Our privacy notice

Bracknell Forest Council is a local government authority. We are responsible for delivering services to our residents and businesses in the borough.

The following explains how we use information about you and how we protect your privacy.

Privacy notices are kept under regular review in line with the privacy notices tracker and any updates will be evidenced on these pages.

Your privacy and the protection of your personal information is very important to us. We are committed to following the data protection legislation which includes the:

• UK General Data Protection Regulation 2016/679 (UK GDPR)
• Data Protection Act 2018

These require us to tell people how their personal information is used.

What personal data means

Personal data means any information relating to an identified or identifiable natural person. This person is called the data subject. An identifiable natural person is one who can be identified, directly or indirectly.

Some information is categorised as ‘special’ and needs more protection due to its sensitivity.

It’s often information you would not want widely known and is very personal to you. This includes information relating to:

• sexuality and sexual health
• religious or philosophical beliefs
• ethnicity
• physical or mental health
• trade union membership
• political opinion
• genetic and biometric data

Criminal offence data

Criminal offence data includes information about offenders, suspected offenders in the context of criminal activity, allegations, investigations or proceedings. This will be processed under one or more of the 28 conditions of Schedule 1 of the DPA 2018 which are available for the processing of criminal offence data (set out in paragraphs 1 to 37).

How we get the personal information and why we have it

Most of the personal information we process as a council is provided to us directly by you as individuals. If we received the data from any other sources, this will be identified in the specific privacy notices held on our website.

Why we need your personal information

When you fill in a form, register online, contact us, apply for a service or interact with us in any way, we may collect the following types of information depending on the service that you want to access:

• information about you, this could include your name, address, date of birth
• visual images, personal appearance and behaviour
• national identifiers such as NHS number, National Insurance number
• information about your family
• details about your lifestyle and social circumstances
• financial details
• employment and education details
• details about your housing needs
• the IP address that you accessed any of our online services from
• case file information
• criminal proceedings, outcomes and sentences
• physical or mental health details
• racial or ethnic origin
• offences (including alleged offences)
• religious or other beliefs of a similar nature

We only collect and use personal information if we need it to deliver a service or meet a requirement in order to:

• deliver services and support to you
• manage those services we provide to you
• train and manage the employment of our workers who deliver those services
• help investigate any worries or complaints you have about your services
• keep track of spending on services
• check the quality of services
• to help with research and planning of new services
• prevent and detect crime and fraud
• to review and update the systems on our IT network

If we use your personal information for research and analysis, we will always keep your information anonymous or pseudonymise the information unless you’ve agreed that your personal information can be used for that research.

How the law allows us to use your personal information

There are a number of legal reasons why we are allowed to collect and use your personal information. The reason why we are allowed to use the information is different for different service you access or interact with.

Under the UK General Data Protection Regulation (UK GDPR), Article 6 and 9 provide a basis for which we process your information. These reasons include:

Article 6 UK GDPR

• you, or your legal representative, have given consent for us to use your personal information
• we need the information because you have entered into a contract with us
• we need to have the information to perform our legal obligations
• we need to have the information to protect someone in an emergency (vital interests)
• we are required by law to do something and we need information about you in order to do this (public task)
• it is necessary for us to have the information to conduct our legitimate business for non-statutory services (legitimate interests)

Article 9 UK GDPR

When we collect data about your race, health (including biometric or genetic data), sex life, sexual orientation, ethnic origin, politics or trade union membership, we also rely on the following lawful basis:

• you provided us with your explicit consent for us to collect and use your special category information 
  • explicit consent requires a very clear and specific statement of consent, it must be expressly confirmed in words, rather than by any other positive action
  • you are able to remove your consent at any time by contacting the DPO - this may impact the services we are able to provide to you
• we need it for employment, social security or social protection checks
• we need to protect your vital interests in situations where you are incapable for giving consent
• it is necessary for us to have the information to conduct our legitimate business for non-statutory services (legitimate interests)
• you have made your information publicly available (in the public domain)
• we need to defend a legal claim
• it is to the benefit of society as a whole (substantial public interest) or we need to comply with UK legislation
• we need it to deliver health or social care services to you
• we need to collect it to protect public health in the public interest
• it is necessary for archiving, research, or statistical purposes

We will inform you which legal reason your personal information is processed under within the service specific privacy notices.

Service specific privacy notices

We will let you know through service specific privacy notices what lawful bases we are relying on to perform the service that we are providing.

You can view these on our privacy notices page.

Who we share your information with

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.

Where necessary, we will complete a data protection impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations.

We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t often happen, but we may share your information:

• if there are serious risks to the public, our staff or to other professionals
• to protect a child
• to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them

In addition the personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.

If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.

There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so. 

We also receive personal information indirectly, from the following sources in the following scenarios. This may include personal data not obtained from you. The organisations and third parties include:

• adoption agencies
• advocates or advocacy services 
• agency workers and contractors
• buyers of goods and services
• central government agencies (including but not limited to - DWP, Home Officer, Cabinet Office, Department for Levelling Up, Communities and Housing, Department for Health and Social Care) 
• care homes and care providers
• Children and Family Court Advisory and Support Service
• consultants
• courts and tribunals
• credit reference agencies
• current, past and prospective employers
• customers and service users
• customs and excise
• debt collection and tracing agencies
• educators and examining bodies
• employers participating in the local government pensions scheme
• family, associates or representatives of the person whose personal data we are processing
• financial organisations
• healthcare professionals
• healthcare, social and welfare organisations
• housing associations and landlords
• international law enforcement agencies and bodies
• law enforcement and prosecuting authorities
• legal representatives and defence solicitors
• licensing authorities
• local and central government bodies
• mental health assessors
• ombudsman and regulatory authorities
• other local authorities 
• partner agencies, approved organisations and individuals working with the police
• pensions regulators and pensions authorities
• police complaints authority
• police forces
• political organisations
• press and the media
• prisons and the probation service
• private investigators
• professional advisers and consultants
• professional bodies
• religious organisations
• schools and academies
• security companies
• service providers and other suppliers of goods and services
• students and pupils including their relatives, guardians, carers or representatives
• survey and research organisations
• the disclosure and barring service
• trade unions
• voluntary and charitable organisations
• waste collection authorities

This list is not exhaustive.

We will not share the information you have provided with an outside organisation or use it for another purpose unless we are allowed to do so by law, or in connection with legal proceedings.

We may also share your personal information with outside organisations to:

• prevent and detect crime
• apprehend or prosecute offenders
• assess or collect tax or duty

You can see details of council contracts over £5,000 on DataShare.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Find out more about your right of access from the ICO.

Your right to get your data corrected

You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Find out more about your right to get your data corrected from the ICO.

Your right to get your data deleted

You have the right to ask us to delete your personal information in certain circumstances.

Find out more about your right to get your data deleted from the ICO.

Your right to limit how organisations use your data

You have the right to ask us to limit the processing of your information in certain circumstances.

Find out more about your right to limit how organisations use your data from the ICO.

Your right to object to the use of your data

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.

Find out more about your right to object to the use of your data from the ICO.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.

The right only applies if we are processing information based on your consent or for the performance of a contract, and the processing is automated.

Find out more about your right to data portability from the ICO.

How we protect your information

We strive to make sure that the records we hold about you (on paper and electronically) are held in a secure way, and we will only make them available to those who have a right to see them.

Examples of our security include:

• encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password) 
• pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view
• controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
• training for our staff to make them aware of how to handle information and how and when to report when something goes wrong
• regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)

We only keep your personal information for as long as we need it in line with the council's retention and disposal schedule. We will then dispose your information by safe means.

Personal information sent or stored other countries

Where appropriate safeguards are in place, including International Data Transfer Agreements or Adequacy Agreements we may transfer or store personal data outside the UK. Where this is the case, further information can be found in service specific privacy notices.

Our website

Our website contains links to other websites. This privacy notice applies to this website only. When you link to other websites you should read their own privacy notices.

We are not responsible for the contents or reliability of the linked websites and we do not endorse the views expressed in them. Listing should not be taken as endorsement of any kind. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages.

Service adjustments

As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.

This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.

Our lawful basis for processing this information is article 6(1)(c) of the UK GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.

We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.

Contact us at customer.services@bracknell-forest.gov.uk or 01344 352000 should you require service adjustments.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@bracknell-forest.gov.uk

You can also complain to the ICO if you are unhappy with how we have used your data by:

• visiting the ICO website
• phoning the ICO helpline on 0303 123 1113
• writing to:
  • Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF