Updated: 20 October 2022
Our contact details
Name: Data Protection Officer
Address: Time Square, Market Street, Bracknell, RG12 1JD
Phone Number: 01344 352000
Bracknell Forest Council is registered as a controller with the Information Commissioner’s Office (ICO).
You can find us on the ICO website - our registration number is Z4971654.
The type of personal information we collect
We currently collect and process the following information:
- postal address
- email addresses
- date of birth
- telephone numbers
- voice recording
- family details
- lifestyle and social circumstances
- personal appearance and behaviour
- student and pupil records
- religious or philosophical beliefs
- economic cultural or social identity
The personal data we process may also include sensitive or other categories of personal data such as:
- criminal conviction
- racial or ethnic origin
- mental and physical health
- details of injuries
- medication and treatment received
- political beliefs
- biometric data
- data concerning sexual life and orientation
Criminal offence data will be processed under the 28 conditions of Schedule 1 of the Data Protection Act 2018 which are available for the processing of criminal offence data. These are set out in paragraphs 1 to 37.
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- reports of antisocial behaviour which you would like our help to resolve
- support with unhealthy relationships and domestic abuse which you would like to receive counselling for
- safeguarding you if you are a victim of modern slavery or exploitation
We have the data to:
- enable us to meet all legal and statutory obligations and powers including any delegated functions
- carry out comprehensive safeguarding procedures in order to protect vulnerable adults and children from harm or injury
- prevent and detect fraud, corruption, and criminal activity where necessary for law enforcement functions
We also receive personal information indirectly from the following sources in the following scenarios:
- crime and disorder reduction partners including police, registered housing providers, drug and alcohol support, community teams and others
- antisocial behaviour case and court files
- mediation case file referrals
- non-payment of fixed penalty notices
- gypsy and traveller liaison encampment investigations
- channel panel meetings and case files
- information about serious and organised crime groups
- profiles of crime gangs and associates
- domestic homicide reviews
We use the information that you have given us for the purpose of multi-agency resolution of problematic issues or safeguarding of vulnerable people.
Most personal data is processed for compliance with a legal obligation which includes the discharge of our statutory functions and powers.
How the law allows us to use your personal information
The following lists the legal provisions that provide us with a duty to share information to reduce levels of crime and disorder:
- section 27 of the Children Act 1989 - requires a variety of agencies to share information with children’s social care to protect a child who is suffering, or is likely to suffer, significant harm
- section 82 of the NHS Act 2006 - requires NHS bodies and local authorities to work together for the benefit of the health and wellbeing of the population
- section 251 of the NHS Act 2006 - makes sure that information that identifies patients and which is needed to support essential NHS activity can be used without the consent of those patients
- section 17 of the Crime and Disorder Act 1998 - sets out the power for a range of agencies to share information for the purposes of preventing crime and disorder
- MAPPA Operating Protocol is used for managing sexual and violent offenders
- MARAC arrangements cover sharing information to allow provision of services by a variety of agencies for victims of domestic abuse
- 2008 Entry Regulations – sets out a duty to allow local Healthwatch authorised representatives to observe health service activities
- the Mental Capacity Act 2005 and associated Code of Practice 2007
- Section 45 of the Care Act 2014 - specifically refers to information sharing
Lawful basis for processing
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis for processing is Article 6 UK GDPR:
- (a) you have given consent
- (c) processing is necessary for compliance with a legal obligation to which we are subject
- (e) performing a public task
Special category data
Special category data is being processed under Article 9 UK GDPR:
- (a) you have given your consent
- (b) processing is necessary for the purpose of carrying out the obligations and exercising specific rights and appropriate safeguards in the interest of the data subject
- (g) processing is necessary to safeguard the fundamental rights and the interests of the data subject
Where we do use consent to process your personal data, we will explain to you what we are asking you to agree to and why.
If we have consent to use your personal data, you have the right to remove it at any time.
If you want to remove your consent, please email email@example.com and we will deal with your request.
If you remove your consent we are unlikely to be able to provide continued services to you.
Who we share your information with
We may share this information with crime and disorder reduction partners including:
- registered housing providers
- drug and alcohol support
- community teams
- others to carry out public authority tasks that are in the public interest
This is for the purpose of reducing crime and disorder and for safeguarding.
How we store your personal information
Your information is securely stored on UK GDPR-compliant systems. We do not hold paper copies of information.
We keep personal information for a time period of between 3 and 7 years after it is sorted, depending on the type of information.
This is compliant with data protection legislation, including:
- the UK General Data Protection Regulation (2016/679)
- the Data Protection Act 2018
- Freedom of Information Act 2004
- Environmental Information Regulations 2004
- rules and regulations that govern the organisation and with recognised compliance good practices
Data is automatically deleted from our database at the appropriate time.
Retention periods are laid out in the council’s retention and disposal schedule.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Find out more about your right of access from the ICO.
Your right to get your data corrected
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Find out more about your right to get your data corrected from the ICO.
Your right to get your data deleted
You have the right to ask us to delete your personal information in certain circumstances.
Find out more about your right to get your data deleted from the ICO.
Your right to limit how organisations use your data
You have the right to ask us to limit the processing of your information in certain circumstances.
Find out more about your right to limit how organisations use your data from the ICO.
Your right to object to the use of your data
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.
Find out more about your right to object to the use of your data from the ICO.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or for the performance of a contract, and the processing is automated.
Find out more about your right to data portability from the ICO.
Making a request
You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.
To make a request, contact us by emailing: firstname.lastname@example.org
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.
This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.
Our lawful basis for processing this information is article 6(1)(c) of the UK GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.
We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.
Please contact email@example.com should you require service adjustments.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data by:
- visiting the ICO website
- phoning the ICO helpline on 0303 123 1113
- writing to:
- Information Commissioner’s Office
- Information Commissioner’s Office