The Council will do all we can to respect your privacy and to protect the personal information we acquire when you use our services.
View our Data Protection Policy.
In response to the COVID-19 (coronavirus) pandemic, the Council has developed a separate privacy notice which describes how we may use your information to protect and assist you, and others, during the outbreak.
The Council already holds data about you provided for a specific reason and usually we would inform you if that data was going to be used for a different purpose.
Due to the current rapidly changing situation we may not always be able to do this. If we already hold information about you regarding vulnerability as defined in the current guidance from the Government and Public Health England, we may share this with services inside and outside the Council for emergency planning purposes or to protect your vital interests.
We may also need to ask you for other information that you have not told us about including sensitive personal information - for example: your age or if you have any underlying illnesses or are vulnerable. We are doing this so the Council can assist and prioritise its services.
Please also see the Council’s GDPR and Data Sharing Policy.
The Information Commissioners Office has published its own FAQs on data handling during the pandemic.
This privacy notice provides a summary on how we use your information in order to fulfil our statutory responsibilities as a Local Authority in the provision of services to you, explains your rights and outlines the measures that we have taken to protect the personal data we hold.
We collect and process various types of personal information, including basic information such as your name and contact details. Most of your information will have been provided by yourself or collected through your use of Council services.
View the Council's departmental privacy notices. Under each service will be more information about how your data is processed, who we may share your information with and why.
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person, for example, this could be your name and contact details.
Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include: sexuality, sexual health, religious or philosophical beliefs, ethnicity, physical or mental health, trade union membership, political opinion, and genetic/biometric data.
GDPR states we (the Council) need a lawful basis for processing your personal data. Depending on why we are processing your personal data will determine the lawful basis for processing. The lawful basis for processing has to be at least one or more of these conditions -
We may need to use some information about you to:
There are a number of legal reasons why we need to collect and use your personal information. Generally, we collect and use personal information when:
For further information on retention of records, please view the Records management page.
We’ll only collect and use personal information if we need it to deliver a service or meet a requirement such as processing Council Tax billing. If we use your information for other reasons such as for performance reporting and analysis, we’ll always keep your personal identifying details anonymous unless you’ve agreed that your personal details can be included. Where your information is no longer needed it will be destroyed in line with the Councils retention and disposal policies.
Data protection law gives you a number of rights to control what personal information we can hold and how it is used by us.
You can ask for access to the information we hold on you
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you either verbally or in writing, we will review the records held and respond to you within one month.
If you have any queries about access to your information please make a request for records held by Richmond Council.
Data protection law specifies that we cannot let you see any parts of your record which contain items such as:
You can ask to change information you think is inaccurate
You should let us know if you disagree with something in our records about you.
We will correct factual inaccuracies and may include your comments in the record to show that you disagree with it where necessary.
You can ask to withdraw consent previously given
Where we have previously had your consent to use your personal information, you have the right to remove your consent at any time.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted. You can request the erasure of your personal data.
Erasure of personal data is not an absolute right. It will be granted in most but not all circumstances.
You have the right to ask us to restrict the use of your personal information
You can ask us to restrict the use of your personal information where either:
You have the right to ask us to stop using your personal information for any council service.
Unless we can demonstrate compelling legitimate grounds for the processing of your personal data which overrides your interests, rights and freedoms or its use in legal claims, you have the right to object to the processing of your personal information. However, if this request is approved this may cause delays or prevent us delivering that service. This includes the right not to be subject to a decision based solely on automated processing, including profiling.
You have the right to data portability
Only where you have provided us with either consent to have your personal information or where it has been processed in order to fulfil a contract with us and where the information has been automated, you can request this information be given to other organisations where technically feasible.
If you wish to exercise any of the rights above please contact us by email at DPO@richmondandwandsworth.gov.uk with full details and verification of who you are (i.e. proof of address and ID) and we will process your request as quickly as possible and certainly within the one calendar month period allowed, where ever possible.
We keep your information confidential and will only share your information outside of the Council for the purposes mentioned in our privacy notice. This may include sharing with third parties such as our partner service providers or for fraud prevention and in compliance with law enforcement agencies and regulators.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements, there is always an agreement in place to make sure that the organisation complies with data protection law.
Before we share personal information to make sure we protect your privacy and comply with the law we will review the risks involved and, if necessary, complete a full privacy impact assessment (PIA).
Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including:
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
For all of these reasons the risk must be serious before we can override your right to privacy. If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why if we think it is safe to do so.
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
Generally, the Council will not process your personal data outside of the EU, in exceptions where we do, we will ensure equivalent data protection controls are in place.
More detail about how individual departments use your data.
When you visit the Council’s website we collect routine internet log information, which allows us to see visitor behaviour patterns and helps us improve our website. Internet log information is collected in a way which does not allow us to identify you and we do not make any attempts to find out the identities of individuals visiting our website.
To make this website easier to use, we sometimes place small text files on your device (for example your iPad or laptop) called cookies. Most big websites do this too.
They improve things by:
Our website contains external links to third party sites. Our privacy notice applies only to information collected by or on behalf of the Council. When you are transferring to another site you should read their privacy statement on the use of your information before submitting any personal details.
Our privacy notice may be reviewed from time to time so please check back here each time you submit personal data to us.
The Council's Data Protection Officer (DPO) is Katrina Waite. The DPO can be contacted at email@example.com.
If you are unhappy about how we have handled your data or for independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO), their contact details can be found via the ICO website or you can email firstname.lastname@example.org.
Updated: 14 May 2020