- This Website
- Data Protection
- Covid 19 Privacy Notice - March 2020 (0.09 Mb)
Data Protection - Privacy Notice
Brentwood Borough Council is committed to ensuring that your privacy is protected when you provide information to us.This notice explains how we use personal data and how we protect privacy and security.
As a local authority, the council delivers services to you. To do this in an effective way we will need to collect and use personal information about you. If you use a specific council service, we will usually let you know how that service will use your personal information via a separate privacy notice.
The Data Protection Act 2018 and the EU General Data Protection Regulation 2016 ensure that we comply with six data protection principles. These are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
We will usually seek your consent prior to processing or sharing your information, however, if there is a legal reason, we may not require your consent, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
Categories of personal data
- Personal information relating to individuals which is used to deliver services such as planning, building control matters, access to information requests, legal claims, , claims and complaints, parking services, licensing applications, waste collection, housing applications and more.
- Sensitive information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life.
- Health and wellbeing information. All local authorities have a duty to improve the health of the population they serve. To help with this, we use information from a range of source data.
- Research and statistical data to provide intelligence about Brentwood including demographic data, population projections, the economic situation, health and wellbeing information. This personal information is often pseudonymised when an identifier such as name is replaced with a unique number.
To ensure that the council provides you with an efficient and effective service we will sometimes need to share your information between departments within the council as well as with our partner organisations that support the delivery of the service you may receive, for example:
- Other Councils
- Fire Service
- HM Revenues & Customs
- Department of Work & Pensions
- Health Service Providers
- Voluntary organisations
We may also need to supply your information to organisations we have contracted to provide a service to you. We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do. We will never share your information for marketing purposes. Before sharing information, the council will ensure that:
- Privacy Notices are completed if appropriate
- Technical security such as encryption and access controls are in place to keep information secure.
- Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
- Privacy Impact Assessments are completed to assess any risks or potential negative effects.
- Common retention periods and deletion arrangements are set for the information.
- Subject access rights are catered for.
Ways we protect your information
We will make sure we hold your data in a secure way, and only make it available to those who have a right to see it. This is done by:
- Encryption, meaning that information is hidden so that it cannot be read without a password.
- Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information. This means that someone outside of the Council could work on your information for us without being aware that it is yours
- Controlling access to systems and networks
- Training our staff on how to handle information and how and when to report when something goes wrong
- Regular testing of our systems and ways of working including keeping up to date on the latest security updates.
You can find more details of our Information Security expectations on our online Data Protection Policy.
We will only keep your information for as long as necessary. The retention period is either dictated by law or by our discretion. Once your data is no longer needed it will be securely and confidentially destroyed.
You have certain rights under the Data Protection Act 2018 and the EU General Data Protection Regulations 2016 (GDPR), these are:
- The right to be informed via Privacy Notices such as this.
- The right of access to any personal information the council holds about yourself. To request a copy of this information you must make a subject access request in writing, either via our Subject Access Request Application form or a letter to:
The Data Protection Officer
Corporate Support Service
Brentwood Borough Council
Essex CM15 8AY
- To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.
- Brentwood Borough Council does not charge for making a subject access request. You are entitled to receive a copy of your personal data within one month of our receipt of your subject access request.
- The right of rectification, we must correct inaccurate or incomplete data within one month.
- The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
- The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
- The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
- The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
- You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
Access to the Council's Decision-Making process
Information on the constitution of the council can be found here: Decision Making Process
Access to Council Official Information
Under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 you have a right to request any recorded official information held by the council. The information you require may already be publicly available. The council has a duty to make information available via a publication scheme. Before you submit a request please check that scheme – Brentwood Borough Council Publication Scheme
If you need to make a request, it must be done in writing via one of the methods below:
Post – The Freedom of Information Administrator
Corporate Support Service
Brentwood Borough Council
Essex CM15 8AY
You do not need to say why you want the information. Your request must include your name, and an address for correspondence (if you apply by email, your email address is a suitable address for correspondence). Please ensure you identify the information you want as clearly as possible.
With certain limited exceptions, you are entitled to a response within 20 working days. It costs nothing to make a freedom of information request.
However, you may not get the information you asked for if:
- we do not hold the information you have requested
- the information is exempt from disclosure or if
- finding the information you have requested would take us longer than 18 hours
If we are unable to supply any of the information you have requested, we will tell you the reasons why.
For more details please refer to the Information Commissioner's Office website.
Collecting Information Automatically
Information Security incident
Should you wish to report an information security incident please contact the Council via e mail email@example.com or by telephone on 01277 312500
Complaints, Comments and Compliments
If you wish to make a compliment, comment or complaint about how the council are processing your data, then please visit, send a compliment or comment or make a complaint to the council.
If you are still dissatisfied with how the council have handled your complaint, you may contact the Information Commissioner's Office:
Information Commissioner's Office
Phone: 0303 123 1113 Website:https://ico.org.uk/
If this privacy notice changes in any way, we will place an updated version on our Data Protection web page. By regularly reviewing the page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with others.
Service or Project Specific Privacy Notices
Services using large amount of personal or sensitive (“special category”) information will have their own dedicated privacy notice to tell people what information is being shared. These notices will map out how personal information flows through the service or project and how it is processed.