This privacy statement covers all of the Council's website. It explains how it collects personal information through web forms and how it collects information and statistics about the use of the website to improve the service it provides.
The Council is committed to keeping your personal data secure and it respects your right to privacy.
This privacy statement explains what personal data the Council collects from you, the purpose it is used for, who it is shared with and how long it is kept.
Personal data – what is it?
Personal data relates to a living individual who can be identified from that data. This can include information that can identify a person when it is put together with other information which the Council holds.
Some of your personal data fits into what are called ‘special categories of personal data’ because it is information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your race or ethnic origin, political opinion, religious or philosophical beliefs, sexual orientation and information regarding your physical or mental health.
What personal data does the Council hold?
The type of personal data the Council collects depends on which Council services you use, but it may include your:
- email address
- telephone number
- debit/credit card details (if you are making a payment to the Council)
Why does the Council need your personal data?
The Council may need your personal data to:
- deliver services and support to you
- manage those services the Council provides to you
- help investigate any worries or complaints you have about the Council's services
- keep track of spending on services
- check the quality of services
- help with research and planning new services
What is the Council's legal basis for using your data?
The Council's legal basis for holding and using your personal data will depend on the service the Council is providing to you. Generally, as a public body, the Council collects and uses personal data where:
- it is necessary to perform the Council's statutory duties
- you have entered into a contract with the Council
- you, or your legal representative, have given consent
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is for the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research or statistical purposes
Sharing your personal data
Depending on the purpose for which the Council originally obtained your personal data and the use to which it is to be put, it may be necessary to share it with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on the Council's behalf such as contractors. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
Sometimes the Council are bound by law to share data with other organisations, such as government departments. The Council may also share your personal data when the Council feels there is a good reason, such as in relation to the prevention of fraud or detection of a crime, or to protect a child or adult who is thought to be at risk; if they are frail, confused or cannot understand what is happening to them.
How does the Council protect your personal data?
The Council takes measures to ensure the personal data is secure, whether it is held in paper form or electronically. Examples of the Council's security includes:
- encryption, meaning that information is hidden so that it can only be read by people with password protected access
- pseudonymisation, meaning that the Council will use a different name so parts of your personal data are hidden
- controlling access to systems and networks allows the Council to stop people who are not allowed to view your personal data
- training for Council staff to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of the Council's technology and ways of working, including keeping up to date on the latest security updates
How long does the Council keep your personal data?
The Council only keeps your personal data for as long as is necessary for the purpose for which it was taken, unless the Council has a legitimate reason for keeping it (for example, adhering to a legal requirement to keep the data for a set time period). However, where possible the Council will anonymise this data so that you cannot be identified. Where the Council does not need to continue to process your personal data, it will be securely destroyed.
What are your rights?
Data protection legislation gives you the right to request a copy of the information the Council holds about you. This is called a Subject Access Request (SAR).
To submit a Subject Access Request please complete the online form.
If you believe the data the Council holds about you is incorrect, you have the right to request that it is corrected.
If your data is no longer needed for the purpose it was collected, in certain circumstances you have the right to request that this information is deleted (the right to erasure). However, there will be occasions when the Council has a legal duty to retain your data despite your request. The Council will advise you if this is the case.
You have the right to ask for your personal data to be given back to you or another provider of your choice in a commonly used format. This is called data portability. However, this only applies if the Council is using your personal data with consent (that is, not if the Council are required by law to use it) and if the decision was made by a computer (automated). It is likely that data portability will not apply to most of the services you receive from the Council.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information (for example, health conditions).
You can request for a restriction to be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data.
You have the right to object to or ask the Council to stop the processing of your personal data in certain circumstances. However, if this request is approved this may cause delays or prevent the Council delivering services to you. Where possible, the Council will seek to comply with your request, but the Council may need to hold or use information because the Council is required to do so by law.
Data Protection Officer
If you have any concerns, questions, comments or would like further information about data protection, please email the Council’s Data Protection Officer at email@example.com or write to:
Data Protection Officer
For more information on data protection or to lodge a complaint about the way the Council has used your personal data, contact the Information Commissioner’s Office via its website at http://www.ico.org.uk or write to:
Information Commissioner’s Office
The Council collects information about visitors to its website to help measure its use. The Council uses this information solely to improve the service the website provides, and the information the Council gathers cannot be used to identify you individually. To get this data the Council uses a product called Google Analytics.
The Google Analytics software uses 'cookies' (small files stored on your computer that hold data about your activity on the Council's website). These are used to gather data about where you go on the Council's website, what links you follow and how long you stay for. They also gather other non-personal information, such as the operating system and screen resolution you are using on your computer.
None of the data collected by this software can be used to identify you personally, and it is aggregated together with the information from other visitors to the Council's site to produce anonymous statistics. It is these statistics - not the information from individual visitors - that gives the Council a picture of the use of the Council's website.
The design, text, graphics, images, source code and other material on the Council's website is copyright of the Council of the Borough of Broxbourne or other third parties.
Copyright and planning applications
Plans, drawings and material submitted to the Council with planning applications are copyright and protected by the Copyright Acts. You can download copies of plans and drawings from the Council's website (see latest planning information online), but you may only use them to compare current applications with previous schemes, and to check whether developments have been completed in accordance with approved plans. Further copies or any further use must not be made without the prior permission of the copyright owner.
Photographs of people on the Council's website
Before the Council uses photos in which people can be individually identified it asks for their permission to use it, or if it is a photo of anyone under 18 the Council will get permission from the parent or guardian.
The Council has copyright of Council photos used on this website. These should not be copied or used in any way without the Council's permission.
Protecting the public purse
The Council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent or detect fraud.
The National Fraud Intiative (NFI) run by the Cabinet Office is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to identify inconsistencies. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The NFI currently requires the Council to participate in a data matching exercise to assist in the prevention and detection of fraud. The Council is required to provide particular sets of data to the NFI for matching for each exercise, and these are set out in the NFI’s guidance, which can be found online at the National Fraud Intiative.
The use of data by the NFI in a data matching exercise is carried out with statutory authority under its powers in Part 6 and schedule 9 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.
Data matching by the NFI is subject to a Code of Practice. This may be found online.
For further information on the NFI’s legal powers and the reasons why it matches particular information, visit the National Fraud Intiative.