How we use your information
This privacy notice policy is a general notice for the council, service specific privacy notices are in addition to this and are more detailed.
Our privacy notices explain what to expect when Brent Council collects your personal information. In this notice Brent Council, Brent Civic Centre, Engineers Way, Wembley HA9 0FJ is the data controller as defined by Data Protection legislation.
Brent Council is the data controller, its reference/ registry is Z5621554
The Council’s Data Protection Officer:
Name: Debby Hogan
Phone: 020 8937 1402
Brent Council is committed to maintaining your trust by protecting your personal data. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, email address and IP address are examples of personal data. Brent Council will process your personal data in a transparent and lawful way.
Brent will comply with and be accountable for the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).
We may change this notice from time to time to reflect changes in processing or security updates. We encourage you to periodically review this page for the latest information.
If you have any questions about this notice or if you would like to exercise any rights you may have in relation to your personal data, please contact the Data Protection Officer.
Why we collect and use your personal data
Personal information is collected to enable the Council to provide a range of services to local people and businesses as required to fulfil our duties under UK legislation, statutory or contractual requirement or obligation. This includes:
- maintaining our own accounts and records
- supporting and managing our employees current past and prospective employees and persons contracted to provide a service
- promoting the services we provide
- marketing our local tourism
- carrying out health and public awareness campaigns
- ensuring Trading Standards
- managing our property
- providing leisure and cultural services
- provision of education
- carrying out surveys
- administering the assessment and collection of taxes and other revenue including benefits and grants
- licensing and regulatory activities
- provision of planning and building control
- local and national fraud initiatives
- the provision of social services
- provision of housing services
- provision of library services
- crime prevention and prosecution of offenders including the use of CCTV
- corporate administration and all activities we are required to carry out as a data controller and public authority
- undertaking research
- the provision of all commercial services including the administration and enforcement of parking regulations and restrictions
- the provision of all non-commercial activities including refuse collections from residential properties
- internal financial support and corporate functions
- managing archived records for historical and research reasons
- data matching under local and national fraud initiatives
If you fail to provide the personal data, the Council may not be able to deliver accurate services to you and may take action if it is required to do so by law.
The council is required to maintain a Record Of its Processing Activities (ROPA), covering areas such as processing purposes, data sharing and retention. A copy can be obtained from our Data Protection Officer via email@example.com.
The lawful basis for using your information
We collect and use information under one or more of the following legal bases.
- Legal obligation – we need to process your information to comply with the law
- Public task – we need to process your information to provide you with council services
- Public Interest- we need to process your information when there is a significant public interest in doing so
- Contract – we need to process your information as part of a contract such as contract of employment.
- Vital interest – we need to process you information to protect someone’s life in an emergency.
- Consent – we need your permission to use your information
Where we require consent to use your information, we will make it clear that consent is required and explain how to go about withdrawing your consent.
We will only use your personal data for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original use and purpose. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
The categories of personal data we collect:
The types of information we process include:
- personal details
- family details
- lifestyle and social circumstances
- goods and services
- financial details
- employment and education details
- housing needs
- visual images, personal appearance and behaviour
- licenses or permits held
- student and pupil records
- business activities
- case file information
We also process ‘special’ categories of information that may include:
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life or
- sexual orientation
The GDPR rules for ‘special’ categories of information do not apply to information about criminal allegations, proceedings or convictions. Instead, there are separate safeguards for personal data relating to criminal convictions and offences.
We process personal information about:
- current past and prospective employees, persons contracted to provide a service
- complainants, enquirers or their representatives
- professional advisers and consultants
- children and parents
- students and pupils
- carers or representatives
- recipients of benefits
- offenders and suspected offenders
- licence and permit holders
- traders and others subject to inspection
- people captured by CCTV images
- representatives of other organisations
Who we share your information with:
Where necessary or required we share information with:
- customers, service users and employees
- representatives of customers, service users and employees
- legal representatives
- trade unions
- current past and prospective employers
- healthcare, social and welfare organisations
- educators and examining bodies
- providers of goods and services
- data processors
- local and central government
- ombudsman and regulatory bodies
- financial organisations
- debt collection and tracing agencies
- credit reference agencies
- press and the media
- law enforcement and prosecuting authorities
- international law enforcement agencies and bodies
- courts and tribunals
- housing associations, landlords and tenants panels
- charitable, religious and voluntary organisations
- political organisations
- elected members including members of parliament
- survey and research organisations
Once your information has been collected by the council, it may be used by other council departments, where necessary, to provide a complete service to you. It is for this reason that we link your information together, for example, to save you providing your information more than once.
- The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn.
Where in the world is your information stored?
Brent Council does not process your information with third countries outside of the UK or EU zone without the safeguards being in place that are equivalent to the UK Data Protection legislation or the General Data Protection Regulations (GDPR).
If you fail to provide the personal data, the Council may not be able to deliver accurate services to you and may also take action if it is required to do so by law.
How long do we keep your information?
There’s often a legal and/or business reason for keeping your information for a set period of time, we try to include all of these in our retention schedule. A copy can be obtained from our Data Protection Officer.
We are committed to ensuring that your personal data is secure. To prevent unauthorised access or disclosure, we have put appropriate technical and organisations measures in place to safeguard your information. The council assures this by complying with relevant security best practice standards.
If a data breach does occur, we will do everything in our power to limit the damage and comply with the Information Commissioner’s guidance. In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the remedial actions to prevent any further damage. We will also inform the Information Commissioner’s Office of qualifying data breaches.
Unfortunately, no security measures are completely breach proof. We therefore cannot fully guarantee that your personal data will not be compromised, misused or lost by accident or by the unauthorised acts of others.
The procedures and related standards include limiting access to data on a need to know basis and regularly testing and auditing our security practices and technologies.
Employees and temporary workers are required to follow policies and procedures and complete mandatory annual training to understand data protection and information security.
Brent Council shall process your information in adherence to your individual rights under the data protection legislation.
The right to be informed
This is your right know about how your data is being processed, who it is given to, for what purpose and anything else that guarantees your rights, this is sometimes referred to as a privacy notice or a fair processing notice. This web page provides a summary and both the Record of Processing Activities and the links to the service specific privacy notices gives further details. When you provide information the Council will ensure that you have access to a privacy notice.
The right of access
You have a right to access your personal data and relevant supplementary information. This is known as a Subject Access Request (SAR). Further information can be found at www.ico.org.uk.
You can log in to My Account and submit a SAR request, which allows you to monitor the progress of your request online.
Alternatively you can download and complete a Subject Access Request form. Email your completed form to the Data Protection Officer at firstname.lastname@example.org, or post it to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ. You should receive a response within one month.
Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests as described under the ICO’s SAR code of practice. In this case, we will notify you and keep you updated within the month deadline.
In most cases we cannot charge you a fee to comply with a subject access request. However, where the request is considered manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. We may also charge a reasonable fee if you request further copies of your data following a request. We would base this fee on the administrative costs of providing further copies.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. As we are a large organisation with multiple departments and systems, we may also contact you to ask you for further information in relation to your request to help locate the information you have asked for.
The right to rectification
If you believe that any personal data we are holding about you is incorrect or incomplete, you have the right to request to have your personal data rectified if it is inaccurate or incomplete. We may require evidence from you. In most cases we will delete information, correct information or add additional notes indicating corrections. You can do this by contacting the service area that you are concerned about directly. Otherwise you can make a request by emailing the Data Protection Officer at email@example.com, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ
The right to erasure
This is also known as “the right to be forgotten”. Please note that there are circumstances when your information cannot be erased. This includes situations whereby the council is required to retain information for statutory purposes in accordance with its data retention policy. You can make a request by emailing the Data Protection Officer at firstname.lastname@example.org, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ . You should receive a response with 30 days.
The right to restrict processing
You have a right to request the council to ‘block’ or suppress processing of your personal data. Please note that this may not apply for most of the council’s processes because there is usually a legal duty to process information.
The right to data portability
You have the right to obtain and reuse your personal data for your own purposes. You have the right to receive your personal data in a structured, commonly used and machine-readable format. The Council will assist in the transmission of such data to another entity, upon request, to the extent technically feasible. Note that this right only applies to automated information which you initially provided consent for us to use, or where we need the information to perform a contract for you. You can make a request by emailing the Data Protection Officer at email@example.com, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ.
The right to object to processing
You have the right to object to processing for certain circumstances as listed by the ICO at www.ico.org.uk. You can make a request by emailing the Data Protection Officer at firstname.lastname@example.org, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ
The right to withdraw consent
If you have consented to the processing of your personal data via a consent form or process, you have the right to revoke such consent through a consent withdrawal process. This will be specific to the process you have consented to. If you withdraw your consent, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Rights related to automated decision making including profiling
There are restrictions on automated decisions based solely on automated means without any human involvement. Also there are restrictions on profiling. You can make a an enquiry by emailing the Data Protection Officer at email@example.com, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ
Brent Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of crime. We may also share this information with other bodies that are responsible for auditing or administering public funds including the Public Sector Audit Appointments Ltd, National Audit Office, Financial Reporting Council, Cabinet Office, Department for Work and Pensions, and other local authorities, HM Revenue and Customs, and the Police.
In addition to undertaking our own data matching to identify errors and potential frauds we are required to take part in national data matching exercises undertaken by the National Fraud Initiative. The use of data by the National Fraud Initiative in a data matching exercise is carried out under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned.
Concerns about data protection
If you have a concern about the way we are collecting or using your personal data, we would appreciate the chance to deal with your concerns before making a complaint to the Information Commissioner’s Office by visiting https://ico.org.uk/concerns/. You have the right to make a complaint at any time to the Information Commissioner.
You can raise your concern by emailing the Data Protection Officer at firstname.lastname@example.org, or in writing to the Data Protection Officer, Brent Council, Civic Centre, Engineers Way HA9 0FJ.
Last reviewed October 2020