Public health privacy notice
Published: 26 April 2021
Our contact details
Name: Data Protection Officer
Address: Time Square, Market Street, Bracknell, RG12 1JD
Phone Number: 01344 352000
The type of personal information we collect
Your personal data will be used to process your application for the services you require provided by Public Health and will include data such as:
- date of birth
- health records
- sexual orientation
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for processing your application for the services you need provided by public health.
We also receive personal information indirectly, from the following sources in the following scenarios:
NHS Digital provide:
- access to civil registrations datasets, which include births and deaths registrations - this information is person-identifiable
a pseudonymised hospital episode statistics dataset - these datasets are used for the following purposes:
- measuring the health, mortality and care needs of the population
- planning, evaluating and monitoring health and social care policies, services or interventions
protecting or improving public health, including such subjects as:
- the incidence of disease
- the characteristics of persons with disease
- the risk factors pertaining to sections of the population
- investigating specific areas of local concern relating to the health of the local population
- the effectiveness of medical treatments
Public Health England provide person-identifiable data related to the COVID-19 pandemic (it is deemed necessary for local authorities to have access to personal data to fulfil their responsibilities in managing and mitigating against the spread and impact of the current outbreak of COVID-19) including:
- confirmed cases
- identified contacts (through National Test and Trace service and local contact tracing teams)
- common exposures and outbreaks
- Fit4all Service
- social prescribing service
- stop smoking service
We use the information that you have given us in order to process your application for the services you require provided by public health.
How the law allows us to use your personal information
Under the Data Protection Act 2018, General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information are legal obligations such as those stated in the:
- Health and Social Care Act 2012
- Control of patient information notice: COVID-19 - Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002
- Children and Families Act 2014
Local Authority Public Health Functions Regulations 2013 and related statutory instruments and their subsequent amendments, to provide health and wellbeing services that include, but not limited to:
- open access sexual health services
- national child measurement programme
- health checks for eligible people
- public health advice
- health protection
- to keep to the general duty to improve public health and any other steps to improve the health of people who live in the area, to help individuals minimise the risks to their health and to encourage individuals to adopt healthier lifestyles
Also, data depending on the types of information being held and analysed. These include:
- Section 42 (4) of the Statistics and Registration Service Act 2007 as amended by section 287 of the Health and Social Care Act 2012
- Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002
Lawful basis for processing
The lawful basis for processing is Article 6 GDPR:
- (a) you have given consent
- (b) process is necessary for the performance of a contract
- (c) processing is necessary for compliance with a legal obligation to which we are subject
Special category data
Special category data is being processed under Article 9 GDPR:
- (a) you have given your consent
- (e) processing relates to personal data which are manifestly made public by the data subject
- (h) processing is necessary for the purposes of preventative or occupational medicine
If we ask you for your consent when providing our service you have the right to withdraw consent as fully explained below. Where we do use consent to process your personal data, we will explain to you what we are asking you to agree to and why.
If we have consent to use your personal data, you have the right to remove it at any time. If you want to remove your consent, please email email@example.com and we will deal with your request. Please note that should you remove your consent we are unlikely to be able to provide continued services to you.
You also have the right to:
- opt out of Bracknell Forest Council public health receiving and processing your personal identifiable information from NHS Digital datasets
- choose not to have information about you shared or used for any purpose beyond providing your own treatment or care
However, there are occasions where service providers will have a legal duty to share information, for example safeguarding.
The process for opting out will depend on what the specific data is and what programme it relates to. You can contact your GP for further information about registering an opt-out or to end an opt-out you have already registered.
We have a contractual obligation
Performance of a contract when providing a service with an external provider such as a business providing universal and targeted public health nursing services to children and young people.
Under the contract you have a right to object to processing as explained below, under 'your data protection rights'.
Public interest when providing a service in our official capacity, such as the promotion of a ‘Stop smoking’ campaign.
Who we share your information with
We will need to share you personal data with third parties to deliver our services. Third parties include (for example, Police, Care Home Services) This is not an exhaustive list.
You can ask us for more information on the third party service providers. We will not sell your personal data to any party.
Data that is received through our Data Access Agreements (DAA) with NHS Digital (hospital episode statistics and access to civil registrations – including births and deaths) will not be disclosed with a third party that is not identified in our licence agreement.
Any data that is shared will be anonymised and aggregated to a level that complies with the Office of National Statistics Guidance or if we are required to do so for legal reasons. This data is provided through the Personal Demographics Service.
In order to carry out our legal obligations the council may share the school census data it collects from the schools in the Bracknell Forest area with its appointed commissioners.
How we store your personal information
Your information is securely stored on a server based in council offices at Times Square.
Your data will not be kept for longer than is necessary.
Data that is received through our Data Access Agreements (DAA) with NHS Digital will be retained for a maximum of 10 years, as stated in the DAA.
Data that is received through our DAA with Public Health England for COVID-19 will be kept until the expiration of the COPI Notice (COVID-19 – Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002). This is currently 30 September 2021.
Other data will be held for 3 years and will be used for comparison on data to develop the service.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Find out more about your right of access from the ICO.
Your right to get your data corrected
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Find out more about your right to get your data corrected from the ICO.
Your right to get your data deleted
You have the right to ask us to delete your personal information in certain circumstances.
Find out more about your right to get your data deleted from the ICO.
Your right to limit how organisations use your data
You have the right to ask us to limit the processing of your information in certain circumstances.
Find out more about your right to limit how organisations use your data from the ICO.
Your right to object to the use of your data
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.
Find out more about your right to object to the use of your data from the ICO.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Find out more about your right to data portability from the ICO.
Making a request
You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.
To make a request, contact us by emailing: firstname.lastname@example.org
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.
This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.
Our lawful basis for processing this information is article 6(1)(c) of the GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.
We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.
Please contact us should you require service adjustments.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data by:
- visiting the ICO website
- phoning the ICO helpline on 0303 123 1113
Information Commissioner’s Office
- Information Commissioner’s Office