Our privacy notice
Updated: 23 April 2021
Our contact details
Name: Data Protection Officer
Address: Time Square, Market Street, Bracknell, RG12 1JD
Phone Number: 01344 352000
Bracknell Forest Council is registered as a controller with the Information Commissioner’s Office (ICO).
You can find us on the ICO website - our registration number is Z4971654.
Bracknell Forest Council is a local government authority. We are responsible for delivering services to our residents and businesses in the borough.
The following explains how we use information about you and how we protect your privacy.
Privacy notices are kept under regular review in line with the privacy notices tracker and any updates will be evidenced on these pages.
Your privacy and the protection of your personal information is very important to us. We are committed to following the data protection legislation which includes the:
These require us to tell people how their personal information is used.
This includes information collected:
- at the registration of a birth
- through client or customer use of provider services that we have commissioned
Although not direct health care, this helps us to understand more about the health and care needs of the populations in our area.
We can use the data to measure the health, mortality, morbidity and care requirements of our population. This allows us to plan and deliver health and care services in a coordinated and efficient way.
We may share your data internally with other departments in the council to effectively deliver our services.
What personal data means
Personal data means any information relating to an identified or identifiable natural person. This person is called the data subject. An identifiable natural person is one who can be identified, directly or indirectly.
Some information is categorised as ‘special’ and needs more protection due to its sensitivity.
It’s often information you would not want widely known and is very personal to you. This includes information relating to:
- sexuality and sexual health
- religious or philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic and biometric data
- criminal history - this will be processed under the 28 conditions of Schedule 1 of the DPA 2018 which are available for the processing of criminal offence data (set out in paragraphs 1 to 37) - we will tell you where appropriate
How we get the personal information and why we have it
Most of the personal information we process as a council is provided to us directly by you as individuals. If we received the data from any other sources, this will be identified in the specific privacy notices held on our website.
Why we need your personal information
When you fill in a form, register online, contact us, apply for a service or interact with us in any way, we will collect the following types of information depending on the service that you want to access:
- information about you, this could include your name, address, date of birth
- visual images, personal appearance and behaviour
- national identifiers such as NHS number, National Insurance number
- information about your family
- details about your lifestyle and social circumstances
- financial details
- employment and education details
- details about your housing needs
- the IP address that you accessed any of our online services from
- case file information
- criminal proceedings, outcomes and sentences
- physical or mental health details
- racial or ethnic origin
- offences (including alleged offences)
- religious or other beliefs of a similar nature
We only collect and use personal information if we need it to deliver a service or meet a requirement in order to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- check the quality of services
- to help with research and planning of new services
- prevent and detect crime and fraud
- to review and update the systems on our IT network
If we don’t need to keep your personal information we will either keep the information anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details.
If we use your personal information for research and analysis, we will always keep your information anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
Service specific privacy notices
We will let you know through service specific privacy notices what lawful bases we are relying on to perform the service that we are providing.
You can view these on our privacy notices page.
How the law allows us to use your personal information
There are a number of legal reasons why we are allowed to collect and use your personal information. The reason why we are allowed to use the information is different for different service you access or interact with.
These reasons include:
- you, or your legal representative, have given consent for us to use your personal information
- we need the information because you have entered into a contract with us
- we need to have the information to perform our legal obligations
- we need to have the information to protect someone in an emergency (vital interests)
- we are required by law to do something and we need information about you in order to do this (public task)
- it is necessary for us to have the information to conduct our legitimate business for non-statutory services (legitimate interests)
When we collect data about your race, health (including biometric or genetic data), sex life, sexual orientation, ethnic origin, politics or trade union membership, we also rely on the following lawful basis:
you provided us with your explicit consent for us to collect and use your special category information
- explicit consent requires a very clear and specific statement of consent, it must be expressly confirmed in words, rather than by any other positive action
- you are able to remove your consent at any time by contacting the DPO - please note this may impact the services we are able to provide to you
- we need it for employment, social security or social protection checks
- we need to protect your vital interests in situations where you are incapable for giving consent
- it is necessary for us to have the information to conduct our legitimate business for non-statutory services (legitimate interests)
- you have made your information publicly available (in the public domain)
- we need to defend a legal claim
- it is to the benefit of society as a whole (substantial public interest) or we need to comply with UK legislation
- we need it to deliver health or social care services to you
- we need to collect it to protect public health in the public interest
- it is necessary for archiving, research, or statistical purposes
Who we share your information with
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.
We’ll often complete a data protection impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t often happen, but we may share your information:
- if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
In addition the personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so.
We also receive personal information indirectly, from the following sources in the following scenarios. This may include personal data not obtained from you. The organisations and third parties include:
- adoption agencies
- agency workers and contractors
- buyers of goods and services
- care homes and care providers
- Children and Family Court Advisory and Support Service
- courts and tribunals
- credit reference agencies
- current, past and prospective employers
- customers and service users
- customs and excise
- debt collection and tracing agencies
- educators and examining bodies
- employers participating in the local government pensions scheme
- family, associates or representatives of the person whose personal data we are processing
- financial organisations
- healthcare professionals
- healthcare, social and welfare organisations
- Home Office
- housing associations and landlords
- international law enforcement agencies and bodies
- law enforcement and prosecuting authorities
- legal representatives and defence solicitors
- licensing authorities
- local and central government bodies
- mental health assessors
- ombudsman and regulatory authorities
- partner agencies, approved organisations and individuals working with the police
- pensions regulators and pensions authorities
- police complaints authority
- police forces
- political organisations
- press and the media
- prisons and the probation service
- private investigators
- professional advisers and consultants
- professional bodies
- religious organisations
- schools and academies
- security companies
- service providers and other suppliers of goods and services
- students and pupils including their relatives, guardians, carers or representatives
- survey and research organisations
- the disclosure and barring service
- trade unions
- voluntary and charitable organisations
- waste collection authorities
This list is not exhaustive.
We will not share the information you have provided with an outside organisation or use it for another purpose unless we are allowed to do so by law.
We may also share your personal information with outside organisations to:
- prevent and detect crime
- apprehend or prosecute offenders
- assess or collect tax or duty
Also, we may share your personal information where we are required by law or in connection with legal proceedings.
We may share your personal data with contractors who carry out functions on our behalf.
You can see details of council contracts over £5,000 on DataShare.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Find out more about your right of access from the ICO.
Your right to get your data corrected
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Find out more about your right to get your data corrected from the ICO.
Your right to get your data deleted
You have the right to ask us to delete your personal information in certain circumstances.
Find out more about your right to get your data deleted from the ICO.
Your right to limit how organisations use your data
You have the right to ask us to limit the processing of your information in certain circumstances.
Find out more about your right to limit how organisations use your data from the ICO.
Your right to object to the use of your data
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.
Find out more about your right to object to the use of your data from the ICO.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Find out more about your right to data portability from the ICO.
Making a request
You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.
Please contact us at firstname.lastname@example.org to make a request.
How we protect your information
We strive to make sure that the records we hold about you (on paper and electronically) are held in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password) - this is done with a secret code and the hidden information is said to then be ‘encrypted’
- pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view - this means that someone outside of the council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
We only keep your personal information for as long as we need it in line with the council's retention and disposal schedule. We will then dispose your information by safe means.
Personal information sent or stored other countries
No personal public data is stored outside the UK.
Our website contains links to other websites. This privacy notice applies to this website only. When you link to other websites you should read their own privacy notices.
We are not responsible for the contents or reliability of the linked websites and we do not endorse the views expressed in them. Listing should not be taken as endorsement of any kind. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages.
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.
This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.
Our lawful basis for processing this information is article 6(1)(c) of the GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.
We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.
Please contact us should you require service adjustments.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data by:
- visiting the ICO website
- phoning the ICO helpline on 0303 123 1113
Information Commissioner’s Office
- Information Commissioner’s Office