Privacy notice
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information about you.
The information we collect is used in accordance with data protection and other relevant legislation. Contact details for the data controller’s representative are:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
A data controller determines how and why personal data is processed. For more information, read the London Borough of Bexley's entry in the Data Protection Public Register.
What personal information do we process?
Personal information can be any information that relates to or identifies a living person. Typically, and at its most simple it could include a name, date of birth, postal address, email address, telephone number and debit or credit card details.
We collect certain information or data about you when you use our website. This includes:
- forms you complete, questions, queries or feedback you leave, including your email address if you send an email to our website
- your Internet Protocol (IP) address, and details of which version of web browser you used
- information on how you use the site, using cookies and page tagging techniques to help us improve the website
- details to allow you to access our services and transactions, e.g. an email address (you'll always be told when this information is being collected, and it will only be used for the purpose you provide it for)
The law regards some personal information as being in a special category given its sensitivity and is therefore given more protection. This includes information that identifies racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding physical and mental health.
What is the purpose of processing your personal information?
We process personal information to enable us to provide a range of services to local people and businesses; as such we may require your personal information to:
- perform our statutory functions
- fulfil our statutory obligations, including those related to equalities and diversity
- deliver services to you
- manage those services we provide
- confirm your identity
- process financial transaction such as invoices, payments and benefits
- train and manage the employment of our workers who deliver those services
- investigate any complaints you have about our services
- monitor spending on services
- check the quality of services
- plan services
- emergency response management
- prevent and detect fraud, corruption and crime
- protect individuals from harm
Service-specific privacy notices will explain in more detail the purpose of processing your personal information.
What are the lawful basis for processing your personal information?
There are six lawful basis, that allows for the processing of personal information. These are:
- when we have your consent
- the processing is necessary for the performance of a contract
- the processing is necessary for compliance with a legal obligation to which we are subject
- the processing is necessary in order to protect your vital interests or those of another individual
- the processing is necessary for the performance of a task in the public interest or in the exercise of authority vested in us
- the processing is necessary for our legitimate interest or those of a third party (this will not apply to processing that we carry out in the performance of our tasks as a public authority)
Service-specific privacy notices will explain in more detail the lawful basis for processing your personal information.
Who are recipients or categories of recipients of your personal information?
We will generally only allow your personal information to be used by those Council staff who need to perform their functions.
The Council has outsourced some of its services to either joint arrangements with other local authorities, arm’s length partly owned companies, or private sector companies who provide services on our behalf. These organisations collect and use personal information on our behalf to provide services. We will need to supply your information to these organisations in order to supply a service to you. Each service-specific privacy notice will identify who are recipients of your personal information.
Personal information may also be shared with the following broad category of organisations when we are either permitted to or are required by law:
- Councillors and Members of Parliament
- Central Government Departments
- schools and colleges
- health organisations
- Housing Associations and or other registered social landlords
- other local authorities
- police,
- voluntary sector organisations
The Council is a signatory to a number of data-sharing agreements. The types of purposes for which it is legitimate to share your personal information are set out in these Agreements.
We may share the personal information of our service users where it is fair and lawful to do so and where the sharing takes place in a transparent manner.
Service-specific privacy notices will explain in more detail our purposes for sharing information and who are the recipients of your personal information.
We will not make your personal information available to companies for marketing purposes. We may share information with partners to achieve purposes that benefit you or the local community.
We use a third-party provider, Capita PLC, to support our Revenue and Financial Assessments WebChat service, which we use to handle customer enquiries in real-time. If you use the WebChat service, we will collect your name, email address and the contents of your WebChat session. This information will be stored in our customer database. Your information will not be shared with any other organisations unless there is a statutory or legal requirement to do so. If you have a customer account associated with the email address you provide, a record of your session will be stored against your details. This will not contain the contents of the WebChat session.
Intent to transfer personal information to a third country or international organisation
Should it be necessary to transfer personal information outside the European Economic Area it will only be transferred to a third country or international organisation which the European Commission has decided has appropriate safeguards, including binding corporate rules.
How long do we keep your personal information?
We will only keep your personal information for as long as we consider that it is necessary to be retained. We have a Record Retention Schedule which lists how we would intend to keep your personal information.
Your individual rights
At any point while we are in possession of or processing your personal data, you have the following rights to:
- access your personal information that we hold about you (to access your personal information visit information requests)
- rectification of your personal information
- erasure of your personal information (sometimes called the ‘right to be forgotten’)
- object to the processing of your personal information
- data portability allowing you to obtain and reuse your personal data for your own purposes
- restrict processing of your personal information
- not being subject to a decision based solely on automated decision making including profiling
The right to withdraw consent
Where the legal basis for processing your personal information is consent, you have the right to withdraw that consent at any time by notifying us.
If you withdraw your consent it may take longer or not be possible to continue to provide you with that service.
Service-specific privacy notices below will explain in more detail how you can exercise your rights. However, if you have any queries or concerns with how your information is being processed please contact data.protection@bexley.gov.uk.
The right to lodge a complaint
You have the right to complain to the Information Commissioners Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email: casework@ico.org.uk or Tel: 0303 123 1113
Changes to this policy
We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
Appropriate Data Policy
This details how the London Borough of Bexley will protect special category and criminal convictions personal data.
It meets the requirements in paragraph 1 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document is produced where the processing of special category personal data is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection.
It also meets the requirement in paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document is in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be processed for reasons of substantial public interest are set out in paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018.
Procedure for Securing Compliance
The UK General Data Protection Principles (GDPR) sets out the data protection principles. The purpose of the policy is to detail the authority’s procedures for ensuring compliance with the principles.
Principle 1 - Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
The London Borough of Bexley shall:
- ensure that personal data is only processed where a lawful basis applies and where processing otherwise lawful
- process personal data fairly and will ensure that data subjects are not misled about the purposes of any processing
- use Privacy Impact Assessments to ensure that proposed processing is carried out fairly
- ensure that data subjects receive full privacy information so that any processing of personal data is transparent
Principle 2 - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
The London Borough of Bexley shall:
- only collect personal data for specified, explicit and legitimate purposes and will inform data subjects what those purposes are in a privacy notice
- not use personal data for purposes that are incompatible with the purpose for which it was collected. If the London Borough of Bexley use personal data for a new purpose that is compatible, it will inform the data subject first
Principle 3 - Personal data shall be accurate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The London Borough of Bexley shall:
- collect only the minimum personal data needed for the purpose for which it is collected
- ensure data collected will be adequate and relevant
Principle 4 - Personal data shall be accurate and where necessary kept up to date.
The London Borough of Bexley shall:
- ensure personal data is accurate and kept up to date where necessary. Particular care will be taken where the use of the personal data has a significant impact on individuals
- where possible carry out data matching exercises
- correct personal data when notified of inaccuracies
Principle 5 - Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The London Borough of Bexley shall:
- keep personal data in identifiable form only as long as is necessary for the purpose for which it is collected, unless required otherwise by law
- delete or render personal data, permanently anonymous once no longer needed
- retain and dispose of personal data in line with the Council’s Record Retention Schedule
Principle 6 - Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The London Borough of Bexley shall:
- ensure that appropriate organisational and technical measures are in place to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage
Accountability Principle
The London Borough of Bexley as Data Controller shall be responsible for and be able to demonstrate compliance with the data protection principle. The Data Protection Officer together with both the Senior Information Risk Officer and Caldicott Guardian are responsible for monitoring compliance with these principles.
The London Borough of Bexley shall:
- ensure that records are kept of all personal data processing activities and these are provided to the Information Commissioners Office on request
- carry out a Privacy Impact Assessment for any high-risk personal data processing and consult the Information Commissioners' Office if appropriate
- establish internal processes to ensure that personal data is collected, used or handled only in a way that is compliant with data protection legislation
Data Controllers Policies as regards Retention and Disposal of Personal Data
Where special category or criminal convictions personal data is processed, the London Borough of Bexley shall:
- maintain a record of that processing, which will detail, where possible the anticipated time limits for erasure of the different categories of data
- delete or render permanently anonymous special category or criminal convictions data where the Council no longer requires it for the purpose for which it was collected
- ensure that data subjects receive full privacy information about how their data will be handled and that this will include the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
Further information
For further information about the London Borough of Bexley’s compliance with data protection legislation, please contact data.protection@bexley.gov.uk.
Last updated: 12 May 2022
Data Protection Policy
Data protection legislation aims to protect all personal data which is collected, processed, stored and disposed of by an organisation. The Council has a statutory duty to comply with data protection legislation as it processes personal data when conducting its business.
Aim
The aim of this policy is to ensure the London Borough of Bexley (the Council) is compliant with data protection legislation. It supports the Council’s aim in demonstrating a commitment to data protection legislation, preserving the privacy of individuals (data subjects) and developing their trust.
Scope
This policy shall apply to all elected members, Council employees, and any person handling data on behalf of the Council including consultants, volunteers, contractors and suppliers.
Definitions
The following definitions shall apply (as defined by legislation):
Personal data means information which relates to a natural person who can be identified or are identifiable, directly from the information in question or who can be indirectly identified from the information in combination with other information.
Special category data means personal data consisting of information as to:
- race
- ethnic origin
- politics
- religion
- trade union membership
- genetics
- biometrics (where used for ID purposes)
- health
- sex life
- sexual orientation
Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data.
Data subject means an individual who is the subject of personal data.
Data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. A data controller may also act jointly with another organisation to process personal data.
Data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Council Responsibilities
The Council shall ensure that it is registered with the Information Commissioners Office as a Data Controller and designate an Officer to fulfil the role of Data Protection Officer who will have specific authority for ensuring compliance with data protection legislation.
Further responsibilities include:
- individuals processing personal information understand that they are responsible for complying with the data protection principles (see Appendix I)
- individuals processing personal information are appropriately trained to do so
- individuals processing personal information are appropriately supervised
- individuals with enquiries about handling personal information know who to ask
- enquiries about handling personal information are dealt with promptly and courteously
Roles
The Council has designated a number of senior officers to fulfil important data protection leadership roles.
The Senior Information Risk Owner (SIRO)
The SIRO shall be responsible for ensuring everyone handling personal data complies with data protection principles detailed in Appendix I.
The SIRO’s responsibilities can be summarised as:
- leading and fostering a culture that values, protects and uses information for the success of the organisation and the benefit of its customers
- provides a focal point for Owning the organisation’s overall information risk policy and risk assessment processes and ensuring they are implemented consistently by the head of service
- advising the Corporate Leadership Team on the information risk aspects of his/her statement on internal controls
- owning the organisation’s information incident management framework
The email address is SIRO@bexley.gov.uk
Data Protection Officer
The Council have a statutory duty to designate an Officer as the Data Protection Officer.
The Data Protection Officers responsibilities can be summarised as:
- ensure compliance when developing and implementing policies and processes for handling personal data
- foster a data protection culture among employees and communicate personal data protection policies to stakeholders
- manage personal data protection related queries and provide best practice examples
- manage personal data protection related queries and complaints
- alert management to any risks that might arise with regard to personal data
The email address is data.protection@bexley.gov.uk
Caldicott Guardian
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information, enabling appropriate information-sharing and ensuring compliance with the Caldicott Guardian Principles (see Appendix II).
The Caldicott Guardian responsibilities can be summarised as:
- lead and help foster a culture that values, protects and uses information for the public good.
- recognise and embrace their role as ‘conscience’ of the council in relation to personal confidential data.
- assure themselves that the council’s policies and processes governing the processing of personal confidential data in a social care setting are appropriate and proportionate.
- liaise with the IAOs for assets containing social care related personal confidential data and ensure compliance with council policies.
- consider the balance of appropriate data sharing and transparency, and confidentiality.
- have oversight of Information Sharing Agreements (ISAs) covering social care related personal confidential data.
- be available to advise officers on the use of personal confidential data in a social care setting, in line with Council policies.
The email address is caldicott.guardian@bexley.gov.uk
Record Managers
Record Managers manage particular aspects of the authority’s business and as a result they are able to understand and address potential risks to the records they ‘own’ Information Asset Register and to provide assurance to the SIRO concerning the security, confidentiality, integrity, and use of these.
Their specific information governance role includes:
- understanding what information is held
- knowing what is to be added and removed
- knowing how information is moved/transferred
- knowing who has access and why
- ensuring compliance with the relevant legal frameworks, i.e. consent and confidentiality
- policies and procedures are followed
- that actual or potential security incidents are recognised and reported
- information Asset Registers are up to date
Corporate Governance & Improvement Board (CGIB)
CGIB are responsible for corporate oversight and as such monitors compliance with data protection legislation.
Information Governance Group
The Information Governance Group are responsible for coordinating and managing the operational activities detailed in the Annual Data Protection Action Plan. Each Directorate will nominate an information governance lead.
All Staff
All members of staff have a responsibility for ensuring they complete all mandatory training and comply with the Council's information governance policies.
Data Subjects
The Council shall ensure that individuals (data subjects) are able to exercise their rights. These include the right to:
- access their personal information that we hold, using the information request procedure
- rectification of their personal information
- erasure of their personal information (sometimes called the ‘right to be forgotten’)
- object to the processing of their personal information
- data portability allowing individuals to obtain and reuse their personal data for their own purposes
- restrict processing of personal information
- not being subject to a decision based solely on automated decision making including profiling
The Council shall ensure that personal data is accurate (where reasonably possible) and shall investigate any complaint that relates to data accuracy. The Council shall ensure that any objection to the processing of an individual's personal data is investigated. The individual will be advised of the possible consequences of failing to provide personal data.
The Council shall not process personal data about an individual for direct marketing purposes, when the individual has specified he/she does not want direct marketing, e.g. sending unsolicited mail.
The Council shall investigate complaints received regarding how it processes personal data. Complainants shall be referred to the Council’s Complaints procedure in the first instance.
Privacy Impact Assessments (PIA)
Privacy Impact Assessment broadly follows ICO Guidance and is required for all projects, procurement and commissioning activities, that are likely to result in a high risk to the rights and freedoms of the individual(s). The PIA process will assist with identifying risks to the individual(s) and the Council, ensuring compliance with the “privacy by design” concept. Project Managers and Commissioners of services shall consult with data.protection@bexley.gov.uk at an early stage to identify PIA requirements.
Data Security
The Council shall ensure it has information security policies and procedures in place to support the secure processing of personal data.
The Council shall ensure it has effective security controls in place to assist in the prevention of inappropriate disclosure or loss of personal data. Access to personal data shall be strictly controlled.
The Council has established “10 Golden Rules” as an easy way to make sure information is handled in line with the security policies.
Retention and Disposal
The Councils Record Retention Schedule provides consistent instructions for staff who manage records, providing a formal policy for records retention and disposal. Staff are referred to Bexley’s Record Management Policy for a description of record management practice and responsibilities.
Training and Awareness
The Council shall provide mandatory Data Protection (Protecting Information Level 1) training to all Staff (including temporary), consultants and associates. It is also mandatory for Heads of service who have responsibility for information assets, commissioners of services and project managers to complete the advanced training (Protecting Information Level 2).
Staff shall maintain a good awareness of Data Protection and undertake the Information Security and Data Protection refresher module every two years. All Adult Social Care and Public Health staff shall complete data protection training annually in accordance with the NHS, Data Security and Protection Toolkit.
Additional training shall be provided for staff working in specialist roles.
Information Sharing
The Council shall ensure that personal information is shared only when it is lawful and within the provisions of the data protection legislation.
The Council shall ensure that adequate security is in place to protect the data when it is shared with another organisation including the process for secure deletion.
The Council shall ensure that arrangements are in place to provide individuals with access to their personal data.
The Council shall ensure common retention periods for the data are established together with appropriate disposal methods.
The Council shall ensure the secure transfer of personal data between itself and other organisations.
The Council shall ensure that information sharing protocols exist between the Council and partnership agencies such as the Police, the NHS and voluntary organisations.
The Council has established an Information Sharing Agreement Template to ensure a consistent approach to systemic data sharing. The Request for the Disclosure of Personal Data Form shall be used for all one-off requests. Staff shall refer to the Information Sharing Guidance when considering the disclosure of personal data.
Advice shall be sought from the Data Protection Officer prior to sharing personal data with other organisations.
Procurement & Commissioning
Privacy Impact Assessments are completed at Tollgate 2 in order to identify potential risks to both individuals and the Council. Completed Privacy Impact Assessment also serves to inform the contract specification. Project Managers and commissioners will consult with the Data Protection Officer to identify PIA requirements.
Contracts shall include measures to ensure personal data is handled in accordance with data protection principles, supplied for the agreed purposes as set out in the contract, and shall not be used or disclosed for any other reason.
The Council shall ensure that before personal data is shared with a third party as part of a contract appropriate security controls are in place.
Where appropriate an Information Sharing Agreement will be established and as part of contract management, third parties will be required to provide assurances of continued compliance.
Incident Reporting
Staff shall report actual or alleged incidents involving personal data to their manager and the Data Protection Officer as soon as practicable. The Council shall investigate all incidents which involve personal data breaches and where appropriate, report them to the Information Commissioners' Office within 72 hours.
Policy Review
This policy will be reviewed as and when required.
Last updated: 12 May 2022
Additional Restrictions Grant Privacy Notice
How we use your information
We collect your information to help us undertake assessment of applications for the Bexley Additional Restrictions Grant scheme, to enable us to make payments for those successful applications, to provide monitoring information to the funder and to contact you in respect of your application or about any related support which may assist your business.
In doing so, we may collect:
- contact details (name / address / telephone number)
- financial information about your business
- information about staffing in your business
- information about activities of your business
- business bank account details
- copies of business bank statements and recent bills to prove your business address and financial status
- your latest business accounts
- National Insurance Number
- Unique Tax Payer Reference Number
- Company Number / Charities Commission number
- Trade association membership numbers (e.g. ABTA)
- copies of identification documents (e.g. copy of passport photo page or driving license)
The personal information you provide will not be used for any other purpose unless required by law, to prevent or detect crime or to protect public funds.
Length of time we keep your information
We will keep your personal information for 7 years from successful award of the funding (6 years plus the current year). We will keep data on unsuccessful applicants for 6 months only (in case of follow-up queries or complaints).
Sharing your information
We may occasionally need to share your information with other partner organisations that support the delivery of the service you receive. This may include organisations who are contracted to the Council for management of payments.
Your information will be shared with Central Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities, as well as for suspension and/or recovery of the grant where necessary. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared with any third party, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email: ARG@bexley.gov.uk
- or write to:
Economic Development Team
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Kevin Fox, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer:
- by email: data.protection@bexley.gov.uk
- or write to them at:
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Adult Social Care Privacy Notice
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information about you. The information we collect for adult social care is used in accordance with data protection and other relevant legislation. Contact details for the data controller’s representative are:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
What personal information do we process?
When we have contact with you either in person, by phone, email or any other form of communication we may need to collect and store the personal information about you or your family provided so that we can offer the appropriate service. The types of information we require from you will include at a minimum the following personal information, such as:
- name
- address
- date of birth
- national insurance number
- NHS number
- contact information
- telephone number(s)
- email address
As well as Personal Information where applicable, we may collect and share additional information known as ‘Special Categories of Personal Data’ where appropriate including:
- health/social care joint assessment
- professional’s referrals
- race
- gender
- ethnic origin
- religion
- genetics
- sexual orientation
What is the purpose of processing your personal information?
We process personal information to enable us to provide a range of adult social care services:
- to enable us to carry out statutory social care functions which we are legally responsible for
- to allow us to communicate and provide services appropriate to your needs
- gather information which informs planning and service delivery decisions
- where we are legally obliged to undertake data processing prevention and/or detection of fraud and crime
- to process financial transactions such as the Department for Work and Pensions or where the Council is acting on behalf of other Government Bodies including the Department of Health and Social Care
- where necessary to safeguard people to protect them from harm or injury
- conduct research or statistical analysis that allows us to target and plan the provision of services for adults
- to identify residents/users for notifying them of proposed or planned changes to services that may affect them
- to assist the council in responding to emergencies or major accidents. This allows the council, in conjunction with the emergency services, to identify citizens who may need additional support
What are the lawful basis for processing your personal information?
The majority of the Health and Social care information that you provide us will be processed under Lawful Processing Article 6(1)(e) ‘… necessary for the performance of a task carried out in the public interest or in the exercise of official authority …’ and Article 9(2)(h) ‘...medical diagnosis, the provision of health or social care treatment or the management of health and social care systems…’ of the General Data Protection Regulations. Processing in this context means the organisation, retrieval, consultation, use and deletion or destruction of information and its disclosure to other agencies necessary for tasks to be carried out in the public interest or for the provision of health or social care services.
When we share your information between the LB Bexley and NHS services, we will only do this for the provision of your care, when doing so we rely on the following legislation:
- Care Act 2014
- Health and Social Care Act 2012
- Health and Social Care Quality and Safety Act 2015 Section 251b
Who are recipients or categories of recipients of your personal information?
When an adult receives care from Bexley Adult social care we get your information from many sources, but most commonly from you:
- by agreement or request (you volunteer)
- from a carer or other family member.
- safeguarding concerns (so agencies can share information about an individual without their consent)
- referral from another organisation – for example your GP, Hospitals, Community health services.
- referral from the police or fire services
- referral from the voluntary sector
Adult social care will share your information with a number of bodies for the provision of direct care under the processing reasons above.
We will share your details with health bodies such as GPs, community NHS trusts, hospitals and mental health trusts for direct care.
We commission health and social care providers for a range of services such as home care, residential care, residential and nursing care, day care, transport services, mental health services, personal assistants, shared lives and other specialist care services.
We also commission community and residential packages (Learning Disability, Physical Disability and Mental Health) on behalf of Bexley CCG and we make payments on behalf of the CCG. Whilst the CCG may have their own contract with the provider, we commission and manage the package on their behalf using LB Bexley contracts. The CCG does not have access to your information during this process.
We will therefore give the providers of services above access to your personal information to ensure a safe and accurate service can be delivered which is relevant to your needs.
Personal information may also be shared with the following broad category of organisations when we are either permitted to or are required by law:
- Councillors and Members of Parliament
- Other LB Bexley internal teams
- Central Government Departments
- Courts
- Schools and colleges
- Other Health organisations
- Housing Associations and or other registered social landlords
- Other Local authorities
- Police
- London Fire Brigade
- Voluntary sector organisations
Intent to transfer personal information to a third country or international organisation?
Should it be necessary to transfer personal information outside the European Economic Area it will only be transferred to a third country or international organisation which the European Commission has decided has appropriate safeguards, including binding corporate rules.
How long do we keep your personal information?
We will only keep your personal information for as long as we consider that it is necessary to be retained or where there is a legal requirement over a set number of years. We have a Record Retention Schedule (PDF)* which lists how we would intend to keep your personal information.
* This file may not be suitable for users of assistive technology. Request an accessible format
Your individual rights
At any point while we are in possession of or processing your personal data, you, have the following rights:
- the right to access your personal information that we hold about you. To access your personal information see Information requests
- the right to rectification of your personal information
- the right to erasure of your personal information (sometimes called the ‘right to be forgotten’)
- the right to object to the processing of your personal information
- the right to data portability allowing you to obtain and reuse your personal data for your own purposes
- the right to restrict processing of your personal information
- the right to not being subject to a decision based solely on automated decision making including profiling
If you wish to contact us to exercise the rights above please email scip@bexley.gov.uk this is a group email address that is monitored daily.
The right to withdraw consent
Where the legal basis for processing your personal information is consent, you have the right to withdraw that consent at any time by notifying us. As stated we have an explicit legal requirement under the acts above and under GDPR exemptions to share your information with health for the provision of direct care. If you withdraw your consent it may take longer or not be possible to continue to provide you with that service.
The NHS National Data Opt-out
National data opt-outs apply to a disclosure when an organisation, for example a research body, confirms they have approval from the Confidentiality Advisory Group (CAG) for the disclosure of confidential patient information held by another organisation responsible for the data (the data controller) such as an NHS Trust (or for this notice Bexley adult social care).
The CAG approval is also known as a section 251 approval and refers to section 251 of the National Health Service Act 2006 and its current Regulations, the Health Service (Control of Patient Information) Regulations 2002. The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be disclosed without the data controller being in breach of the common law duty of confidentiality.
In practice, this means that the organisation responsible for the information (the data controller) can, if they wish, disclose the information to the data applicant, for example a research body, without being in breach of the common law duty of confidentiality. To be clear - it is only in these cases where opt-outs apply and were Bexley adult social care to have such an agreement in place we would apply the opt-out. Currently no such agreements exist.
Reference - Understanding the national data opt out
The right to lodge a complaint
You have the right to complain to the Information Commissioners Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email casework@ico.org.uk or telephone 0303 123 1113
Bexley Business Survey 2023
How we use your information
We collect your information to help us undertake a needs assessment of support services which can be provided to businesses across the Borough to help them succeed, grow & prosper. The information gathered will help the Council’s Economic Development team develop services and programmes that will then be offered to businesses who complete the survey and who could benefit from such services.
In doing so, we may collect:
- business contact details (name/postcode /email)
- your personal views about your business performance
- information about staffing in your business
- information about activities of your business
- business support you currently benefit from
- personal information regarding equalities (optional)
The personal information you provide will not be used for any other purpose unless required by law, to prevent or detect crime or to protect public funds.
Length of time we keep your information
We will keep your personal information related to this application for 6 months from the date of your survey completion for monitoring purposes, or in case of follow up queries or complaints.
Sharing your information
In delivering the Bexley Business Survey we are partnering with the organisation called The Retail Group Limited who will assist us in gathering responses and providing analysis of the data from a number of businesses in Bexley.
So that the Council can provide an offer of business support, we will need to share information between us. In respect of this project the Retail Group is acting as the Data Processor in respect of your data, but the Council remains the Data Controller. This means that The Retail Group must return or destroy any copies of your data at the end of the project. However, in providing the service.
We may occasionally also need to share your information with other partner organisations that support the delivery of the service you receive. This may include organisations who are contracted to the Council for management of payments.
Your information will be shared with Central Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities, as well as for suspension and/or recovery of the grant where necessary. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email business@bexley.gov.uk
- or write to:
Economic Development Team
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Kevin Fox, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer:
- by email to data.protection@bexley.gov.uk
- telephone 020 8303 7777
- or write to them at:
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Bexley FSB Membership Offer Privacy Notice
How we use your information
We collect your information to help us undertake an assessment of applications for the Bexley FSB Membership Offer (part of the Government’s Additional Restrictions Grant scheme), to enable us to make referrals of potentially eligible applicants to the service provider, to provide monitoring information to the funder and to contact you in respect of your application or about any related support which may assist your business.
In doing so, we may collect:
- contact details (name / address / telephone number)
- financial information about your business
- information about staffing in your business
- information about activities of your business
- National Insurance Number
- Unique Tax Reference Number
- Company Number / Charities Commission number
The personal information you provide will not be used for any other purpose unless required by law, to prevent or detect crime or to protect public funds.
Length of time we keep your information
We will keep your personal information related to this application for 12 months from the date of application for monitoring purposes, or in case of follow up queries or complaints.
Sharing your information
In delivering the Bexley Innovation and Growth Grant scheme we are partnering with the organisation called National Federation of Self Employed and Small Businesses Limited (“FSB”) who will assist us in assessing your application and will, if you are successful, sign you up to membership of their organisation for 12 months.
So that the Council and FSB can provide you with an efficient service, we will need to share information between us. In respect of this project the FSB is acting as the Data Processor in respect of your data, but the Council remains the Data Controller. This means that FSB must return or destroy any copies of your data at the end of the project. However, in providing the service, FSB may ask you to provide them with permission to retain some information already collected about your businesses or additional information they may separately acquire from you. Any personal information collected by them would require your separate consent and FSB would be responsible as Data Controller for the correct handling of this data under Data Protection legislation.
We may occasionally also need to share your information with other partner organisations that support the delivery of the service you receive. This may include organisations who are contracted to the Council for management of payments.
Your information will be shared with Central Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities, as well as for suspension and/or recovery of the grant where necessary. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email business@bexley.gov.uk
- or write to:
Economic Development Team
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Kevin Fox, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer:
- by email to data.protection@bexley.gov.uk
- telephone 020 8303 7777
- or write to them at:
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- Write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Bexley Innovation and Growth Grant Privacy Notice
How we use your information
We collect your information to help us undertake assessment of applications for the Bexley Innovation and Growth Grant (part of the Government’s Additional Restrictions Grant scheme), to enable us to make payments for those successful applications, to provide monitoring information to the funder and to contact you in respect of your application or about any related support which may assist your business.
In doing so, we may collect:
- contact details (name / address / telephone number)
- financial information about your business
- information about staffing in your business
- information about activities of your business
- business bank account details
- copies of business bank statements to prove your business address and financial status
- your latest business accounts
- National Insurance Number
- Unique Tax Reference Number
- Company Number / Charities Commission number
- copies of identification documents (e.g. copy of passport photo page or driving license, utility bill)
The personal information you provide will not be used for any other purpose unless required by law, to prevent or detect crime or to protect public funds.
Length of time we keep your information
We will keep your personal information for 7 years from successful award of the funding (6 years plus the current year). We will keep data on unsuccessful applicants for 6 months only (in case of follow-up queries or complaints).
Sharing your information
In delivering the Bexley Innovation and Growth Grant scheme we are partnering with a contractor called Retail Revival Limited and a contractor called CNT Associates who will both assist us in assessing your application.
So that the Council and our contractors can provide you with an efficient service, we will need to share information between us. In respect of this project Retail Revival Ltd and CNT Associates are both acting as Data Processors in respect of your data, but the Council remains the Data Controller. This means that both contractors must return or destroy any copies of your data at the end of the project.
We may occasionally also need to share your information with other partner organisations that support the delivery of the service you receive. This may include organisations who are contracted to the Council for management of payments.
Your information will be shared with Central Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities, as well as for suspension and/or recovery of the grant where necessary. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email: discretionarygrant@bexley.gov.uk
- or write to:
Economic Development Team,
London Borough of Bexley,
Civic Offices,
2 Watling Street,
Bexleyheath,
DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Kevin Fox, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer:
- by email: data.protection@bexley.gov.uk
- or write to them at:
London Borough of Bexley,
Civic Offices,
2 Watling Street,
Bexleyheath,
DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Blue Badge Services Privacy Notice
We keep this privacy notice under regular review.
Bexley council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
Who we are
Bexley council collects, uses and is responsible for certain personal information about you. When we do so, we are regulated under the United Kingdom General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Kevin Fox.
The Blue Badge service is designed to enable disabled people who have a condition which impacts their mobility to access goods and services by allowing them to park close to their destination.
Under the Chronically Sick and Disabled Persons Act (1970), we have a statutory obligation to maintain a register showing the holders of badges issued by the authority. We are responsible for determining and implementing administrative, assessment and enforcement procedures in accordance with the governing legislation, Disabled Persons (Badges for Motor Vehicles) (England) Regulations 2000, as amended.
The personal information we collect and use
Information collected by us
In the course of delivering the Blue Badge service, we collect the following personal information when you (or others on your behalf) provide it to us:
- name
- date of birth
- contact details
- gender
- place of birth
- National Insurance number
- contact details for members of your family and support network if you wish them to advocate for you
- copies of documents showing your proof of identity (for example, passport, birth certificate)
- copies of documents showing your address (for example, council tax bill, benefit letter, driving licence, pay slips)
- your photograph
- financial information to process your application, if you pay by credit/debit card
We also collect the following special category data:
- medical information you provide in support of your claim
- if applicable, copies of documents showing your eligibility to a benefit which automatically qualifies you for a Blue Badge
We may also obtain your personal information in applications forwarded from GOV.UK where an application is submitted via that website.
How we use your personal information
We use your personal information to:
- create a secure and comprehensive record of your application by uploading the information onto the national Blue Badge Improvement Service database
- assess which criteria your application will be assessed under, either in receipt of an automatically qualifying benefit or being assessed as a discretionary application
- use the information for an Independent Mobility Assessment (IMA) if being assessed as a discretionary application
- process your application to come to an appropriate decision based on the information provided throughout the application process
- facilitate and process any credit/debit card payment
- confirm your Blue Badge status with internal partners to enable passported benefits where any exist
- investigate claims of Blue Badge misuse
- to respond to Blue Badge enquiries from others on your behalf
- work with the Department for Transport, and their service providers where necessary, to improve online application systems
The sharing of information facilitates a joined-up approach with partner agencies to provide you with the best possible customer experience.
How long do we keep your personal information?
We will only keep your personal information for as long as we consider that it is necessary to be retained or where there is a legal requirement over a set number of years. We have a Record Retention Schedule (PDF)* which lists how we would intend to keep your personal information.
* This file may not be suitable for users of assistive technology. Request an accessible format.
Reasons we can collect and use your personal information
For the collecting and use of your personal information we rely on:
- Article 6(1)(b) - processing is necessary for the performance of a contract (for payments made by credit/ debit card)
- Article 6(1)(c) - processing is necessary for compliance with a legal obligation to which the controller is subject
- Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller as the lawful basis on which we collect and use your personal data
For collecting and using your special category data we rely upon:
- Article 9(2)(g) - processing is necessary for reasons of substantial public interest (statutory and government purposes)
- Article 9(2)(h) - processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services
We rely on the health or social care purposes from Schedule 1 of the Data Protection Act 2018 when relying on Article(9)(2)(h) to process your special category data.
We take the following appropriate safeguards in respect of your special category data when relying on the condition above:
- we have an Appropriate Policy for Lawful Processing which explains how the data protection principles are secured when using special category information. This policy is retained throughout the time we use your data and for six months after we cease to use it
- we have a retention schedule which explains how long data is retained
- we maintain a record of our processing in our ‘Record of Processing Activities’ and record for any reasons deviating from the periods in our Retention Schedule
As we have a statutory basis for collecting your personal data, we do not need to ask for your permission to share it, however we will only ever share your data on a basis of need, in line with legislation and will work transparently with you at all times.
If you do not provide your data, we will not be able to process your application.
Who we share your personal information with
In the course of working with you, we may share your personal information with some of the following 3rd parties (non-exhaustive list).
- your name, address, date of birth, contact information and Blue Badge details will be shared with the Cabinet Office for data matching under the National Fraud Initiative
- your name, address, date of birth, contact information and Blue Badge details will be shared with partner agencies to detect, prevent and deter fraud and corruption affecting Bexley’s public services
- internal teams to carry out an Independent Mobility Assessment (IMA), if required
- commissioned providers of local authority services e.g. to manage and process applications
- other local authorities who administer or enforce the Blue Badge service if you move to their area or use the Blue Badge in their area
- others in relation to enquiries raised on behalf of applicants (such as local councillors, family members, voluntary organisations
- partner agencies for the processing of applications
- police for parking enforcement and the prevention and detection of crime
This data sharing enables us to process and safeguard the Blue Badge scheme for yourself and other applicants.
Each organisation listed above will ensure they have the relevant agreements in place to be able to process your personal information.
We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.
We will share personal information with our legal and professional advisers in the event of a dispute, complaint or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
NHS and care services
We have processes in place for considering requests for data disclosures for purposes beyond direct care which is consistent with national data opt-out policy. Our organisation is compliant with the national data opt-out policy.
To find out more about the NHS’ wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit the NHS website. If you do choose to opt out, you can still consent to your data being used for specific purposes.
Your rights
Under the UK GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioners Office
- withdraw consent at any time (if applicable)
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you
- have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the United Kingdom General Data Protection Regulation.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
The right to lodge a complaint
You have the right to complain to the Information Commissioners Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email casework@ico.org.uk or telephone 0303 123 1113
Business support enquiry Privacy Notice
How we use your information
We collect your information to help us undertake an assessment your business’ challenges and opportunities for growth, to enable us to provide free business support to applicants, to provide monitoring information to the funder and to contact you in respect of your application or about any related support which may assist your business.
In doing so, we may collect:
- Contact details (name/address/telephone number) Financial information about your business
- Information about staffing levels in your business
- Information about activities of your business
- Information about challenges your business is facing
- Information about your business’ sector
- Unique Tax Reference Number
- Company Number/Charities Commission number
- Age/Disability/Ethnicity/Gender of your Business’ Ownership
The personal information you provide will not be used for any other purpose unless required by law.
Length of time we keep your information
We will keep your personal information for 7 years from the date of form completion. For businesses who do not continue to engage with the support on offer, we will keep your information for no longer than 3 years from the date of form completion.
Sharing your information
In delivering the Talking Business support programme we are partnering with a number of contractors and external support providers who may assist us in delivering business support services, workshops and training.
So that the Council and our selected contractors and external support providers can provide you with an efficient service, we will need to share information between us. In respect of this project these contractors will act as the Data Processor in respect of your data, but the Council remains the Data Controller. This means our selected contractors and external support providers must return to the Council or destroy any copies of your data at the end of this support project.
We may occasionally also need to share your information with other partner organisations that support the delivery of the service you receive. This may include organisations who are contracted to the Council for management of payments.
Your information will be shared with Central Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email talkingbusiness@bexley.gov.uk
- or write to
Economic Development and Skills Team
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Kevin Fox, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer:
- by email to data.protection@bexley.gov.uk
- telephone 020 8303 7777
- or write to them at London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- or write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Community Safety Services including Bexley Community Safety Partnership
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information about you. The information we collect is used in accordance with data protection and other relevant legislation. Contact details for the data controller’s representative are:
Kevin Fox
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
Kent DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
What personal information do we process?
Personal Information we will process includes:
- name of individual, titles and aliases, date of birth, photographs
- address and contact details such as telephone or mobile numbers, email addresses
Where they are relevant to services we provide, or where you have provided them to us, we may process information such as:
- Gender
- Religious or philosophical beliefs
- Economic, cultural or social identity
The personal data we process may also include sensitive or other special categories of personal data such as:
- criminal conviction
- racial or ethnic origin
- mental and physical health
- details of injuries
- medication/treatment received
- political beliefs
- trade union affiliation
- genetic data
- biometric data
- data concerning sexual life and orientation
Information may be used for some or all of the following:
- to enable us to meet all legal and statutory obligations and powers including any delegated functions
- to carry out comprehensive safeguarding procedures in order to protect vulnerable adults and children from harm or injury
- to prevent and detect fraud, corruption and criminal activity and where necessary for law enforcement functions
We will use this information for the purpose of discussion and to inform action for the following:
- Multi Agency Action Group (MAAG)
- anti-social behaviour case and court files
- mediation Case file referrals
- non-payment of Fixed Penalty Notices
- Gypsy and Traveller Liaison encampment investigations
- information about Serious and Organised Crime Groups
- profiles of Crime Gangs and Associates
- domestic Homicide Reviews
- Channel Panel
What are the lawful basis for processing your personal information?
To carry out Public Authority tasks that are in the public interest.
Most personal data is processed for compliance with a legal obligation which includes the discharge of our statutory functions and powers.
The following lists the Acts and Sections that provide us with a duty to share information to reduce levels of crime and disorder:
- section 27 of the Children Act (1989) - requires a variety of agencies to share information with children’s social care to protect a child who is suffering, or is likely to suffer, significant harm
- section 82 of the NHS Act (2006) - requires NHS bodies and local authorities to work together for the benefit of the health and wellbeing of the population
- section 251 of the NHS Act 2006 - ensures that information that identifies patients and which is needed to support essential NHS activity can be used without the consent of those patients
- section 17 of the Crime and Disorder Act (1998) - sets out the power for a range of agencies to share information for the purposes of preventing crime and disorder
- MAPPA Operating Protocol is used for managing sexual and violent offenders
- MARAC arrangements cover sharing information to allow provision of services by a variety of agencies for victims of domestic abuse
- 2008 Entry Regulations - sets out a duty to allow local Healthwatch authorised representatives to observe health service activities
- The Mental Capacity Act (2005) and associated Code of Practice (2007)
- The Care Act 2014 Section 45 - specifically refers to information sharing
- Counter Terrorism and Security Act 2015
Who we may share your personal data with
We will share personal data with third parties. These third parties have an obligation to put in place the appropriate security measures and may be a data controller that we work with.
If they are a data controller, they will be responsible to you directly for the manner in which they process and protect your personal data.
Third parties who we will share data with include:
- Police
- Probation Services
- Registered Social Landlords
- Fire and Rescue Services
- London Borough of Bexley Children’s Safeguarding
- London Borough of Bexley Adult Safeguarding
- London Borough of Bexley Environmental Services
- London Borough of Bexley Youth Offending Team
- London Borough of Bexley Housing Services
- London Borough of Bexley Council Tax Department
- Councillors and Members of Parliament
- London Borough of Bexley Trading Standards
- London Borough of Bexley Strategy, Performance and Insights Team
- Voluntary and community organisations that are commissioned or provided with grant funding to provide services or interventions
- HMRC
- Home Office
- Ministry of Housing, Communities and Local Government
- GPs
- Mental Health Services such as Oxleas NHS Foundation Trust and MIND in Bexley
- Home Office Approved Intervention Providers
Where do we get your information from?
We will get information from a range of sources:
- referrals from partner agencies such as those listed above in relation to those individuals at risk of ASB, vulnerable people, Safeguarding
- profiles provided by Police intelligence analysts
- details of crime incidents, anti-social behaviour incidents, actions taken so far by agencies, court information relating to individuals
- information regarding neighbour disputes and community conflicts
- ASB diaries
- copies of the original fixed penalty notices
- personal information in relation to specific Environmental Crime offences
- statistics regarding encampments such as location, how many caravans, how many vehicles, date arrived, how many days stayed, powers used to remove and family name
- nomination forms with personal data relating to individuals at risk of radicalisation or groups of people. Specific locations relating to activity of individuals
- Police intelligence or data relating to specific individuals, or groups of people
- data provided by trading standards, environmental health, council tax, or housing
- case notes from health services
- personal date captured in minutes from meetings
Intent to transfer personal information to a third country or international organisation?
Should it be necessary to transfer personal information outside the European Economic Area it will only be transferred to a third country or international organisation which the European Commission has decided has appropriate safeguards, including binding corporate rules.
How long will your personal information be retained?
We may have legal obligations to retain some data in connection with our statutory obligations as a public authority.
We will endeavour to keep information only for as long as it is needed. Information that is no longer relevant will be deleted or destroyed.
Some records will need to be kept for an appropriate retention period in relation to those individuals whose personal information is shared within minutes, agendas and case management.
Will your information be used to make automated decisions?
Origins Software is used by the Strategy, Performance and Insights Team to assist with profiling (evaluate certain characteristics or behaviour related to you).
Your rights
You have a number of rights regarding your personal data, including withdrawing your consent where we have asked for it. You can also ask for a copy of the information we hold about you and ask us to correct anything that is wrong. For detailed information about your rights please see our Corporate Privacy Notice.
The right to lodge a complaint
You have the right to complain to the Information Commissioners Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email casework@ico.org.uk or telephone 0303 123 1113
Dated: January 2020
Coronavirus (COVID-19) Privacy Notice
Who is the data controller for this processing?
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information about you. The information we collect is used in accordance with data protection and other relevant legislation.
Contact details for the data controller’s representative are:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
Whose data are we processing and why?
Groups of people defined on medical grounds as requiring shielding
Personal data is being collected to assess and provide support to adults, children and young people who are in high-risk categories and would be considered vulnerable, if they became infected with the coronavirus.
Citizens requiring emergency support and assistance
Personal data is being collected to assess and provide support to adults, children and young people in this category.
Track and Trace
Personal data belonging to staff, customers and visitors will be collected when working or visiting our premises to support NHS track and tracing for COVID 19. Further information about how your personal information is used by the NHS for test and trace purposes can be found on the NHS Test and Trace website.
Child Protection - information sharing
NHS England has identified a risk that health visitors and school nurses will not receive information about vulnerable children whilst social distancing is in place. Consequently, NHS Digital will provide data from the Child Protection - Information Sharing (CP-IS) system to 0-19 Services about children subject to a Child
Protection Plan, pregnant women with an Unborn Child Protection Plan and children who are designated a Looked After Child, in particular children being cared for under the Children's Act 1989.
Data recorded by the council on CP-IS will be included in the extracts and shared with health visitors and school nurses so that the health and welfare of vulnerable children and young people can be protected during a period where face to face contact with statutory services is reduced. Further details can be found on the Data provision notice on the NHS Digital website.
What personal information do we hold?
We only collect and share the minimum amount of personal information required when providing you with assistance and support. This includes but is not limited to the following:
- information about you - this could include your name, address, date of birth
- national identifiers - such as NHS number, National Insurance number
- financial information - such as your benefit entitlement
- information about your family and social circumstances
- physical or mental health details (where appropriate)
- social care support/involvement
We get most of this information from you, but we may also get some of this data from:
- central government agencies
- other local authorities
- health and social care providers
- police and probation services
- members of the public (referrer)
- commissioned partners
- family members
- local charities and other community support groups
Who else might we share your personal information with?
Sometimes we may need to share your information, but we will only do so where it is necessary or required by law. We will only share the minimum information for each circumstance.
We may sometimes need to share some of your information with:
- health service providers - including NHS agencies (GPs, hospitals, ambulance, health visitor, mental health services, school nurses)
- education providers
- care providers - such as day care, domiciliary, residential
- government agencies - such as Department of Health, Department of Work and Pensions
- support groups for people with disabilities
- local government
- prepaid card providers
- Direct Payment Support Services
- housing associations and organisations supporting
- technology assistance providers
- charities and volunteers, whom are supporting the Councils response to the Coronavirus
What is the legal basis for our use of your personal information?
This includes but is not limited to the following set out within the GDPR:
- Article 6.1(a) – the data subject has given consent
- Article 6.1(b) – processing is necessary for the performance of a contract
- Article 6.1(c) – processing is necessary for compliance with a legal obligation
- Article 6.1(d) – processing is necessary to protect the vital interests of individuals
- Article 6.1(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
For the processing of 'special category data' such as someone’s physical and mental health:
Article 9.2(g) of the GDPR
Processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The processing of special category under Article 9 also requires the following conditions for processing from the UK Data Protection Act 2018 to be met:
- Schedule 1, Part 2 section 6(a), processing is met under the exercise of a function conferred on a person by an enactment
- Schedule 1, Part 1 section 2(1), this condition is met if the processing is necessary for health and social care purposes
Your rights
Further information about your rights and how to exercise them, can be found on our Privacy Notice page.
How long will we keep your personal information?
We will only use your personal information whilst delivering support and assistance to you, unless the law requires us to keep it for a longer period.
Personal data collected to support NHS Track and Trace, will be retained for a period of 21 days.
How to complain
You have the right to complain to the Information Commissioner's Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email casework@ico.org.uk
Telephone 0303 123 1113
Councillors Privacy Notice
As a representative of residents of my ward in the borough of Bexley, I am a Data Controller in my own right. A search of the Member index page will provide you with my contact details.
Personal information can be any information that relates to or identifies a living person. Typically it could include:
- name
- date of birth
- postal address
- email address
- unique id
- telephone number
- debit or credit card details
The law regards some personal information as being in a special category and is given more protection by the law and includes information about an individual’s:
- race
- ethnic origin
- politics
- religion
- trade union membership
- genetics
- biometrics (where used for ID purposes)
- health
- sex life
- sexual orientation
Under the Data Protection Act, because I am your Councillor I am able to use information that you provide for the purpose of dealing with casework and responding to queries on behalf of my constituents. However, it is best practice that I ask for your consent to me using your personal and special sensitive information for that purpose.
I may pass your personal data on to a third party in the course of dealing with you, such as:
- other Councillors and Members of Parliament
- educational establishments
- health organisations
- housing associations and or landlords
- local authorities
- police and voluntary sector organisations.
Unless specifically requested by you, I will only hold your personal data until your casework or policy query has been dealt with.
At any point, while I am in possession of or processing your personal data, you, have the following rights:
- to access personal information that I hold about you
- to rectification of your personal information
- to erasure of your personal information (sometimes called the ‘right to be forgotten’)
- to restrict processing of your personal information
- to object to the processing of your personal information
- to data portability allowing you to obtain and reuse your personal data for your own purposes
You have the right to withdraw consent to me processing your personal data at any time. However, in withdrawing consent it may not be possible to deal with your casework or policy query.
For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit ico.org.uk or email casework@ico.org.uk.
COVID-19 Additional Relief Fund (CARF)
How we use your information
We collect your information to undertake assessment of applications for the Covid19 Additional Relief Fund (CARF), to enable us to apply the appropriate level of relief for successful applications and to contact you in respect of your application or any related support which may assist your business.
In doing so, we may collect:
- contact details (name / address / email / telephone number)
- financial information about your business
- information about staffing in your business
- information about activities of your business
- National Non-Domestic Rates (NNDR) reference related to the premise you occupy
The personal information you provide will not be used for any other purpose unless required by law, to prevent or detect crime or to protect public funds.
Length of time we keep your information
We will keep your personal information for 7 years from successful award of the funding (6 years plus the current year). We will keep data on unsuccessful applicants for 6 months only (in case of follow up queries or complaints).
Sharing your information
So that the Council can provide you with an efficient service, we may need to share your information with partner organisations that support the delivery of the service you receive. This includes Capita Business Services Ltd who are contracted to the Council for management of NNDR (business rates) reliefs and payments.
Your information will be shared with the Government upon request. The information will be used by the Government for monitoring and evaluation purposes, as well as for prevention and detection of fraud and/or other criminal activities, as well as for suspension and/or recovery of the grant where necessary. The Government may share information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities.
Where information is shared, the Council has written agreements and protocols in place to ensure that your data is secure and protected to the same levels that the Council requires.
Your information will at all times be shared and stored in accordance with all relevant data protection requirements such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Individual rights
You have a number of rights under the General Data Protection Regulations and these are set out in detail in the Council’s main Privacy Notice on our website. To exercise these rights, please contact:
- by email dg2@bexley.gov.uk
- or write to Economic Development Team, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT
The Data Controller for your information
The Data Controller for the information you provide for this service is the London Borough of Bexley and the Data Protection Officer is Nick Hollier, Data Protection Officer, London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT.
You can contact the Data Protection Officer
- by email to data.protection@bexley.gov.uk
- telephone 020 8303 7777
- or write to them at London Borough of Bexley, Civic Offices, 2 Watling Street, Bexleyheath, DA6 7AT
The right to lodge a complaint
If you are not happy with how we have handled your personal data, you have the right to contact the Information Commissioner's Office to make a complaint. You can:
- telephone them on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- visit their website at www.ico.org.uk
- Write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Education Services and Inclusion Privacy Notice
This notice explains what personal data (information) we hold about you, how we collect it, how we use it and how we may share information that we hold about you in order to deliver our services. We are required to give you this information under data protection law.
London Borough of Bexley is committed to protecting your privacy when you use our services. The Privacy Notice below explains how we use information about you and how we protect your privacy.
London Borough of Bexley (LBB) complies with data protection legislation (the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) and is registered as a 'Data Controller' (Reg. No. Z7589390).
Who we are
Directorate of Education services London Borough of Bexley.
- early years
- schools and education
- 14 to 19 Services
- special educational needs and disability
- early intervention and specialist support services
- targeted youth service
- youth offending service
- school admissions
- SEN travel assistance
School Inclusion is a statutory service that fulfils the authorities’ duties in respect of children who are reported missing from education, not attending school regularly or are not in receipt of a suitable home education.
The Education Services and Inclusion Teams are statutory services which act to champion the right of all children to receive a high-quality education. They strive to overcome any barriers to learning through skilled problem solving with a range of partners.
Partners fulfil the local authority’s duties in respect of children who are reported as missing from education (CME), not attending school regularly (PMOE) or children who are being educated at home (EHE) and are not receiving a suitable education.
Where children are being electively home educated, Officers work in partnership with parents and carers to ensure that their children receive a suitable education that takes into account their age, ability, aptitude and any special educational needs they may have.
Our Education Welfare team also manages license and permit applications made in connection with children and young people who wish to participate in employment outside of school hours or who are engaging in performance and entertainment activities.
The Bexley School Admissions team supports schools and parents with coordinated and in-year school admissions. The team process applications for Nursery, Primary, Junior and Secondary admission rounds. The Secondary admissions round includes the Bexley Selection test, with registrations beginning in May.
What personal information do we collect to deliver this service?
In the course of delivering these statutory services, we will collect the following personal information (these lists are not exhaustive):
- children’s / young people’s personal information (name, address, date of birth, UPN)
- parent / legal guardian’s personal information (name, address and contact details)
- current and historic school information, including attendance
- school preference information and reason for selection
- family contact details
- sibling information
- GP details
- oversubscription criteria set out in the School Admissions Handbook
- special category information (EHCP and detail of any Special Educational Need)
- registration and outcome of the Bexley Selection Test
We will seek personal information from other sources including:
- other London Borough of Bexley departments
- your GP, in regard to a child’s / young person’s health
- police
- personal references
- schools, colleges and other education institutions
- disclosure and barring service
- official Government services, such as the National Pupil Database and Learning Records Service
We may also need to collect information such as:
- details of payments to schools
- insurance documents
- nursery type
- school bank details
How we collect this data
From 2023 we will be moving to a more efficient and flexible way of collecting the data we require to support our Schools and children within Bexley.
The new collection will use Wonde to gather data from the school systems and transfer it to the Local Authority to update the council's central Education system. More information about Wonde and the DfE can be found on the GOV.UK website.
How your personal information is stored
We hold data securely for the set amount of time detailed in our Records Retention Schedule.
Purpose of collecting this personal information
- assessments
- timely intervention and support
- case closure
- service delivery
- service improvement
- service planning and research
- statutory reporting to Governmental departments
How we use this personal information
- to ensure that the education services directorate fulfils its statutory role
- to identify any safeguarding issues
- to allocate your child a school place based on the oversubscription criteria of the school
- to identify schools that you may have approached for a school place during the school year through the in-year admissions process and record which schools have made an offer
- to facilitate the school admissions appeals for Bexley schools
- to ensure the integrity of the Bexley Selection Test
- to assess the next suitable provision for a child
- to monitor school attendance
- to monitor in year school transfers
- to arrange alternative educational provision if required
- to ensure home education plans provide a suitable and efficient education
- to ensure children are working or performing within permitted parameters
- to monitor and promote participation in education by young people aged 15 to 19 (up to 25 for those with an education, health and care plan)
- to notify other local authorities of a Bexley young person moving to their area so they may adopt and discharge statutory duties to monitor and/or support the young person
How long your personal information is held for
Information collected by the local authority will be stored securely in line with the retention periods shown below, after which time it is archived or securely destroyed unless we are required by law to retain records for longer than the stated retention period. The information will only be used for the purposes stated when it was collected. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.
Category of information | Retention period |
---|---|
All records relating to the creation of childcare sufficiency assessments | Retain from date childcare sufficiency assessment replaced for 3 years |
All records relating to the management of pupils schooled at home | Retain from date of birth of the pupil for 25 years |
All records relating to the provision of educational support to children who are in hospital | Retain from date of birth of the pupil for 25 years |
All records relating to the development and implementation of parenting contracts | Retain from date of birth of the pupil for 25 years |
All records relating to the management of school attendance and truancy | Retain from date of birth of the pupil for 25 years |
All records relating to education consultations | Retain from date of consultation for 7 years |
All records relating to the creation and management of Home School Agreements | Retain from the creation of agreement until the pupil leaves the school |
All records relating to permitted absence from school | Retain from date of absence for 2 years |
All records relating to the creation and implementation of the school bullying and harassment policy | Retain from date policy superseded for 3 years |
All records relating to school pupils | Retain from date of birth of the pupil for 25 years |
School registers of attendance | Retain from date of entry for 3 years |
All records relating to the development, implementation and management of school session times | Retain from academic year records created for 6 years |
All records relating to the development and implementation of school development plans | Retain from date plan superseded for 6 years |
All records relating to the creation, implementation and management of Schools Forums | Retain from year records created for 6 years |
All records relating to the provision of educational support for looked after children | Retain from date of birth for 75 years |
All records relating to the management of employment licences for children - where the licence is not granted | Retain from date of application until licence refused |
All records relating to the management of employment licences for children - where the licence is granted | Retain from the date of birth of the child for 25 years |
All records relating to the allocation of child performance licences | Retain from the date of birth of the child for 25 years |
All records relating to the administration of the Children's Certificate scheme | Retain from date licence expires for 3 years |
Who do we share your personal information with?
- your child’s current school via post or the S2S system
- other Bexley schools including, where necessary, schools that were not named as a preferred school
- selection test providers
- The GOV.UK Notify Service used to send out email and SMS communications on our behalf (information is encrypted and only held for 7 days)
- Government departments including the Department of Education
Why do we share this information?
In order for the service to fully carry out its legal duties and to deliver its service, it is a necessary requirement to share this information.
We will share personal information with law enforcement or other authorities if required by applicable law.
Your rights
Under GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioner’s Office
- withdraw consent at any time (if applicable as this will not be possible in certain circumstances)
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you (if applicable) have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties which will override the requirements of the GDPR. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioners Office (ICO) on individuals' rights under GDPR.
We are required under Section 6 of the Audit Commission Act 1998 to participate in the National Fraud Initiative data matching exercise. The data held will be used for cross-system and cross authority comparison for the prevention and detection of fraud. For further information see National Fraud Initiative.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Where commissioned services process your data on our behalf, we also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Requesting access to your personal information
Under data protection legislation, parents, carers and children have the right to request access to information that we hold on them. To make a request for your personal information please contact:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
Email foi@bexley.gov.uk
Telephone 020 8303 7777
If you have a concern about the way we are collecting or using your personal information, you should raise your concern with us in the first instance. GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted on 03031 231 113. Or see the ICO for further details.
Read our corporate privacy statement for more information.
Contact us
If you would like to discuss anything in this Privacy Notice please contact:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
Email data.protection@bexley.gov.uk
Telephone 020 8303 7777
Electoral Services Privacy Notice
This privacy notice sets out how the Electoral Services Department for the London Borough of Bexley will use and process your information.
The Electoral Registration Officer (ERO) and Returning Officer (RO) are data controllers who collect and use information about residents, candidates, election agents and election and electoral registration staff to enable us to carry out specific functions for which we are statutorily responsible.
What type of information is collected about you?
We keep records about potential and actual electors, voters, citizens, candidates and their agents, staff employed at an election and the people we need to pay. These may be written down or kept on a computer.
These records may include:
- basic details about you - for example, your name, address, date of birth and nationality
- unique identifiers (such as your NI number)
- scanned application forms & dates of any letters of correspondence
- copies or details of proof of identity and eligibility
- notes about any relevant circumstances that you have told us
- your previous or any redirected address
- the other occupants in your home
- if you are over 76 or under 18
- whether you have chosen to opt-out of the Open version of the Register of Electors
- your signature
- contact details including telephone numbers and email addresses
- previous or forwarding addresses
In addition, if you work for the Returning Officer on election duties, or for the Electoral Registration Officer for registration duties, these may also include:
- tax status
- next of kin/emergency contact details
- details of previous employment
If you are a candidate at an election, an appointed agent at an election or a campaigner we may also hold these details:
- political party affiliation
- campaign group affiliation
We need your information for the following services and functions:
Your information will be used for the functions of the Electoral Services Department. The functions of the department are undertaken on behalf of the Electoral Registration Officer (ERO)/Returning Officer (RO) who is a data controller and collects your personal data from you for the purpose of:
- registering your right to vote
- processing any absent (postal or proxy) voting requests
- producing and maintaining an accurate register of electors
- delivering elections and referendums
Who your information may be shared with
To verify your identity, the data you provide on any application form to register to vote will be processed by the Individual Electoral Registration Digital Service (IER-DS) managed by the Cabinet Office. As part of this process, your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service.
You can find more information about this here: https://www.gov.uk/register-to-vote
The Electoral Registration Officer publishes two versions of the register:
1. The Electoral Register lists the names and addresses of everyone who is registered to vote in public elections. The register is used for electoral purposes, such as making sure only eligible people can vote. It is also used for other limited purposes specified in law, such as:
- detecting crime (e.g. fraud)
- calling people for jury service
- checking credit applications
2. The Open Register is an extract of the electoral register but is not used for elections. It can be bought by any person, company or organisation. For example, it is used by businesses and charities to confirm name and address details. Your name and address will be included in the open register unless you ask for them to be removed. Removing your details from the open register does not affect your right to vote.
If you are concerned that having your name or address on the electoral register may affect your safety, there could be other options available to you, such as anonymous registration. In certain limited circumstances, you can register without your name and address showing on the register.
The electoral register is published once a year (usually each December) and is updated on the first working day of each month between January and September. The law restricts who can be supplied with the electoral register, extracts of the electoral register and absent voter records. Details of who can be provided with this data can be found here.
Anyone can inspect the electoral register because it is a public document. Inspection can be made of a hard copy held by Electoral Services. Information is listed in address order for each polling district.
- Inspection of the register is conducted under supervision.
- Hand written notes may be made during inspection, but no copies of photographs of the register are allowed.
- Any information recorded must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open register.
- Anyone who fails to observe these conditions may be charged a penalty of up to £5,000.
We also have to share your information with our software providers and contracted printers for the purpose of carrying out our duties of electoral registration and delivering elections and referendums.
Staffing data may be shared with other Returning Officers and Electoral Registration Officers as appropriate. All staff details will also be shared with the payroll team and HMRC in order to make payments.
Details of candidates, election agents, subscribers to nomination papers and other political campaigners may be published where the law requires.
The legal basis for processing your data
The collection and retention of data from individuals and inspection of other council records is governed by legislation (including):
- Representation of the People Act 1983
- Representation of the People Regulations 2001
- The Electoral Registration and Administration Act 2013
The law makes it compulsory to provide information to an Electoral Registration Officer when requested. This is for the compilation and maintenance of an accurate electoral register.
Records are kept for:
- potential electors who need to register to vote
- non-eligible citizens so we can stop inviting them to register
- electors who have registered to vote
Returning Officers have statutory duties to collect and retain information from:
- candidates and their agents
- staff employed at an election
- voters
This information may be kept in either digital format (i.e. data within a software system or as scanned copies of documents) or hard copy printed format or both.
Housing Services Privacy Notice
What information do we process?
When we have contact with you, we may need to process personal information about you or your family, so that we can offer you the correct and appropriate service. Personal information can be any information that relates to or identifies a living person. The types of personal information we process may include:
Basic personal details
- Name
- Address
- Gender
- Contact details: Email address, telephone number(s)
- Date of birth
- Nationality
- National Insurance Number
Marital status
- Reason why you have contacted us
- Previous contacts that we have had with you
- Details of your current accommodation and household, including keyholder
- Details of family makeup, including next of kin
- Immigration status
As well as personal information, we may need to process additional information, known as special category information. This information is more sensitive and could potentially be used against individuals for unlawful discrimination. The types of special category information we process may include:
Personal characteristics
- Ethnicity
- First language
- Religious beliefs
- Sexual orientation
Financial information
- Proof of income
- Savings
- Investments
- Pension
- Benefits
Medical information (including details of GP, and any other people providing professional support)
- housing needs and risk factors
- proof of housing ownership/occupancy
- physical and mental health factors
- criminal record and offending history*
*The processing of criminal offence data also has additional legal safeguards. Criminal offence data includes information about criminal allegations, criminal offences, criminal proceedings and criminal convictions.
What is the purpose of processing your personal information?
We process information to enable us to provide a range of housing services and to carry out specific functions, including statutory duties and regulatory enforcement for local people and businesses. As such, we may require your information to deliver effective services in the following core areas:
- allocation and administration of social housing
- advice and support around housing options, including:
- residents facing eviction or homelessness
- residents who have no recourse to public funds
- residents with independent living (repairs, equipment, adaptations, etc.)
- provision of accommodation
- homelessness prevention
- assessment and administration of Disabled Grant Applications
- investigating empty properties
- management of our fixed Traveller Site
We may also use your personal information for statutory investigations and inspections, in the following ways:
- housing standards and enforcement, including administering Property Licensing Schemes
- assessing applications for licences, registrations and permits
- investigating environmental and nuisance issues (noise complaints, air quality, pest control, litter, etc.)
- possession orders for unauthorised Gypsy and Traveller encampments
- improving fire safety and prevention
- protecting local assets, amenities and the environment
In addition, we may need to use some personal information about you to:
- monitor and analyse the quality and statistical performance of our services, to seek continuous improvement
- inform decisions on requirements, design and commissioning of services
- help investigate complaints about our services and commissioned services
- comply with government department research and deliver national government programmes and decisions
What are the lawful bases for processing your personal information?
Housing Services process personal data under the following categories of lawfulness, according to the General Data Protection Regulation:
- Article 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Article 6(1)(c) - processing is necessary for compliance with a legal obligation to which the controller is subject
- Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Article 9(2)(b) - processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
- Article 9(2)(g) - processing is necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguards.
The tasks that we carry out where we have a legal obligation or are in exercise of official authority, are required under the following laws:
- Animal Health Act 1981
- Antisocial Behaviour Crime and Policing Act 2014
- Building Act 1984
- Caravan Sites Act 1968
- Caravan Sites Control of Development Act 1960
- Care Act 2014
- Clean Air Act 1956, 1993
- Control of Pollution Act 1974
- Criminal Justice and Public Order Act 1994
- Criminal Justice and Public Order Act 1994
- Environment Act 1995 (Section 108)
- Environmental Protection Act 1990
- Equality Act 2010
- Homelessness Reduction Act 2017
- Housing Acts 1985, 1988, 1996, 2002, 2004
- Housing and Planning Act 2016
- Housing Grants, Construction and Regeneration Act 1996
- Licensing Act 2003
- Local Government (miscellaneous provisions) Act 1976, 1982
- Local Government Act 1972
- Local Government Act 1985
- Local Government Act 2000
- Localism Act 2011
- Performing Animals (Regulations) Act 1925
- Prevention of Damage by Pests 1949
- Public Health (Control of Diseases) Act 1984
- Public Health Act 1936, 1961
- Refuse Disposal Amenity Act 1978
- Town and Country Planning Act 1990
Other legislation may apply. For the full list of functions delegated to officers on behalf of the council, see London Borough of Bexley’s Scheme of Specific Delegations to Officers.
Who are the recipients, or categories of recipients, of your personal information?
We will generally only allow your personal information to be used by those staff within Housing Services who require the data to perform their functions.
In other situations, we only pass personal information about you to people or organisations that have an identifiable need for it. In such a situation, a Data Sharing Agreement will be in place between the London Borough of Bexley and partners, to ensure personal information remains secure and the process remains transparent.
For example, the council has outsourced some of its services in various arrangements, such as:
- joint arrangements with other local authorities
- partly owned (‘arms-length’) companies
- private sector companies commissioned to provide services on our behalf
- collaboration with Registered social landlords
As such, we may need to supply your information to these organisations, in order to ensure an effective service is delivered, relevant to your needs.
Additionally, it can be necessary to share your personal information with other professionals and services, where they can provide additional information and professional opinion to assist us in our decision making, or where service users would benefit from a particular local service. Any information shared with other professionals and services will strictly adhere to this Privacy Notice, with specific regards to purpose and lawful basis.
Similarly, personal information may also be shared with the following broad categories of organisations, when we are either permitted to or are required to, by law:
- banks, credit reference agencies and debt Collection Agencies
- Councillors and Members of Parliament
- Fire Brigade
- government agencies and departments
- health organisations
- Local Government and Social Care Ombudsman (LGSCO)
- other Local Authorities
- police
- prison and court services
- private sector letting companies
- schools and colleges
- voluntary sector organisations
- general public*
Housing Services may also receive information from the parties listed in this section, so that we can carry out our core services and statutory functions. Please note this list is not exhaustive.
*We will provide information to the general public where we have a legal obligation to do so, such as when we receive Freedom of Information (FOI) requests, Subject Access Requests (SAR) and Environmental Information Requests (EIR).
Intent to transfer personal information to a third country or international
organisation?
Should it be necessary to transfer personal information outside the European Economic Area, it will only be transferred to a third country or international organisation which the European Commission has decided has appropriate safeguards, including binding corporate rules.
How long do we keep your personal information?
We will only keep your personal information for as long as we consider that it is necessary to be retained. We maintain an Information Asset Register to manage and keep secure the personal information we hold. We also publish a Record Retention Schedule, which lists how long we intend to keep your personal information.
Your individual rights and further information
At any point while we are in possession of or processing your personal data, you, have the following rights:
- to access the personal information that we hold about you
- to rectification of the personal information that we hold about you
- to erasure of the personal information that we hold about you (sometimes called the ‘right to be forgotten’)
- to object to the processing of the personal information that we hold about you
- to data portability - allowing you to obtain and reuse your personal data for your own purposes
- to restrict the processing of the personal information that we hold about you
- to not be subject to a decision, based solely on automated decision making, such as profiling
The right to withdraw consent
Where the legal basis for processing your personal information is consent, you have the right to withdraw that consent at any time by notifying us. If you withdraw your consent, it may result in Housing Services being unable to provide you with a certain service.
To exercise your right to withdraw consent, please email housingoptions@bexley.gov.uk.
The right to lodge a complaint
You have the right to complain to the Information Commissioners Office at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email: casework@ico.org.uk or Tel: 0303 123 1113
Human Resources Service Privacy Notice
The HR Service collects and processes personal data relating to candidates for employment (for whom a separate privacy notice applies), Council employees and workers (including agency workers and consultants) and elected Members to manage the employment/other relationship and/or to administer payment of salary, allowances or expenses. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
The information we collect
We collect and process a range of information about you. Depending upon whether the individual concerned is a direct employee, worker (including agency workers and consultants) or elected Member this may include:
- your name, address and contact details, including email address and telephone number, date of birth and gender
- the terms and conditions of your employment
- details of your qualifications, skills, experience and employment history, including start and end dates, and dates of continuous service
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
- details of your bank account and national insurance number
- information about your marital status, next of kin, and emergency contacts
- information on dependants where required for pension purposes or child care vouchers or benefits;
- information about your nationality and entitlement to work in the UK
- details of your working arrangements (days of work and working hours) and attendance at work
- details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave
- details of any disciplinary, performance, absence or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence
- information about medical or health conditions, including whether or not you have a disability for which the Council needs to make reasonable adjustments
- details of trade union membership
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
We collect this information in a variety of ways. For example, data is collected through application forms or CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as pension benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, we collect personal data about you from third parties, such as references supplied by former employers and information from Disclosure and Barring checks permitted by law.
Data is stored in a range of different places, including in your personnel file, (details are held electronically on the Council’s DocStor system known as Estor), in the HR management systems (TOPS) and in other IT systems (including the Council’s email system).
Processing personal data
With respect to your employment, the Council may process Special Categories of Personal Data and Criminal Convictions Data for the following purposes:
- assessing your fitness to work;
- complying with health and safety obligations;
- complying with the Equality Act 2010;
- checking your right to work in the UK;
- checking DBS clearance (if relevant to your post);
- checking criminal convictions (where relevant your post);
- verifying your Covid-19 vaccine status (if relevant to your post); and
- verifying that candidates are suitable for employment or continued employment; and
Such processing is required to be in compliance with the UK General Data Protection Regulation (GDPR) Article 5 principles. The processing will be in accordance with the substantial public interest conditions set out in Schedule 1, Part 2 of the Data Protection Act 2018 and the condition for processing employment, social security and social protection data, under Schedule 1, paragraphs 1(1) (b) and 5:
Lawful Processing basis | Processing condition for Special Categories of Personal Data |
---|---|
Data concerning health Compliance with a legal obligation (Article 6 (1)(c)) or necessary for the performance of a contract with the Data Subject (Article 6(1)(b)). |
Necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the Data Subject in connection with employment, social security or social protection. (Paragraph 1(1)(a), Schedule 1, DPA 2018.) |
Racial or ethnic origin data Compliance with a legal obligation (Article 6(1)(c)). |
Necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the Data Subject in connection with employment, social security or social protection. (Paragraph 1(1)(a), Schedule 1, DPA 2018.) |
Criminal Convictions Data Compliance with a legal obligation (Article 6(1)(c)). OR In the organisation’s legitimate interests (Article 6(1)(f)) which are not outweighed by the fundamental rights and freedoms of the Data Subject. |
Necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the Controller or the Data Subject in connection with employment, social security or social protection. (Paragraph 1(1)(a), Schedule 1, DPA 2018.) Meets one of the substantial public interest conditions set out in Part 2 of Schedule 1 to the DPA 2018 (such as preventing or detecting unlawful acts).(Paragraph 10(1), Schedule 1, DPA 2018.) |
Equal opportunity data In the organisation’s legitimate interests (Article 6(1)(f)) which are not outweighed by the fundamental rights and freedoms of the Data Subject. |
Necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained. (Paragraph 8(1)(b), Schedule 1, DPA 2018.) |
The Data Protection Act 2018 outlines the requirement for an organisation to have an Appropriate Policy Document when processing special category data and criminal offence data where substantial public interest conditions in Schedule 1 part 2 of the DPA 2018 is relied on in order to demonstrate compliance with the requirements of Article 5 of the UK GDPR. The Council’s APD can be found on the Job Applicant Privacy Notice (below).
Access to data
Relevant information will be shared internally across the HR Service, your line manager and managers in the service area. Information shared is limited. In respect of data relating to any protected characteristics this is restricted to the HR Service. Where an employee or worker has a disability that requires workplace adjustments relevant information will be provided to the appropriate line managers to comply with this legal obligation. Detailed medical information and records are restricted to the Occupational Health Service.
Occupational Health will, however, provide reports to managers and HR regarding fitness for employment and any measures required to support employees at work that are affected by health conditions.
We share only relevant and necessary data with third parties to the extent necessary in order to undertake pre-employment checks, for example, references and DBS checks. We also share your data to the extent necessary with third parties that process data on our behalf, for example in connection with pension and other benefit provisions. We also share relevant and necessary data with external third parties in order to meet our statutory and regulatory obligations.
The Council is under a duty to protect the public funds it administers and to this end must use the information you provide within its authority for the prevention and detection of crime and fraud. It may also share this information with other bodies administering public funds solely for this purpose.
We will not transfer your data to countries outside the European Economic Area.
Protecting your data
We take the security of your data seriously and have controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except where this is authorised. Where we engage third parties to process personal data on our behalf (for example the administration of pensions), those third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Retaining Data
We will hold your personal data for the duration of your employment. The periods for which your data is held after the end of employment are set out in the Council’s Retention Schedule.
Your rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request
- require us to change incorrect or incomplete data
- require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where we are relying on its legitimate interests as the legal ground for processing
- ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data
If you would like to exercise any of these rights, please contact hradmin@bexley.gov.uk.
You can make a subject access request by completing the form which can be found at the following link https://www.bexley.gov.uk/services/complaints-and-InformationRequests/information-requests.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
Providing personal data
You have some obligations under your employment contract to provide us with data. In particular, you are required to report absences from work and you may be required to provide information about convictions, charges or criminal investigations where these may impact upon your role. You may also have to provide us with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean non-compliance with a contractual obligation and/or that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the Council to enter a contract of employment with you. The failure to provide details of a right to work in the UK will mean that we cannot employ you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Automated decision-making
No employment decisions are based solely on automated decision-making.
Job Applicant Privacy Notice
The HR Workforce Resourcing Team collect and process personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
The information we collect
We will collect and process a range of information about you. Depending upon whether you will be a direct employee or worker (including agency workers and consultants) this may include:
- your name, address and contact details, including email address and telephone number
- details of your qualifications, skills, experience and employment history
- information about your current level of remuneration, including entitlements to benefits such as pensions or insurance cover
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
- information about your entitlement to work in the UK
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief
We collect this information in a variety of ways. For example, data is collected through application forms or CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of your employment (such as pension benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
We will also collect personal data about you from third parties, such as references supplied by former employers and in some cases information from Disclosure and Barring checks permitted by law.
Data is stored in a range of different places, including in your HR file, (details are held electronically on the Council’s DocStor system known as Estor), in the HR management systems (TOPS) and in other IT systems (including the Council’s email system).
Where unsolicited speculative CV’s are received for a role which is not currently being advertised/recruited to, in particular for hard-to-fill roles, we may share this with relevant managers and may hold it on file in line with the Council’s retention schedules.
Processing personal data
We process data in order to make decisions on recruitment and appointments. For candidates that are appointed to the Council please also refer to our Privacy Statement covering employees.
We need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts. For certain positions, it is necessary to carry out Disclosure and Barring checks to ensure that individuals are permitted to undertake the role in question.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the organisation to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
We also process health information to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
Where we process other special categories of data, ie any information related to a protected characteristic such as information about ethnic origin, sexual orientation, health, religion or belief, age, gender or marital status, this is for equal opportunities monitoring purposes.
For some roles, we are obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, we will keep your personal data on file for a period of one year in accordance with the Council’s published retention schedules.
Access to data
Relevant information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and Workforce Resourcing Teams, interviewers involved in the recruitment process, managers in the service area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
Information shared is limited. In respect of data relating to any protected characteristics, this is restricted to the HR Service. Where an applicant has a disability that requires adjustments to the recruitment processes, relevant information will be provided to the recruiting managers to comply with this legal obligation. Detailed and medical information and records are restricted to the Occupational Health Service.
Occupational Health will, however, provide reports to HR regarding fitness for employment and any measures required to support prospective employees who are affected by health conditions for when they commence their employment with us.
We will not share your data with third parties other than sharing relevant and necessary data with former employers to obtain references for you, employment background check providers to obtain necessary background checks, the Disclosure and Barring Service to obtain necessary criminal records checks and any other relevant professional bodies as necessary to undertake pre-employment checks or to fulfil any other statutory requirements.
The Council is under a duty to protect the public funds it administers and to this end must use the information you provide within its authority for the prevention and detection of crime and fraud. It may also share this information with other bodies administering public funds solely for this purpose. We will not transfer your data to countries outside the European Economic Area.
Protecting your data
We take the security of your data seriously and have controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Where we engage third-party recruiters to process personal data on our behalf (for example a recruitment agency), those third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Retaining data
If your application for employment is unsuccessful, the organisation will hold your data on file for one year after the end of the relevant recruitment process. When registering for vacancy alerts, by indicating that you wish to be notified of any future vacancy if you are unsuccessful, you are providing consent to your data being retained for these purposes.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your HR file and retained during your employment for the performance of your employment contract and thereafter the Council’s Privacy Notice relating to employees will also apply.
The periods for which your data is also held during and after the end of employment are set out in the Council’s Retention Schedule.
Your rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request
- require us organisation to change incorrect or incomplete data
- require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where we are relying on its legitimate interests as the legal ground for processing
- ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data
If you would like to exercise any of these rights, please contact hradmin@bexley.gov.uk You can make a subject access request by completing the form which can be found at Complaints and feedback page.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
Providing personal data
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the Council to enter a contract of employment with you. The failure to provide details of a right to work in the UK will mean that we cannot employ you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
Automated decision-making
Recruitment processes are not based solely on automated decision-making.
Appropriate Policy Document
This is the “appropriate policy document” for the London Borough of Bexley that details how the authority will protect special category and criminal convictions personal data.
It meets the requirements at paragraph 1 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document is produced where the processing of special category personal data is necessary for the purposes of performing or exercising obligations or rights which are imposed or
conferred by law on the controller or the data subject in connection with employment, social security or social protection.
It also meets the requirement at paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be
processed for reasons of substantial public interest are set out at paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018.
Procedure for securing compliance
Article 5 of the General Data Protection Principles (GDPR) sets out the data protection principles. The purpose of the policy is to detail the authority’s procedures for ensuring compliance with the principles.
Principle 1
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
The London Borough of Bexley shall:
- ensure that personal data is only processed where a lawful basis applies and where processing otherwise lawful
- process personal data fairly and will ensure that data subjects are not misled about the purposes of any processing
- use Privacy Impact Assessments to ensure that proposed processing is carried out fairly
- ensure that data subjects receive full privacy information so that any processing of personal data is transparent
Principle 2
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
The London Borough of Bexley shall:
- only collect personal data for specified, explicit and legitimate purposes and will inform data subjects what those purposes are in a privacy notice
- not use personal data for purposes that are incompatible with the purpose for which it was collected. If the London Borough of Bexley use personal data for a new purpose that is compatible, it will inform the data subject first
Principle 3
Personal data shall be accurate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The London Borough of Bexley shall:
- collect only the minimum personal data needed for the purpose for which it is collected
- data collected will be adequate and relevant
Principle 4
Personal data shall be accurate and where necessary kept up to date.
The London Borough of Bexley shall:
- ensure personal data is accurate and kept up to date where necessary. Particular care will be taken where use of the personal data has a significant impact on individuals
- where possible carry out data matching exercises
- correct personal data when notified of inaccuracies
Principle 5
Personal data shall be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The London Borough of Bexley shall:
- keep personal data in identifiable form only as long as is necessary for the purpose for which it is collected, unless required otherwise by law
- delete or render personal data, permanently anonymous once no longer needed
- retain and dispose of personal data in line with the Council’s Record Retention Schedule
Principle 6
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The London Borough of Bexley shall:
- ensure that appropriate organisational and technical measures are in place to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage
Accountability principle
The London Borough of Bexley as Data Controller shall be responsible for and be able to demonstrate compliance with the data protection principle. The Data Protection Officer together with both the Senior Information Risk Officer and Caldicott Guardian are responsible for monitoring compliance with these principles.
The London Borough of Bexley shall:
- ensure that records are kept of all personal data processing activities and these are provided to the Information Commissioners Office on request
- carry out a Privacy Impact Assessment for any high-risk personal data processing and consult the Information Commissioners Office if appropriate
- establish internal processes to ensure that personal data is collected, used or handled only in a way that is compliant with data protection legislation
Data
Data Controllers Policies as regards Retention and Disposal of Personal Data
Where special category or criminal convictions personal data is processed, the London Borough of Bexley shall:
- maintain a record of that processing, which will detail, where possible the anticipated time limits for erasure of the different categories of data
- delete or render permanently anonymous special category or criminal convictions data where the Council no longer requires it for the purpose for which it was collected
- ensure that data subjects receive full privacy information about how their data will be handled and that this will include the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
Further information
For further information about the London Borough of Bexley’s compliance with data protection legislation, please email data.protection@bexley.gov.uk
Parking Services Privacy Notice
The London Borough of Bexley is a 'data controller' as we collect and process personal information about you. The information we collect is used in accordance with data protection and other relevant legislation. Contact details for the data controller's representative are:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
Our contact details:
Shared Parking Service of the London Boroughs of Bexley & Bromley
Bromley Civic Centre
Stockwell Close
Bromley
Kent
BR1 3UH
parking.services@bexley.gov.uk
020 3045 3000
The type of personal information we collect
We currently collect and process the following information:
- personal identifiers, contacts and characteristics (for example, name and contact details)
- vehicle registration mark
- personal name and addresses
- business name and addresses
- email addresses
- payment details
- any other relevant information in relation to the issue, processing and recovery of a civil traffic or parking Penalty Charge Notice, including but not limited to, evidence of vehicular breakdown, medical certificates, Police reports, documentary evidence of delivery or collection of goods or items
- any other relevant information relating to the application and processing of any parking dispensation or suspension or parking permit administered by or on behalf of Parking Services
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- to challenge the issue of a civil traffic or parking penalty charge
- to resolve an outstanding debt payable to the Authority in relation to a civil traffic or parking penalty charge
- to serve as supportive evidence in relation to a controlled parking permit issued by or on behalf of Parking Services
Information can be supplied through direct online portal exchange, email, corporate enquiry forms, telephone and face to face exchanges.
We may also receive information from external bodies such as:
- the Driver and Vehicle Licensing Agency
- the Traffic Enforcement Centre
- enforcement agents (engaged on recovery of debt outstanding as a result of the issue of civil traffic or parking penalty charges
- third-party hire or lease companies to support claims that liability has transferred
We use the information that you have given us in order to:
- process and resolve civil traffic and parking penalty charges
- process applications for parking permits or dispensation/suspension requests
We may share this information with:
- London Borough of Bexley Parking Services Officers
- London Borough of Bexley Officers from other Council departments
- our civil traffic and parking service contractor (APCOA)
- enforcement agents tasked with the recovery of debt outstanding in relation to the issue of civil traffic and parking penalty charges
- the Traffic Enforcement Centre at Northampton County Court
- London Councils
- other Local Authorities
- London Tribunals
- cashless parking provider - RingGo
- Videalert
- Traffic enforcement systems (TES)
- Edesix
- European Parking Collection
- law enforcement agencies in connection with any investigation and to prevent unlawful activity
- the National Fraud Initiative
- Imperial Civil Enforcement Solutions
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(c) We have a legal obligation
Under Part 6 of the Traffic Management Act and related statutory guidance and moving traffic legislation, the London Borough of Bexley is required to follow the statutory regulations set down in pursuit of outstanding charges in relation to the issue of civil traffic and parking penalty charges
(e) We need it to perform a public task
Local Authorities have a statutory responsibility to manage the public highway as the relevant highway authority on behalf of and in the best interest of the general public.
Civil traffic and parking enforcement is one required aspect to facilitate the action of managing the public highway.
Management and control of the public highway is also achieved through the provision of parking type permits, including but not limited to; Resident and Business, but also including ad hoc dispensation or suspension requests submitted by members of the public, private contractors and statutory undertakers, as well as others, and Season Tickets for use by regular users of specific borough car parks.
How we store your personal information
Your information is securely stored on secure servers, maintained by Imperial Civil Enforcement Solutions, (the ICT service provider for Parking Services). The servers are located on mainland England and the information can only be accessed by authorised Officers and those that have been authorised to access the information. The information is not transferred outside of the United Kingdom.
Penalty charge debt can be pursued for up to six years from the date of issue in accordance with the Traffic Management Act.
The following types of information will be retained for 1 year after the date of resolution of a civil traffic and parking penalty charge, they will then be redacted:
- registered keeper/vehicle ownership details
- digital images
- video recordings
- scanned images
- letters
- emails
- supportive documents
6 years after the date of resolution of a civil traffic or parking penalty charge all personal data will be removed.
There is a programme within the Notice Processing system that allows for personal data in relation to civil traffic and parking penalty charges to be managed as per above.
Parking Permit personal data as shown below will be retained for 36 months from the date of upload/provision, before it is purged from the Permit solution:
- documentation supplied to support parking permit type applications.
- 72 months after the payment date or from the date the permit is archived, all financial data will be purged
There is a programme within the Parking Permit solution that allows for personal data in relation to the provision of parking permit types to be managed as per the above.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us using one of the methods below if you wish to make a request by:
- completing our Subject Access Request form
- emailing foi@bexley.gov.uk
- phoning 020 3045 4700
- writing to ‘The Complaints and FOI Service, London Borough of Bexley, 2 Watling Street, Bexleyheath, Kent, DA6 7AT’
How to complain
- if you have any concerns about our use of your personal information, you can make a complaint to us at by completing the compliments, complaints and enquiries form
- by email to complaints@bexley.gov.uk (please ensure you quote your address and telephone number to ensure we can handle your complaint appropriately)
- by letter to The Complaints Team, London Borough of Bexley, 2 Watling Street, Bexleyheath, Kent, DA6 7AT
- telephone 020 8303 7777
- in person at the Civic Offices
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Public Health Privacy Notice
All local authorities have a duty to improve the health of the population they serve. To help us do this, we use data from a range of sources including the Office for National Statistics, NHS Digital, Bexley Clinical Commissioning Group hospitals and residents to understand more about the nature and causes of disease and ill-health in Bexley.
The Public Health team at the London Borough of Bexley also have a legal status allowing the processing of personal confidential data for certain public health purposes. The statutory responsibilities for public health services are clearly set out in the Health and Social Care Act 2012. Bexley Council is registered with the Information Commissioners Office (ICO) under the provisions of the Data Protection Act 2018. Any personal information we hold is collected and processed in accordance with the requirements of the Data Protection Act 2018, EU General Data Protection Regulation (GDPR) and the Caldicott Principles.
This Privacy Notice should be read in addition to the Bexley Council Privacy Notice at the top of this page and gives more details about how personal information is collected to improve the health of Bexley residents.
Who do we collect information about?
Bexley Council collects and holds information for public health purposes about all to whom it has a public health duty of care may include:
- residents of Bexley
- people receiving preventative, health, and social care services in Bexley
- people who work or attend school in Bexley
What personal information do we process?
We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Bexley. Broadly these can be described as:
- Special Category data - personal data which is more sensitive including race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation. Depending on the service, the provider may require information about your health or other data which is classed as sensitive. Further information can be found in the Data Protection Act 2018
- Identifiable data - this is personal data that can identify individuals such as name, date of birth, gender, address, postcode and NHS number. Personal information includes expressions of opinion about an individual or any indications of intention in respect of the individual
- Pseudonymised data - this contains information about individuals but with the identifiable details replaced with a unique code. The purpose is to render the data record less identifying and therefore lower customer or patient objections to its use
- Anonymised data - all identifying details are anonymised so individuals cannot be identified
- Aggregated data - data that has been grouped together so that it does not provide information on individuals, only groups of people
Bexley Council Public Health is committed to using pseudonymised or anonymised information as much as is practical, and in many cases, this will be the default position.
What is the purpose of processing your personal information?
Bexley Council Public Health uses personal identifiable information about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:
- control of infection and health protection activities
- management of risks to public health
- organising the National Child Measurement Programme
- organising the NHS Health Check Programme
- organising and supporting the 0 to 19 Children’s Public Health Service (Health visiting and school nursing)
- contract monitoring of adult weight management service to satisfy eligibility is met
- improving health outcomes, evaluating the quality of services and patient experience
Bexley Council Public Health also uses information about residents and users of health care to derive statistics and intelligence for research and planning purposes. In these cases, personal identifiable details are removed as soon as is possible in the processing of intelligence so that individuals cannot be identified from them.
This enables Bexley Council Public Health to carry out specific functions for which it is responsible, such as:
producing assessments of the health and care needs of the population, in particular, to support the statutory responsibilities of the:
- Joint Strategic Needs Assessment (JSNA)
- Director of Public Health Annual report
- Health and Wellbeing Strategy
- identifying priorities for action
- informing decisions on, for example, the design and commissioning of services
- to assess the performance of the local health and care system and to evaluate and develop them
- to report summary statistics to national organisations
- undertaking equity analysis of trends, particularly for vulnerable groups
- to support clinical audits
What are the lawful bases for processing your personal information?
In order to fulfil the local authority public health responsibilities set out in the Health and Social Care Act 2012, Bexley Council has a legal basis to process personal confidential data for certain public health purposes:
- GDPR Article 6(1)(e) Lawfulness of processing - to allow us to perform a public task carried out in the public interest or in the exercise of official authority vested in the controller
- GDPR Article 9(2)(i) Processing of special categories of personal data - for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular, professional secrecy
Information may also be provided directly by you as members of the public to The Council when you sign up to use a service. This is collected in appropriate systems and used to provide or administrate that service. These systems are access controlled, so only relevant employees have access to them. With consent, we may also make referrals to other services, such as a GP from these systems.
If the legal basis for processing is explicit consent, we will need to ensure you are provided with a clear:
- explanation of exactly what is being consented to
- clear "opt-in"
- clear option to withdraw your consent later by use of an "opt-out"
What identifiable data do we collect?
Bexley Council Public Health and our commissioned service providers collect identifiable data for the following public health programmes and services:
- National Child Measurement Programme (NCMP)
- immunisations and control of infection
- drug and alcohol treatment services
- sexual health services
- 0-19 services
- school nursing services
- lifestyle and behaviour change services
- NHS population screening programmes
- public health initiatives
- health and social care use including GP services, hospital services, NHS community services, mental health services, social care services
- business owner names and contact details for the Healthier Catering Commitment
- public health events during which contact details of residents who provide us with feedback from the events are collected.
- Public Health England’s Data Capture System provides an integrated data reporting and analysis system for the mandatory surveillance of:
- Staphylococcus aureus
- Escherichia coli
- Klebsiella spp.
- Pseudomonas aeruginosa bacteraemia
- Clostridium difficile infections
This data is available to Infection prevention and control and health protection professionals to enable the required mandatory surveillance including Post-infection Reviews of clostridium difficile infections and methicillin-resistant staphylococcus (MRSA) bloodstream infections.
Each commissioned provider will collect different data in order to provide each service. The data is likely to be:
- name
- address
- date of birth
- NHS number
- contact phone number
- details of circumstances relevant to the service being provided (for example gender, occupation, ethnicity etc.)
London Borough of Bexley has access to the following data from NHS Digital which is supplied under a Data Sharing Agreement (DSA) and in accordance with Section 42(4) of the Statistics and Registration Service Act 2007 as amended by Section 287 of the Health and Social Care Act 2012, and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
This data is only supplied by NHS Digital under strict license and data disclosure controls.
- Primary Care Mortality Database (PCMD) - the PCMD provides Bexley Council with identifiable mortality data which is based on death registrations. The data includes the address, postcode of residence of the deceased, postcode of the place of death, NHS number, date of birth, date of death, name of certifier, and cause of death but not names. Our access is limited to those deaths which occurred within Bexley’s borders, deaths in Bexley residents and deaths in the registered population of GP Practices within Bexley’s Clinical Commissioning Group.
- Births data tables - this dataset provides Bexley Council with access to identifiable data about the number of births that occur within Bexley (London Borough of Bexley and Bexley Clinical Commissioning Group). It includes the address of usual residence of the mother, place of birth, postcode of usual residence of the mother, postcode of place of birth of the child, NHS number of the child and date of birth of the child but no names
- Vital Statistics tables - this dataset provides Bexley Council with aggregated data which does not identify individuals. It contains data on live and stillbirths, fertility rates, maternity statistics, death registrations and cause of death analysis within Bexley (London Borough of Bexley and Bexley Clinical Commissioning Group).
- Hospital Episode Statistics (HES) - HES is a data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. This data is collected during a patient’s time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data and contains pseudonymised records.
How do we keep information secure?
We are required to comply with the Data Protection Act 2018 to ensure information is managed securely and this is reviewed every year as part of our NHS Data Security and Protection Toolkit assessment (formerly NHS Information Governance Toolkit).
In order to comply with this, Bexley Council Public Health and our commissioned service providers use the following measures:
- any personal identifiable data is sent or received using secure email
- all data is stored electronically on encrypted equipment and is managed using the principles of medical confidentiality and data protection
- the number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all of whom undertake regular training about data protection and managing personal information
- confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations with the permission of the Caldicott Guardian, once the necessary legal basis has been established and data protection safeguards have been verified so that the data is managed and used under the same restrictions. Anyone who receives information from Bexley Council Public Health is also under a legal duty to keep it confidential
- we only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time. Data is permanently disposed of after this period, in line with Bexley Council’s Retention Schedule or specific requirements of the organisation who has shared the data with us
- in relation to the specific NHS Digital datasets described above, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
Who do we share information with?
We will generally only allow your personal information to be used by those Council staff who need the data to perform their functions.
The following are Data Processors collecting information for the purpose of providing Public Health services on behalf of the London Borough of Bexley:
- Bexley Stop Smoking Service
- The Pier Road Project
- Everyone Health
- Adult Weight Management Programme contracted through Slimming World
- GP Practices delivering the NHS Health Checks programme
- Research partners using anonymised personal data
- Public Health England
- Bexley Clinical Commissioning Group (CCG)
- Councillors
- other Local Authorities
- organisations that are commissioned or engaged for specific short-term health projects or initiatives
There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. Your data will not be shared or stored in or be accessible to any country with no UK-equivalent Privacy Law protection.
Your individual rights and further information
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information about you. The information we collect is used in accordance with data protection and other relevant legislation outlined in previous sections.
For more information about how Bexley Council processes your information, including your rights with regards your personal data that we are in possession of or processing, please see the Privacy Notice at the top of this page.
To exercise any of your rights, please contact the Bexley Council Data Protection Team or the Public Health Team using the contact details below:
Postal address:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath, DA6 7AT
data.protection@bexley.gov.uk
020 8303 7777
Postal address:
Public Health
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
Kent DA6 7AT
Email: Public.health@bexley.gov.uk
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest. Further information and independent advice, including complaints, can be found on the Information Commissioner’s Office website.
NHS National Data Opt-out
National data opt-outs apply to a disclosure when an organisation, for example, a research body, confirms they have approval from the Confidentiality Advisory Group (CAG) for the disclosure of confidential patient information held by another organisation responsible for the data (the data controller) such as an NHS Trust (or for this notice Bexley Public Health).
The CAG approval is also known as a section 251 approval and refers to section 251 of the National Health Service Act 2006 and its current Regulations, the Health Service (Control of Patient Information) Regulations 2002. The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be disclosed without the data controller being in breach of the common law duty of confidentiality.
In practice, this means that the organisation responsible for the information (the data controller) can, if they wish, disclose the information to the data applicant, for example, a research body, without being in breach of the common law duty of confidentiality. To be clear - it is only in these cases where opt-outs apply and were Bexley Public Health to have such an agreement in place we would apply the opt-out. Currently, no such agreements exist. Further information about this programme, including how to opt-out, can be found on the NHS Digital website.
Revenues and Financial Assessments Privacy Notice
The London Borough of Bexley is a ‘data controller’ as we collect and process personal information for the purposes of applicable data protection legislation in relation to administering revenue collection (Council Tax, Business Rates, Housing Benefit overpayments, sundry debts, and other fees and charges) and financial assessments such as Housing Benefit and Council Tax Reduction. We may also use your data to help you with an application that you may have made for another Bexley Council service, for example:
- Free School Meals
- Special Guardianship Orders and Adoption Allowances
- Blue Badge (Disabled Persons’ Parking)
- Disabled Facilities Grant
- Discretionary housing payment
- Long-term residential care
- Domiciliary care provided in people’s own homes
- To support and signpost people to other agencies who are homeless or at risk of becoming homeless under our statutory duties
- To identify and refer individuals and families who are most in need that may benefit from the Troubled Families Programme or from additional Gateway Services
What information do we hold?
- your contact details and other persons liable for Council Tax and Business Rates at a property
- contact details for the owner of the property (if this is different)
- your Council Tax and Business Rates liability, discounts and payments made for each financial year
- if you pay by direct debit, we will hold your bank account details
- if you apply for a discount or an exemption, we will hold information concerning the reason for the discount, including the name of the person(s) who it applies to
- if you apply for Council Tax Reduction or other financial assessment, we will hold additional information such as your national insurance number, date of birth, household composition and income details
- your online portal registration details if you register for an online account or e-billing
Who is processing my data?
All personal data we hold is treated as confidential and will be held securely in accordance with data protection legislation. It will only be used for the assessment and collection of Council Tax unless otherwise stated. The Council has contracts with suppliers who may process your data on our behalf and are designated data processors. Contracts include software suppliers, scanning bureau, credit reference agencies, Council Tax administration, Business Rates administration, debt collection and enforcement agents.
Legal basis for processing your data
- our legal obligation(s) under the Local Government Finance Act 1992 (as amended) (to levy and collect council tax)
- our legal obligation(s) for the administration of the council tax reduction scheme under S13A and Schedule 1A of the Local Government Finance Act 1992
- our legal obligation(s) for the administration of council tax under the Council Tax (Administration and Enforcement) Regulations 1992 (as amended)
- our legal obligation(s) for the administration of business rates under the Local Government Finance Act 1988
- our legal obligation(s) under the Social Security Administration Act 1992
- our legal obligation(s) under the Statistics and Registration Service Act 2007 - our legal obligation(s) for the administration of council tax under the Local Government Finance Act 2012 where needed for the performance of a task carried out in the public interest (under the above legislation)
- the exercise of official authority vested in us under the Serious Crime Act 2007 (where needed to disclose information to prevent fraud)
- where needed for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Article 6(1)(e) UK GDPR and section 8(c) Data Protection Act 2018) in-service to section 45A Statistics and Registration Service Act 2007 (SRSA 2007)
- ONS data sharing where processing is necessary for reasons of substantial public interest (Article 9(2)(g) UK GDPR and section 10(3) & Schedule 1, para.6(2)(a) Data Protection Act 2018) justified by section 45A SRSA 2007
- ONS data sharing - processing of data relating to criminal convictions and offences (Article 10 UK GDPR and section 10(5) & Schedule 1, para.6(2)(a) of the Data Protection Act 2018) justified by section 45A SRSA 200
- ONS data sharing - The Council has a duty to protect public funds and prevent and investigate all allegations of fraud and error. This includes the use of powers contained within The Council Tax Reduction Scheme (Detection of Fraud and Enforcement) (England) Regulations 2013
Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information.
How do we use the information we hold about you?
We collect information about you:
- to correctly assess your liability for Council Tax and Business Rates, including entitlement to any discounts, exemptions and reductions
- to recover any Council Tax and Business Rates due
- to allow the Council to communicate with you and to provide services appropriate to your needs including the take-up of relevant services
- to assess any claim you have made with us for financial support (such as Housing Benefit, Council Tax Reduction Scheme etc.)
- to protect public funds, including the prevention and detection of fraud
Who we will share your information with and why?
We will only disclose information to other bodies where it is allowed by law. This includes:
- departments within the London Borough of Bexley for the purpose of holding accurate records in respect of residency or where it is allowed for by law
- your representatives - including but not limited to appointees, Members of Parliament, Councillors, where you have provided consent
- courts - for recovery purposes
- enforcement agents and collections agents authorised to collect debt in accordance with agreed contracts
- credit reference agencies - appointed to undertake debt tracing or verify discounts and exemptions
- other local authorities, in respect of the administration and collection of local taxes
- fraud prevention - including the National Fraud Initiative, and National Anti-Fraud Network
- other contractors - where we have a legal agreement for them to process your data on our behalf
- tribunals and ombudsman - in response to appeals or complaints you have made
- police, law enforcement agencies and prosecuting authorities - for the prevention or investigation of crime
- upon receipt of a Liability Order, we may seek recovery from other bodies including your employer or the Department for Work and Pensions
We will receive information from the following sources:
- other Council Tax payers, Business Rate payers, landlords and elected members
- other local authorities responsible for the administration of local taxation
- Department for Work and Pensions, if you claim Council Tax Reduction or Housing Benefit
- other organisations, including government departments, where we have a legal right to request information or to verify the information you have provided including employers, debt support agencies such as the Citizens Advice Bureau and credit reference agencies
How long do we retain your information for?
Council Tax liability and collection information is retained for financial and audit purposes since April 1993. It is also required if a Council Tax banding is retrospectively changed. Business Rates liability and collection information is retained for financial and audit purposes since 1990. It is also required if a Business Rates liability is retrospectively changed. Applications forms and other information that you provide in respect of Council Tax and Business Rates liability will be retained for a maximum of six years. Information collected in relation to any claim for Housing Benefit or Council Tax Support is retained for 7 years.
Automated processing and decision making
Automated decision making is where an electronic system uses personal information to decide without human intervention. This may occur in certain processes which meet defined criteria. Applications that fail to meet defined criteria will be reviewed manually. If you are not satisfied with a decision, you have the right to ask for the decision to be reviewed. In certain circumstances, you may also be able to make an appeal to an independent tribunal.
Your rights
These rights may be restricted subject to the London Borough of Bexley undertaking its statutory obligations in accordance with The Local Government Finance Act 1992 and other legislation.
Further information is available at the Information Commissioners Office.
If you have a concern about the way that we are collecting or using your personal data, we ask that you contact us in the first instance. Alternatively, you can contact the Information Commissioners Office.
How to contact us?
- If you have any questions about how we collect, store, or use personal data for Council Tax, please email bexley.ctax@secure.capita.co.uk
- If you have any questions about how we collect, store, or use personal data for Business Rates, please email bexley.nndr@secure.capita.co.uk
- If you have any questions about how we collect, store, or use personal data for any other purpose, please email foi@bexley.gov.uk
Contact details for the data controller’s representative are:
Data Protection Officer
London Borough of Bexley
Civic Offices
2 Watling Street
Bexleyheath
DA6 7AT
Email: data.protection@bexley.gov.uk
Last updated 7 December 2023