Privacy policy
Cheshire West and Chester Council is committed to protecting your privacy when you use our services.
The following privacy policy explains how we use information about you and how we protect your privacy.
We have a Data Protection Officer who makes sure we follow the law. If you have any concerns or questions about how we look after your personal information, please contact them by:
- Online: Contact the DPO
- Post: Data Protection Officer, The Portal, Wellington Road, Ellesmere Port, CH65 0BA
Why do we need your personal information?
When you fill in a form, register online, contact us, apply for a service or interact with us in any way, we will collect the following types of information depending on the service that you want to access
- Information about you, this could include your name, address, date of birth.
- Visual images, personal appearance and behaviour
- National identifiers such as NHS number, National Insurance number etc.
- Information about your family.
- Details about your lifestyle and social circumstances.
- Financial details
- Employment and education details.
- Details about your housing needs.
- The IP address that you accessed any of our online services from
- Case file information
- Criminal proceedings, outcomes and sentences
- Physical or mental health details
- Racial or ethnic origin
- Offences (including alleged offences)
- Religious or other beliefs of a similar nature
We only collect and use personal information if we need it to deliver a service or meet a requirement in order to:-
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- check the quality of services
- to help with research and planning of new services
- prevent and detect crime and fraud
- to review and update the systems on our IT network
If we don’t need to keep your personal information we’ll either keep the information anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details.
If we use your personal information for research and analysis, we’ll always keep your information anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
How the law allows us to use your personal information
There are a number of legal reasons why we are allowed to collect and use your personal information. The reason why we are allowed to use the information is different for different service you access or interact with.
- You, or your legal representative, have given consent for us to use your personal information.
- We need the information because you have entered into a contract with us
- We need to have the information to perform our legal obligations
- We need to have the information to protect someone in an emergency (Vital Interests)
- We are required by law to do something and we need information about you in order to do this (Public Task)
- Is necessary for us to have the information to conduct our legitimate business for non-statutory services (Legitimate Interests)
When we collect data about your race, health (including biometric or genetic data), sex life, sexual orientation, ethnic origin, politics or trade union membership, we also rely on the following lawful basis:
- You provided us with your explicit consent for us to collect and use your special category information.
- We need it for employment, social security or social protection checks
- We need to protect your vital interests in situations where you are incapable for giving consent
- Is necessary for us to have the information to conduct our legitimate business for non-statutory services (Legitimate Interests)
- You have made your information publicly available (In the Public Domain)
- We need to defend a legal claim
- It is to the benefit of society as a whole (Substantial Public Interest) or we need to comply with UK Legislation
- We need it to deliver health or social care services to you
- We need to collect it to protect public health in the public interest
- It is necessary for archiving, research, or statistical purposes
What you can do with your information
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To make a request follow the instructions on the data protection for you section on the Cheshire West and Chester website below.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.
We’ll often complete a data protection impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t often happen, but we may share your information:
- if there are serious risks to the public, our staff or to other professionals;
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
In addition the personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so.
How do we protect your information?
We strive to ensure that the records we hold about you (on paper and electronically) are held in a secure way, and we’ll only make them available to those who have a right to see them.
Examples of our security include:
- Encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’.
- Pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Will your personal information be sent or stored in other countries?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK in order to get to another organisation or if it’s stored in a network outside of the UK
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We’ll take all practical steps to make sure your personal information is not sent to a country that is not deemed ‘safe’ by the UK Governments.
If we need to send your information to a location which is not on the list of locations deemed a ‘safe’ location we’ll always seek advice from the Information Commissioner (ICO) first.
How long do we keep your personal information?
When we collect information about you, we store it for a set period of time depending on legislation, guidelines or codes of practice that specifies the length of the time that records must be kept. Information on this is stored in our Retention Schedules. When no guidance exists, we work with the services within the Council, to determine how long records must be kept. When we develop our retention schedules we take into consideration the requirements of the following overarching pieces of legislation:
- Principle (e) of the General Data Protection Regulation
- Section 46 of the Freedom of Information Act
- Section 22 of the Local Government Act
Where can I get advice?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer online: Contact the DPO or by calling 0752 3515 474.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- Email: casework@ico.org.uk
Cookies
Details of our cookie usage policy, including how to disable them is available on the cookies page of this website.