Coronavirus privacy statement
Updated: 21 July 2021
Our contact details
Name: Data Protection Officer
Address: Time Square, Market Street, Bracknell, RG12 1JD
Phone Number: 01344 352000
The type of personal information we collect
We currently collect and process the following information:
- personal identifiers, contacts and characteristics (for example, name and contact details)
- contact details – for example, title, full name, address, email address, telephone number
- date of birth or age
- proof of identity – this will only be collected where required
- next of kin details
- NHS number or other identification numbers
- date of travel or last visit to high risk countries
- health details relating to your physical or mental health
- financial details for purposes of receiving or making payments
- housing information relating to your council tenancy
- details regarding whether you hold a driver’s licence
- details regarding whether you have a current DBS
- IP address (if using our website)
- location data
The above list is not exhaustive.
It will only be necessary to collect this type of information where it is of relevance to the support and services you need. We will only process data that is absolutely necessary. Any information we collect about you will be strictly in compliance with the data protection law including the General Data Protection Regulations (GDPR).
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- to understand COVID-19 and risks to public health, trends and such risks, and control and prevent the spread of the virus and such risks
to identify and understand information about patients or potential patients with or at risk of the virus, information about incidents of patient exposure and the management of patients with or at risk of COVID-19 including:
for collecting information about and providing services in relation to:
- fitness to work
- medical and social interventions
- to understand information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups, as a direct or indirect result of COVID-19 and the availability and capacity of those services or that care
- to monitor and manage the response to COVID-19 by health and social care bodies and the government including providing information to the public about the virus and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- to deliver services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with the virus, including the provision of information, fit notes and the provision of health care and adult social care services
- for research and planning in relation to COVID-19
The council may use new or existing information that it holds to:
- best support and protect children and individuals at risk
- exercise our health and social care functions
- exercise our public health functions
- carry out future epidemiological analysis
- register individuals as a volunteer
The council will check the information you provide, which may be used to direct you to a suitable voluntary organisation. Your details will be passed to a suitable voluntary organisation who may contact you and request further details.
We also receive personal information indirectly, from the following sources in the following scenarios:
- the information we use about you can be given to us directly by you
- a family member
- central government
- national and local NHS bodies
- Office for National Statistics
- NHS Digital
- other local authorities
How the law allows us to use your personal information
Our lawful basis under GDPR when supporting children and individuals at risk, in relation to this pandemic, include:
- Coronavirus Act 2020
- Care Act 2014
- Children Act 1989
- Children and Families Act 2017
- Homelessness Reduction Act 2017
- Health Service Control of Patient Information Regulations 2002
- section 287 of the Health and Social Care Act 2012
Lawful basis for processing
Under the General Data Protection Regulation (GDPR), the lawful basis for processing is Article 6 GDPR:
- (a) you have given consent
- (c) processing is necessary for compliance with a legal obligation to which we are subject
- (d) in order to protect the vital interests of the data subject
- (e) a task carried out in the public interest
Special category data
Special category data is being processed under Article 9 GDPR:
- (a) you have given your explicit consent
- (c) processing is necessary to protect the vital interests of the data subject whom is physically or legally incapable of giving consent
- (b) employment safeguards and fundamental rights
- (g) processing is necessary for reasons of substantial public interest
- (h) provision of health or social care treatment
- (i) processing is necessary for reasons of public interest in the area of public health
Where we do use consent to process your personal data, we will explain to you what we are asking you to agree to and why.
If we have consent to use your personal data, you have the right to remove it at any time.
If you want to remove your consent, please email email@example.com and we will deal with your request.
If you remove your consent we are unlikely to be able to provide continued services to you.
Who we share your information with
We may share this information with:
- Public Health England
- GP practices
- central government
- other local authorities
- local voluntary partners
- emergency services
- care providers
- contracted suppliers who have been procured or are contracted to provide support and services to our residents
- family, associates or representatives of the person whose personal data we are processing
- healthcare, social and welfare organisations
- healthcare professionals
- mental health care assessors
We will not use your personal data for third party marketing purposes.
How we store your personal information
We make sure that any personal data in our care is kept safe and that where your information is disclosed to a third party, they make sure that they to do the same. We will not use your personal data for third party marketing purposes.
Retention will be considered and published in line with developments of the pandemic.
Data will not be kept for longer than is necessary and is kept in line with the council’s retention and disposal schedule. We will dispose your information by securely destroying any data we hold.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Find out more about your right of access from the ICO.
Your right to get your data corrected
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Find out more about your right to get your data corrected from the ICO.
Your right to get your data deleted
You have the right to ask us to delete your personal information in certain circumstances.
Find out more about your right to get your data deleted from the ICO.
Your right to limit how organisations use your data
You have the right to ask us to limit the processing of your information in certain circumstances.
Find out more about your right to limit how organisations use your data from the ICO.
Your right to object to the use of your data
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.
Find out more about your right to object to the use of your data from the ICO.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Find out more about your right to data portability from the ICO.
Making a request
You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.
Please contact us at firstname.lastname@example.org to make a request.
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.
This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.
Our lawful basis for processing this information is article 6(1)(c) of the GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.
We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.
Please contact email@example.com should you require service adjustments.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how we have used your data by:
- visiting the ICO website
- phoning the ICO helpline on 0303 123 1113
Information Commissioner’s Office
- Information Commissioner’s Office