation (GDPR), the lawful basis for processing is Article 6 GDPR:
- (a) you have given your consent
- (c) processing is necessary for compliance with legal obligation to which you are subject
Special category data
Special category data is processed under Article 9 GDPR:
- (a) you have given your explicit consent
Where we use consent to process your personal data, we will explain to you what we are asking you to agree to and why.
If we have consent to use your personal data, you have the right to remove it at any time.
If you want to remove your consent, please email firstname.lastname@example.org and we will deal with your request.
If you remove your consent we are unlikely to be able to provide continued services to you.
‘Legal obligation' for concessionary travel is stated in:
- the Cabinet Office guidance relating to the National Fraud Initiative to provide concessionary travel bus pass rights - National Fraud Initiative 2020/21
- Section 9, Concessionary Bus Travel Act 2007 as approved by parliament in March 2010
Performance of a contract
‘Performance of a contract’ when providing leisure services with our external provider Everyone Active.
Who we share your information with
We may share this information with:
- NHS Blood and Transplant - data is shared with the Organ Donor Register when e+ applicants actively request this
- Everyone Active - staff contracted by the council to enrol and manage records - data fields and photos are required to create and update leisure member records
- Suez - staff contracted by the council to manage the rewards scheme - data is required to manage the recycling initiative
We will need to share your personal data with third parties to deliver our services. You can ask us for more information on our third-party service providers.
We will not sell your personal data to any party.
Third parties with e+ include the following (this is not an exhaustive list):
- our e+ data management system is managed by SmartCitizen Ltd
- our contracted supplier for the recycling incentive scheme is Suez
- data for concessionary travel (bus passes) are shared with the Fraud Office
- leisure service data is shared with our contractor Everyone Active (Sports and Leisure Management Ltd)
- for the library service we use Alto and Capita
How we store your personal information
Your information is securely stored directly into SmartConnect by yourself and council staff with e+ system role rights.
We keep your personal data obtained to issue your e+ card for in the SmartConnect database within each uniquely identified individual record if, within the previous 6 years:
- there is still a valid e+ card associated which has a transaction recorded on an electronic reader in one of the integrated services
- the valid cardholder’s account has been accessed or activated by the cardholder
- any data change or update has been made to the record
There is an automated system deletion process which runs nightly to delete records inactive according to these rules. Any cardholder whose e+ record has been deleted due to lengthy inactivity can re-register as a new applicant to across services.
Any cardholder can access their own record to see the data held by us and request to change this or have specific services added or removed at any time. Cardholders can have their e+ record deleted altogether if they no longer wish to access the associated services.
The deletion of, or any amendment to an e+ record in SmartConnect is flagged in the relevant associated services in real time.
Data will not be kept for longer than is necessary and is kept in line with the council’s retention and disposal schedule.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Find out more about your right of access from the ICO.
Your right to get your data corrected
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Find out more about your right to get your data corrected from the ICO.
Your right to get your data deleted
You have the right to ask us to delete your personal information in certain circumstances.
Find out more about your right to get your data deleted from the ICO.
Your right to limit how organisations use your data
You have the right to ask us to limit the processing of your information in certain circumstances.
Find out more about your right to limit how organisations use your data from the ICO.
Your right to object to the use of your data
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.
Find out more about your right to object to the use of your data from the ICO.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Find out more about your right to data portability from the ICO.
Making a request
You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.
To make a request, contact us by emailing: email@example.com
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.
This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.
Our lawful basis for processing this information is article 6(1)(c) of the GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.
We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.
To request service adjustments, contact us by
- email: firstname.lastname@example.org
- phone: 01344 352000
- writing to: Customer Services, Time Square, Market Street, Bracknell, RG12 1JD
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data by:
- visiting the ICO website
- phoning the ICO helpline on 0303 123 1113
Information Commissioner’s Office
- Information Commissioner’s Office