This privacy statement covers the whole of the Borough of Broxbourne's website. It explains how we collect personal information via our web forms and how we collect information and statistics about the use of our website to improve the service it provides.
Broxbourne Council is committed to keeping your personal data secure and we respect your right to privacy.
This privacy notice explains what personal data we collect from you, the purpose for which it is used, with whom it is shared and how long it is kept.
Personal data – what is it?
Personal data relates to a living individual who can be identified from that data. This can include information that can identify a person when it is put together with other information.
Some of your personal data fits into what are called ‘special categories of personal data’ because it is information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your racial/ethnic origin, political opinion, religious/philosophical beliefs, sexual orientation and information regarding your physical or mental health.
What personal data do we hold?
The type of personal data we collect depends on the Council service(s) you are using, but it may include your:
- Email address
- Phone number
- Debit card details (if you are making a payment to the Council).
Why do we need your personal data?
We may need your personal data in order to:
- Deliver services and support to you
- Manage those services we provide to you
- Help investigate any worries or complaints you have about our services
- Keep track of spending on services
- Check the quality of services
- Help with research and planning new services.
What is our legal basis for using your data?
Our legal basis for holding and using your personal data will depend on the service we are providing to you. Generally, as a public authority, we collect and use personal data where:
- It is necessary to perform our statutory duties
- You have entered into a contract with us
- You, or your legal representative, have given consent
- It is necessary to protect someone in an emergency
- It is required by law
- It is necessary for employment purposes
- You have made your information publicly available
- It is necessary for legal cases
- It is for the benefit of society as a whole
- It is necessary to protect public health
- It is necessary for archiving, research or statistical purposes.
Sharing your personal data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be necessary to share it with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors installing vehicle cross overs/dropped kerbs. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
Sometimes we are bound by law to share data with other organisations, such as Government departments. We may also share your personal data when we feel there is a good reason, such as in relation to the prevention of fraud or detection of a crime, or to protect a child or adult who is thought to be at risk; if they are frail, confused or cannot understand what is happening to them.
How do we protect your personal data?
We take measures to make sure the personal data is secure, whether it’s held on paper or electronically.
Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password)
- Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal data
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal data
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working, including keeping up to date on the latest security updates.
How long do we keep your personal data?
We only keep your personal data for as long as is necessary for the purpose for which it was taken, unless we have a legitimate reason for keeping it (e.g. adhering to a legal requirement to keep the data for a set time period). However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
What are your rights?
Data protection legislation gives you the right to request a copy of the information we hold about you. This is called a Subject Access Request (SAR).
To submit a subject Access Request please email email@example.com. This request must be in writing and clearly specify what information you require.
If you believe the data we hold about you is incorrect, you have the right to request that it is corrected.
If your data is no longer needed for the purpose it was collected, in certain circumstances you have the right to request that this information is deleted (the right to erasure). However, there will be occasions when the Council has a legal duty to retain your data despite your request. We will advise you if this is the case.
You have the right to ask for your personal data to be given back to you or another provider of your choice in a commonly used format. This is called data portability. However, this only applies if we’re using your personal data with consent (i.e. not if we are required by law to use it) and if the decision was made by a computer (automated). It’s likely that data portability won’t apply to most of the services you receive from the Council.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information (e.g. health conditions).
You can request for a restriction to be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data.
You have the right to object to or ask us to stop the processing of your personal data in certain circumstances. However, if this request is approved this may cause delays or prevent us delivering services to you. Where possible, we’ll seek to comply with your request, but we may need to hold or use information because we are required to do so by law.
Data Protection Officer
If you have any concerns, questions, comments or would like further information about data protection, please email the Council’s Data Protection Officer at firstname.lastname@example.org or write to:
Data Protection Officer
For more information on data protection or to lodge a complaint about the way we’ve used your personal data, contact the Information Commissioner’s Office via its website at http://www.ico.org.uk or write to:
Information Commissioner’s Office
We collect information about visitors to our website to help us measure its use. We use this information solely to improve the service the website provides, and the information we gather cannot be used to identify you individually. To get this data we use a product called Google Analytics.
The Google Analytics software uses 'cookies' (small files stored on your computer that hold data about your activity on our website). These are used to gather data about where you go on our site, what links you follow and how long you stay for. They also gather other non-personal information, such as the operating system and screen resolution you are using on your computer.
None of the data collected by this software can be used to identify you personally, and it is aggregated together with the information from other visitors to our site to produce anonymous statistics. It is these statistics - not the information from individual visitors - that gives us a picture of the use of our site.
The design, text, graphics, images, source code and other material on our site is copyright of the Borough of Broxbourne or other third parties.
Copyright and planning applications
Plans, drawings and material submitted to us with planning applications are copyright and protected by the Copyright Acts. You can download copies of plans and drawings from our website (see latest planning information online), but you may only use them to compare current applications with previous schemes, and to check whether developments have been completed in accordance with approved plans. Further copies or any further use must not be made without the prior permission of the copyright owner.
Photographs of people on our website
Before we use photos where people can be individually identified we ask for their permission to use it, or if it is a photo of anyone under 18 we will get permission from the parent or guardian.
We have copyright of Council photos used on this website. These should not be copied or used in any way without our permission.
Protecting the public purse
This Authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The National Fraud Intiative (NFI) run by the Cabinet Office is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The NFI currently requires the Council to participate in a data matching exercise to assist in the prevention and detection of fraud. The Council is required to provide particular sets of data to the NFI for matching for each exercise, and these are set out in the NFI’s guidance, which can be found online at the National Fraud Intiative
The use of data by the NFI in a data matching exercise is carried out with statutory authority under its powers in Part 6 and schedule 9 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.
Data matching by the NFI is subject to a Code of Practice. This may be found online.
For further information on the NFI’s legal powers and the reasons why it matches particular information, visit the National Fraud Intiative.
For further information on data matching at this Authority call 01992 785577.
Related pages on this website