Privacy Notice (Fair Processing Notice)

Burnley Borough Council is registered as a ‘data controller’ under Data Protection legislation (General Data Protection Regulations and Data Protection Act 2018), as we process personal information about you to provide public services and meet our statutory obligations. Please see below ‘Why we need your information’, for a description of public services in which we may use your personal data.

Burnley Borough Council is committed to protecting and respecting your privacy. Through this Privacy Notice we have sought to be as transparent as possible to explain how your personal data is secured and processed.

This Privacy Notice explains when and why we collect personal information about people who come into contact with us when applying or receiving our services. It affects those who live in or visit our borough. It is relevant to information we process through our website, and through other forms of contact with us.

This notice explains how we collect, use and share your information and how long we keep it, and how we keep it secure.

The services and functions that we provide or you engage with may have their own Privacy Notices. These Privacy Notices explain in more detail how we use your information, and the legal basis for using that information, for that particular service or function.

Any questions or complaints regarding our privacy practices should be sent to:

Data Protection Officer,Town Hall, Manchester Road. BurnleyBB11 9SA

e-mail: dataprotection@burnley.gov.uk

Telephone: 01282 425011

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law so please check this page regularly to ensure that you’re happy with any changes.

What type of information is collected about you?

The council operates a range of services which will have different personal data requirements. This means we collect various types of personal data about individuals depending on the services you receive and your contact with the Council. This may include:

contact details; including name, address, email address, telephone number, user ID etc.
date of birth
proof of identity or service requirements
national identifiers such as National Insurance numbers
information about your family
IP (Internet Protocol) address and information regarding what pages are accessed and when
lifestyle, social and personal circumstances
the services you receive
financial details for purposes of receiving or making payments
financial details for purposes of assessment for services
employment details
housing information
visual images (CCTV or similar)
audio records, personal appearance and behaviour
licenses or permits held
business activities

We may also record and monitor telephone calls to our Contact Centre for quality, training purposes and to assist with complaints.

Upon visiting our websites, we collect technical information from your device including standard internet log information such as the Internet Protocol (IP) address, your browser type and version, and certain page interaction information.

We may also collect special personal data that may include:

physical or mental health details
racial or ethnic origin
gender and sexual orientation
trade union membership
political affiliation and philosophical beliefs
religious or other beliefs of a similar nature
offences (including alleged offences)
criminal proceedings, outcomes and sentences

Where we process this special data, we will ensure that we have purposes for the processing and that this data is only processed when it is necessary to the purpose.

What about Telephone Calls?

Ordinarily we will inform you if we record or monitor any telephone calls you make to us. This will be used, to increase your security, for our record keeping of the transaction and for our staff training purposes.

What about E Mails?

If you email us we may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you.

We would also suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online services or by post.

What about the Council’s Websites?

Further information is available on our Terms and Disclaimer Page.

If you are a user with public access, the website does not store or capture personal information, but merely logs a number called your IP address which is automatically recognised by the system. The system will record personal information if you:

subscribe to or apply for services that require personal information,
report a fault and give your contact details for us to respond,
contact us and leave your details for us to respond.

We employ cookie technology to help log visitors to our web site. A cookie is a string of information that is sent by a web site and stored on your hard drive or temporarily in your computer’s memory. The information collected is used for the administration of the server and to improve the service provided by the web site. No personal information is collected this way. You can reject the use of cookies but you may be asked for information again, e.g. to participate in a survey. Further information and how to block cookies is located on our Terms and Disclaimer page. This statement only covers the council web sites maintained by us and does not cover other web sites linked from our site.

The Council uses social media such as Facebook and Twitter. We use these platforms to target information. For example we may use advertising features to let people know that live in a community about an event in the borough. We will review statistics on who is engaging with us through social media. We don’t have access to any of the personal data, other that what you have posted to our pages, collected by Facebook and Twitter (other than statistics). We have no control over the processing of personal data performed by these social media platforms. Users of social media should refer to the privacy policies of Facebook and Twitter etc for more information.

What about CCTV/Surveillance records?

We have installed CCTV systems in some of our premises used by members of the public, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.

In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.

The Council has a CCTV system which covers various locations in the borough.

Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.

You have the right to see CCTV images of yourself and be provided with a copy of the images.

Why do we need your personal data?

We use the data to enable us to deliver services to you in the public interest. We need to collect and hold information about you, to:

deliver public services either directly or through partners
confirm your identity to provide some services
contact you by post, email or telephone
understand your needs to provide the services that you request
understand what we can do for you and inform you of other relevant services and benefits
obtain your opinion about our services
update your customer record
help us to build up a picture of how we are performing at delivering services to you and what services people need
collect Council Tax, Business Rates and pay Benefits and Council Tax Support
prevent and detect fraud and corruption in the use of public funds
allow us to undertake statutory functions efficiently and effectively
make sure we meet our statutory obligations including those related social, employment and health law and to diversity and equalities.

We need your personal data to provide you with Council services that you apply for or receive from us and for where we are required to use information to meet our statutory obligations. We will only collect personal data that is absolutely necessary and any information we collect about you will be strictly in accordance with the Data Protection legislation and other statutory obligations which we are bound by.

We may not be able to provide you with a service or product unless we have enough information, or your permission, to use that information.

We process your information for the following services:

council tax, business rates, housing benefits and council tax support
planning applications and building control applications
licensing
landlords licensing, housing grants, homelessness
administrating democratic services, voting and elections
economic growth
employment
health and wellbeing
off street parking
bins, recycling and waste collection
crime and public safety
recreation and cultural activities
burials and cremation
paying suppliers and collecting debts (other than Council Tax)
complaints and enforcement

There are other services and they have their own legal basis, retention requirements, sources of data, disclosures and applicable data protection rights.

In most cases the information will be collected and used where we either have statutory obligation to do so, or where there is a public interest to deliver a public service. In some cases there will be a contract, or we are able to collect and process your personal information because you have consented or agreed to receive a service.

You will be advised of any additional purposes or uses at the time the information is collected or used.

How will we use that information about you?

We will use the information you provide in a manner that conforms to the Data Protection Act. We will endeavour to keep your information accurate and up to date and we will not keep it for longer than is necessary. In some instances, the law sets the length of time information must be kept. We will process your information for the following purposes:

for the public services you requested, and to monitor and improve the council’s performance in responding to your request.
to allow us to be able to communicate and provide services and benefits appropriate to your needs.
to ensure that we meet our legal obligations.
where necessary for the law enforcement functions.
to prevent and detect fraud or crime.
to process financial transactions including grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions.
where necessary to protect individuals from harm or injury.
to allow the statistical analysis of data so we can plan the provision of services.

We will not pass any personal data on to third parties, other than those who either process information on our behalf, or because of a legal requirement, and we will only do so, where possible, after we have ensured that sufficient steps have been taken to protect the personal data by the third party.

We will not disclose any information that you provide ‘in confidence’ to us, to anyone else without your permission, except in the few situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put someone else at risk. You will be told about this.

We may process your information overseas using web services that are hosted outside the European Economic Area, but only with data processing agreements that meet our obligations under the Data Protection legislation.

Who your information may be shared with

We may need to pass your information to other people and organisations that provide the service. These providers are obliged to keep your details securely, and use them only to fulfil your request. If we wish to pass your sensitive or confidential information onto a third party, we will only do so once we have obtained your consent, unless we are legally required or able to do so. We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the Data Protection legislation, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.

The Council has statutory obligations to collect, process and share personal or sensitive personal information without consent, with our partners such as housing associations, central government, such as DWP, HMRC, Home Office, other councils and law enforcement agencies such as the Police and the Crown prosecution service, for the following purposes:

the assessment of any tax or duty
collection of debt
if we are required to do so by any court or law
prevention of fraud
the national fraud initiative
protect you or other individuals from serious harm
protect public funds
health and wellbeing and public health
safeguarding of vulnerable adults and children
the prevention and detection of crime
public safety and law enforcement
criminal or civil prosecution of offenders
national security

We may also share your information with our partners to deliver national government programmes and initiatives, or improving services we deliver, or provide the services you agreed to receive. We may share with:

voluntary sector
central government
other local authorities and councils
housing associations

In all cases this will be done where there is a lawful basis under the conditions set out in the Data Protection Legislation. This will be supported by Data Sharing Agreements where this is best practice.

We may also share your information with third party service providers working on our behalf for the purposes of processing the data, completing tasks and providing services to you on our behalf (for example; waste collection services). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure, as required by the Data Protection Legislation and General Data Protection Regulation (GDPR), and not to use it for any other purposes.

We will not use or share your personal information to third parties for marketing purposes without your permission or are legally required to do so.

Where will get your data from?

Most of the personal data the council obtains comes from you, for example, a planning application or a report of an uncollected bin. In some services we will collect data from other sources. For example, where a bin has not been presented for collection our service provider will collect this information.

There are a wide range of sources including;

Our service providers
Other Council Services
Other Local Authorities and Councils
Portals – a common site for data collection or handling e.g. Planning
Organisations we have Data Sharing Agreements with.
Local Public authorities – the police, fire service, etc.
Central Government – Department of Works and Pensions, HM Revenue and Customs etc
Landlords and Managing Agents
Third Party Data companies – Experian etc.
Members of the Public

How long we keep your information?

We review our retention periods of the information we hold about you on a regular basis. We are legally required to hold data for a period to fulfil our statutory obligations. These maybe statutory registers, financial data for taxation or audit.

We will hold your personal information on our systems for as long as it is necessary for the relevant activity or service that we provide to you, or as required by law. Please see service Privacy Notices to find out more about how long your personal information is held by each service.

Burnley Borough Council always acts upon your choices around what type of communications you want to receive and how you want to receive them. Where you have signed up for one of our newsletters, we use email newsletters to inform you of what we’re doing, news and events.

Tools may be used to help us improve the effectiveness of our communications with you, including tracking whether the emails we send are opened and which links are clicked within a message. This helps us to improve and refine future email marketing around our campaigns and make sure all our emails are relevant and useful as possible.

You have a choice about if you wish to receive information from us. If though you no longer want to receive our e-newsletters, then you can do this by clicking the unsubscribe link on every email.

What about Automatic Profiling and Automatic Decision making?

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, to analyse or predict aspects concerning that person’s economic and health situation, reliability, personal preferences and interests etc.

Automated-decision making means any processing that is carried out by automated means without any human review element in the decision-making. For example; carrying out credit checks searches to detect and reduce fraud.

We may use your information from the different services that you engage with to create a single view and profile of you, which will help us to better understand your specific needs and ensure we are providing the right and efficient services to you in accordance with your needs as well as ensure that we hold one accurate record of your basic personal data across all our Council services; such as your name, date of birth, address, email address, change in circumstances etc.

Profiling will be carried out only when it is necessary to provide you with the service you have agreed to receive or where the Council has a statutory obligation or where to the law allows. However, we will notify you where we would do this and where required we will seek your consent.

We may analyse your personal information to improve services and for the following purposes:

undertake statutory functions efficiently and effectively
service planning by understanding your needs to provide the services that you request
understanding what we can do for you and inform you of other relevant services and benefits
help us to build up a picture of how we are performing at delivering services to you and what services the people of Burnley need
analysis of costs and spend of services we provide so that we can to ensure better and efficient use of public funds

The Council is however committed to using pseudonymised or anonymised information as much as is practical, and in many cases, this will be the default position.

Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.

Anonymisation is the process of removing identifying data or details from (something, especially special category data) for statistical or other purposes.

How are you improving customer records?

We are always working to make our record keeping more efficient and be able to provide relevant services more quickly. Your basic customer record comprises of your name, address, date of birth, gender, contact details (telephone/email), information which can be used to confirm your identity, a brief summary of your contact with the council, an indicator of the services used, and a customer reference number. This will not contain extensive details of the services you have received. However, this will also act as an index to other council systems, and be able to feed information into them, e.g. so you can tell us once of changes to your address and contact information.

How does the Council protect your information?

Any information held by the council about individuals is held securely and in compliance with the Data Protection Act and General Data Protection Regulation.

Burnley Borough Council is committed to protecting its service user’s personal data. We have put measures in place to ensure that our colleagues, service providers, partners and suppliers all look after your information in line with good practice and the law. These follow the rules and practices known as Information Governance.

The information security measures we’ve put in place include:

following good information governance practice and the law when it comes to collecting, handling and giving access to information
training staff in their data protection responsibilities
putting processes in place to ensure good information governance practices for information we collect, hold or handle in both manual and electronic forms
access to your information is only given to those who need to know and where it is necessary
information will not be held for longer than required and will be disposed of securely
encryption on portable electronic devices and in the transmission of confidential information.

What about transfers of data outside of Europe?

For a limited range of personal data, the Council may transfer your personal data outside of the European Economic Area. We will only do so where the country or company meets the requirements of the Data Protection legislation in respect of equilvalent or compensatory controls.

How you can access, update, restrict, remove or correct your information?

The Data Protection laws give you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request.’

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. If you wish to restrict data processing or sharing including use for marketing or do not want to be contacted by the Council in any way, please inform us. You can request that we remove your details from our database at the address below. We will remove data in accordance with your wishes excluding data we are required to keep by law.

There will be more details of the applicable rights in the privacy notices related to the services.

If you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date, please contact the relevant service

If you require a subject access request email us at dataprotection@burnley.gov.uk, or write to us at:Data Protection OfficerBurnley Borough CouncilTown HallManchester RoadBurnleyBB11 9SAe-mail:dataprotection@burnley.gov.ukTelephone: 01282 425011

Alternatively, you can telephone the customer contact centre on 01282 425011

What are Your information choices and rights?

Where we use your personal data for other purposes other than what you have consented or where we must fulfil a statutory obligation or contract, or where the data protection law allows, then we will let you know so that you can make an informed choice about how your information is used.

If you do not want your information to be used for any purpose beyond providing the services you have agreed to receive, such as; sharing it with our partners or providers for service delivery planning or improvement of services, profiling research or statistical purposes (in such instance only minimum and necessary, anonymised or pseudonymised data will be used), you may be able opt-out of this.

However, if you opt out or withdraw consent from certain processing of your information or fail to provide information for a contract, we may not be able to deliver certain services to you. For example; if you do not consent to provide your information to DWP to check eligibility for receiving council tax support, then this will affect the decision we make with regards to your entitlement to receiving council tax support.

You may not be able to object to your information being used, held, or shared under certain circumstances. For example, where have a duty because of the prevention and detection of crime, or where we are required to fulfil our statutory obligations.

Where you would like to withdraw your consent, or opt-out of any other use of your information, please contact the relevant service

If you have any issues in exercising these rights please write to:Data Protection OfficerBurnley Borough CouncilTown HallManchester RoadBurnleyBB11 9SAe-mail: dataprotection@burnley.gov.ukTelephone: 01282 425011

How do I contact the Information Commissioner’s Office?

The Information Commissioner is the UK’s independent body set up to uphold information rights.

If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner’s website.

If you have any concerns regarding our privacy practices or about exercising your Data Protection rights, you may contact the Information Commissioner’s Office:Information Commissioner’s OfficeWycliffe HouseWater LaneWilmslowCheshireSK9 5AFTel: 0303 123 1113 or 01625 545 745Email: casework@ico.org.ukWebsite: www.ico.org.uk

What about the Prevention and Detection of Crime?

Burnley Borough Council is required by law to protect the public funds it administers. We may use any of the information you provide to us or have provided in the past with other bodies responsible for auditing or administering public funds for the prevention and detection of fraud.

Section 68 of the Serious Crime Act 2007 enables public authorities to disclose information for the purposes of preventing fraud, as a member of a specified anti-fraud organisation or otherwise in accordance with any arrangements made with such an organisation.

We will carry out data matching exercises with specified anti-fraud organisations, County, District and Borough councils. Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Disclosures of information from a public authority to a specified anti-fraud organisation are subject to a Code of Practice. In addition, all disclosures must be made in accordance with the Data Protection legislation.

We may also share this information with other bodies that are responsible for auditing or administering public funds including the Cabinet Office (previously dealt with by the Audit Commission), the Department for Work and Pensions, HM Revenue and Customs, the Police and other local authorities.

In addition to undertaking our own data matching to identify errors and potential frauds we are required to take part in national data matching exercises undertaken by the Cabinet Office. The use of data by the Cabinet Office in a data matching exercise is carried out under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned.

See www.gov.uk/government/collections/national-fraud-initiative for further information.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information. For further information on data matching at this authority contact:Data Protection OfficerBurnley Borough CouncilTown HallManchester RoadBurnleyBB11 9SAe-mail: dataprotection@burnley.gov.ukTelephone: 01282 425011

For further information please see:

www.gov.uk/government/publications/code-of-data-matching-practice-for-national-fraud-initiative.

What about changes to Privacy Notices?

The terms of this Privacy Notice may change, so please recheck periodically. This statement was last updated June 2018.