Customer Management - privacy notice
Who we are
Derby City Council is the local government unitary authority for Derby City. Our address is The Council House, Corporation Street, Derby, DE1 2FS. You can contact our Data Protection Officer on 01332 640763 or by email at data.protection@derby.gov.uk
How do we collect information from you?
We collect information from you when you visit www.derby.gov.uk, when you fill in any forms using our customer portals or on our website, including myAccount; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.
What types of information do we collect from you?
Enquiries, Comments and Reports
If you make an enquiry, either in person at the customer service centre, over the phone or via the website, we may process some personal information about you. Depending on the nature of your enquiry, this may be so that we can respond to you, or it may be that we need information about you to resolve your issue or to investigate a problem.
Your information may also be used to improve our services. We also collect equalities monitoring information in some situations. This information is processed separately to provide an overview of our services.
In order to provide this service, we may need to process some or all of the following categories of personal information:
- contact details
- enquiry details
- payment card details
- age
Your information will be passed to the relevant team within the council. Depending on the type of enquiry, the responding team may share your information with the following classes of recipients:
- emergency services
- regulatory agencies
- partners that provide services on our behalf
- government departments
- other relevant parties.
Once you have provided information to us, it may form part of other processes with a different lawful basis – for example it may lead to enforcement activity as part of a statutory duty, or we may be legally obliged to take certain action. We will inform which services we will pass the
information on to and you can refer to the relevant privacy notices for further information on how your information will be handled.
Visiting
If you visit some of our premises, for example the Council House, you may be asked to sign in. This information is required to maintain building security, and to provide some estimate of how many people were in building if there is an emergency.
In order to provide this service, we may need to process some or all of the following categories of personal information:
- contact details
Under data protection legislation, we are permitted to collect information this way because we have a legitimate interest in the processing. In this case, we have a legitimate interest in maintain the security of our premises in order to safeguard our information assets and staff.
Information in the visitor system may be shared with the police or emergency services. This sharing is to aid the prevention and detection of crime, or to protect your vital interests in an emergency.
Customer complaints
If you choose to make a complaint to us, either in person at the Customer Contact Centre, over the phone or via the website, we may process some personal information about you. You can find more information on our complaints page about how we define a complaint and what our process involves.
In order to provide this service, we may need to process some or all of the following categories of personal information:
- contact details
- complaint details
Under data protection legislation, we are permitted to use your information this way because it is in our legitimate interests to review and improve our service provision.
You do not have to provide personal information when you make a complaint, but if you do not it may hamper our ability to investigate and/or communicate the outcome to you.
Once your complaint has been logged, it may form part of other processes with a different lawful basis – for example it may lead to enforcement activity as part of a statutory duty, or we may be legally obliged to take certain action.
Details of information obtained from third parties?
We may receive personal information about you from the police or other investigatory bodies for the purposes of assisting them in the prevention and detection of crime and for the purposes of the apprehension and prosecution of offenders.
How is your information used?
We may use your information to:
- Process your subject access request for personal information about you under the Data Protection Act 2018. We may also process data relating to you as part of another subject access request, which may include your personal data but no third party data about you will be disclosed without your consent.Assist the police or other investigatory bodies where sharing the information is necessary for the purposes of preventing and detection of crime or for the purposes of apprehension and prosecution of offenders.
- Where the disclosure or processing of your information is required by law or is necessary for the purpose of, or in connection with, any legal proceedings or for the purpose of obtaining legal advice.
- Assist other local authorities where information needs to be shared for safeguarding purposes or to protect the vital interests of you or others
Your information may also be used to improve our services. We also collect equalities monitoring information in some situations. This information is processed separately to provide an overview of our services.
COVID-19/Coronavirus
Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. The Council have a legal duty to process and share personal information in accordance with the Coronavirus Act 2020. Any such processing will be done in the public interest to promote health and wellbeing.
The Council have a duty to notify Public Health England and the local authority where the individual resides (if different), where there are suspected Coronavirus cases. In this instance, the Council will disclose the information under Article 9(2)(j) of the UK GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential information can be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the individuals and the public interest in keeping the information confidential.
The Council may contact staff, service users, residents and patients with messages relating to Coronavirus by text, phone, letter or e-mail. This contact is not direct marketing; therefore we do not need your Consent before contacting you. There is more information available on the national Information Commissioners Office approach to the current epidemic.
Research and Statistics
Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.
Who has access to your information?
We may share your information with the following third parties for the reasons detailed above:
- Police and other investigatory bodies
- Other local authorities
- Courts
- Solicitors or insurance companies
- Public Health England (PHE)
- The National Track and Trace (NTT) service
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Your information will only be shared for one or more of the purposes stated above and for no other purpose.
What are your rights in relation the personal data we process?
Access – you can request copies of any of your personal information that is held by the Council.
Rectification – you can ask us to correct any incorrect information.
Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
Portability – you can ask us to transfer your personal data to different services or to you.
Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
Right to prevent automatic decisions –.you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.
How long will we keep your information for?
We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.
What security precautions are in place to protect the loss, misuse or alteration of your information?
We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.
Keeping your data up to date
We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.
Cookies
Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.
IP addresses
Internet Protocol (IP) addresses are collected when our site is used:
- for statistical or analytical purposes
- to identify any malicious activity.
Complaints
If you would like to make a complaint regarding the use of your personal data you can contact our Data Protection Officer:
- By post: Information Governance, Council House, Corporation Street, Derby, DE1 2FS
- By phone: 01332 640763
- By email: data.protection@derby.gov.uk
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):
- By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Alternatively, visit ico.org.uk or email casework@ico.org.uk.