Data protection privacy notice
As a local authority, the Council delivers services to you. To do this in an effective way we will need to collect and use personal information about you. If you use a specific council service, we will usually let you know how that service will use your personal information via a separate privacy notice.
The Data Protection Act 2018 and the UK General Data Protection Regulation 01 January 2021 ensure that we comply with six data protection principles. These are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
We will usually seek your consent prior to processing or sharing your information, however, if there is a legal reason, we may not require your consent, for example, where the disclosure is necessary for the purposes of the prevention or detection of crime. Where we need to disclose sensitive or confidential information, such as medical details, to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
Categories of personal data
- Personal information relating to individuals which is used to deliver services such as planning, building control matters, access to information requests, legal claims, claims and complaints, parking services, licensing applications, waste collection, housing applications and more.
- Sensitive information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life.
- Health and wellbeing information. All local authorities have a duty to improve the health of the population they serve. To help with this, we use information from a range of source data.
- Research and statistical data to provide intelligence about Brentwood including demographic data, population projections, the economic situation, health and wellbeing information. This personal information is often pseudonymised when an identifier such as name is replaced with a unique number.
To ensure we provide you with an efficient and effective service, we will sometimes need to share your information between departments within the council as well as with our partner organisations that support the delivery of the service you may receive, for example:
- Other Councils
- Fire Service
- HM Revenues & Customs
- Department of Work & Pensions
- Health service providers
- Voluntary organisations
We may also need to give your information to organisations we have contracted to provide a service to you. We will only ever share your information if we're satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do. We will never share your information for marketing purposes. Before sharing information, we will ensure that:
- Privacy Notices are completed if appropriate
- Technical security such as encryption and access controls are in place to keep information secure
- Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise
- Privacy Impact Assessments are completed to assess any risks or potential negative effects
- Common retention periods and deletion arrangements are set for the information
- Subject access rights are catered for
Emails to the Chief Executive and Strategic Directors
As part of our collaborative Strategic Partnership with Rochford District Council, both authorities have agreed to set up joint email accounts for use by our Chief Executive and Strategic Directors. Any emails you send to the Chief Executive’s or Strategic Directors’ Brentwood email addresses will automatically be forwarded to these joint accounts.
The only employees at Rochford District Council with access to these accounts are a small number of Executive Personal Assistants who support the Chief Executive and Strategic Directors. They will only use these joint accounts for the purpose of managing correspondence, diary management and to carry out any other administrative task required to respond with your query.
Our lawful basis for processing these emails is that it is within the legitimate interest of Brentwood Council to share your emails with Rochford District Council in order to co-ordinate, manage and organise correspondence and diaries as part of our Strategic Partnership.
Where we cannot rely on legitimate interest, we will lawfully process data where it is necessary for the performance of a task carried out in the public interest by the Council to deliver its functions.
The emails in the joint accounts will be retained for a period of 1 year and then securely deleted unless the need arises to retain them for longer (for example if they are connected to a longstanding issue or ongoing complaint or under a legal requirement).
Ways we protect your information
We will make sure we hold your data in a secure way, and only make it available to those who have a right to see it. This is done by:
- Encryption, meaning that information is hidden so that it cannot be read without a password
- Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information. This means that someone outside of the Council could work on your information for us without being aware that it is yours.
- Controlling access to systems and networks
- Training our staff on how to handle information and how and when to report when something goes wrong
- Regular testing of our systems and ways of working including keeping up to date on the latest security updates
You can find more details of our Information Security expectations on our online Data Protection Policy (PDF).
We will only keep your information for as long as necessary. The retention period is either dictated by law or by our discretion. Once your data is no longer needed it will be securely and confidentially destroyed.
You have certain rights under the Data Protection Act 2018 and the UK General Data Protection Regulations 2021, these are:
- The right to be informed via Privacy Notices such as this.
- The right of access to any personal information the council holds about yourself. To request a copy of this information you must make a subject access request in writing, using our online form:
or send a letter to:
The Data Protection Officer
Corporate Support Service
Brentwood Borough Council
Essex CM15 8AY
To make sure we can deal with your request as efficiently as possible, you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that show your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you. This may include your previous name and address, date of birth and what council service you were involved with.
- Brentwood Borough Council does not charge for making a subject access request. You are entitled to receive a copy of your personal data within one month of our receipt of your subject access request.
- The right of rectification: we must correct inaccurate or incomplete data within one month
- The right to erasure: you have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information
- The right to restrict processing: you have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
- The right to data portability: we can provide you with your personal data in a structured, commonly used, machine readable form when asked
- The right to object: you can object to your personal data being used for profiling, direct marketing or research purposes
- You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
- The right to withdraw your consent to processing at any time.
Access to our decision-making process
Information on the constitution of the council can be found here: Decision Making Process
Access to official Council information
Under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, you have a right to request any recorded official information held by us. The information you require may already be publicly available. We have a duty to make information available through a publication scheme. Before you submit a request, you should check the Brentwood Borough Council Publication Scheme.
For more information and how to make a request, visit Freedom of Information.
If we're unable to supply any of the information you have requested, we will tell you the reasons why.
For more details, visit the Information Commissioner's Office.
Collecting information automatically
Information security incident
Complaints, comments and compliments
If you want to make a compliment, comment or complaint about how we are processing your data, you can visit the Town hall or send a compliment or comment or make a complaint to the council.
If you are dissatisfied with how we have handled your complaint, you can contact the Information Commissioner's Office:
Information Commissioner's Office
If this privacy notice changes in any way, we will place an updated version on our Data Protection web page. By regularly reviewing the page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with others.
Service or project specific privacy notices
Services using large amount of personal or sensitive (special category) information will have their own dedicated privacy notice to tell you what information is being shared. These notices will map out how personal information flows through the service or project and how it is processed.