Our privacy notice
Bracknell Forest Council is a local government authority. We are responsible for delivering services to our residents and businesses in the borough.
Your privacy and the protection of your personal information is very important to us. We are committed to following the data protection legislation which includes the:
- General Data Protection Regulation 2016/679 (GDPR)
- Data Protection Act 2018
These require us to tell people about how their personal data is used.
This includes information collected:
- at the registration of a birth
- client or customer use of provider services that we have commissioned
Although not direct health care, this helps us to understand more about the health and care needs of the populations in our area.
We can use the data to measure the health, mortality, morbidity and care requirements of our population. This allows us to plan and deliver health and care services in a coordinated and efficient way.
We may share your data internally with other departments in the council to effectively deliver our services.
1. How to contact us
If you have any enquiries about this privacy notice, you can contact our Data Protection Officer (DPO) by:
- email: email@example.com
- phone: 01344 352000
Or you can write to:
Data Protection Officer
Bracknell Forest Council Delivery – Legal Services
Bracknell Forest Council is registered as a controller with the Information Commissioner’s Office (ICO).
You can find us on the ICO website - our registration number is Z4971654.
2. Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this page.
3. The purpose of this privacy notice
The purpose of this privacy notice is to explain how we collect, hold, use and protect your personal data and to explain your rights.
4. Service specific privacy notices
We will let you know through service specific privacy notices what lawful bases we are relying on to perform the service that we are providing.
You can view these on our privacy notices pages.
5. What personal data means
Personal data means any information relating to an identified or identifiable natural person. This person is called the data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:
- a name
- an identification number
- location data
- an online identifier
They may also be identified by one or more factors specific to:
- social identity
Different pieces of information, which collected together can lead to the identification of a particular person, will also constitute personal data.
Examples of personal data include:
- name and last name
- home address
- email address - such as firstname.lastname@example.org
- identification card number
- location data - for example the location data function on a mobile phone
- Internet Protocol (IP) address
- cookie ID
- advertising identifier on a phone
- data held by a hospital or doctor, which could be a symbol that uniquely identifies a person
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.
It includes information about:
- ethnic origin
- political opinion
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data (where used for ID purposes)
- health data
- sex life
- sexual orientation
6. Types of personal data that we collect
We may collect the following types of personal data to carry out our functions and activities:
- family details
- goods and services
- lifestyle and social circumstances
- financial details
- employment and educational details
- housing needs
- visual images including CCTV images
- personal appearance and behaviour
- licences or permits held
- student and pupil records
- business activities
- case file information
- birth and death data
- physical or mental health details
- racial or ethnic origin
- details of any trade union membership
- political affiliation
- political opinions
- any offences
- religious or other beliefs of a similar nature
- any criminal proceedings, outcomes and sentences
- details of sexual life
We may collect and share data:
- for law enforcement data purposes
- the purposes of investigation and prosecution of criminal offences as defined in section 31 of the Data Protection Act 2018
- to carry out our services
7. How we collect personal data
You directly provide us with most of the personal data we collect.
We collect personal data and process personal data when you:
- register for and use our services
- visit our website
- register for an online account
- make an enquiry or complaint
- make a freedom of information request
- make an environmental information regulation request
- exercise your rights under the GDPR
- apply for jobs in your capacity as current or former employees
- are recorded on our CCTV cameras
Please note that this list is not exhaustive.
8. We may use personal data to carry out our functions and activities
We may use personal data to carry out our functions and activities.
- assessment or collection of any tax or duty
- bin collection and recycling
- Blue Badge Scheme
- carrying out audits and surveys
- children and family services
- compliance with legal requirements or court orders
- council tax
- crime and emergencies
- crime prevention, detection and apprehension or prosecution of offenders
- data matching under local and national fraud prevention initiatives
- deaths, funerals and cemeteries
- democratic services
- electoral services and voting
- emergency planning
- environmental health services
- environmental services - for example flood risk planning
- health and social care
- highway functions
- housing benefits
- law enforcement functions which may result in criminal investigations or prosecutions
- legal proceedings and legal advice
- leisure services
- library services
- outdoor activities
- parks and countryside events
- planning and building control
- planning functions
- press and media
- public health functions
- recruitment and employment of staff
- registration services
- responding to councillor enquiries
- road, parking and transport
- schools and learning
- street cleaning
- tenders and contracts
- universal credit
Please note that this list is not exhaustive.
9. Sharing data with other organisations or third parties
We may share with and receive personal data from other organisations or third parties.
This may include personal data not obtained from you, see point 11 below.
The organisations and third parties include:
- adoption agencies
- agency workers and contractors
- buyers of goods and services
- care homes and care providers
- Children and Family Court Advisory and Support Service
- courts and tribunals
- credit reference agencies
- current, past and prospective employers
- customers and service users
- customs and excise
- debt collection and tracing agencies
- educators and examining bodies
- employers participating in the local government pensions scheme
- family, associates or representatives of the person whose personal data we are processing
- financial organisations
- healthcare professionals
- healthcare, social and welfare organisations
- Home Office
- housing associations and landlords
- international law enforcement agencies and bodies
- law enforcement and prosecuting authorities
- legal representatives and defence solicitors
- licensing authorities
- local and central government bodies
- mental health assessors
- ombudsman and regulatory authorities
- partner agencies, approved organisations and individuals working with the police
- pensions regulators and pensions authorities
- police complaints authority
- police forces
- political organisations
- press and the media
- press and the media
- prisons and the probation service
- private investigators
- professional advisers and consultants
- professional bodies
- religious organisations
- schools and academies
- security companies
- service providers and other suppliers of goods and services
- students and pupils including their relatives, guardians, carers or representatives
- survey and research organisations
- the disclosure and barring service
- trade unions
- voluntary and charitable organisations
- waste collection authorities
Please note that this list is not exhaustive.
We will not share the information you have provided with an outside organisation or use it for another purpose unless we are allowed to do so by law.
We may also share your personal information with outside organisations to:
- prevent and detect crime
- apprehend or prosecute offenders
- assess or collect tax or duty
Also, we may share your personal information where we are required by law or in connection with legal proceedings.
10. Sharing data with contractors
We may share your personal data with contractors who carry out functions on our behalf.
You can see details of council contracts over £5,000 on DataShare.
11. When we can use your personal data
We will ask you for or hold your personal data to provide you with services as found on this website.
We also provide communication newsletters where you have asked us to let you know about activities. In these instances we need your consent. You can ask us to remove you from this type of email list when the service is discretionary.
Data protection law allows the council to use or share personal data in any of the following circumstances.
We will use your personal data with consent when:
- we have your consent (or that of your appointed representative)
- we have your explicit consent (or that of your appointed representative)
You can contact us to remove your consent at any time.
We will use your personal data without consent when we can rely on one or more of the following lawful bases.
Where we have entered into a contract with you, or on your request to us asking us to process your personal data before entering into a contract with you.
Where we are under a legal obligation that requires us to process your personal data.
Where we are carrying out a public task in the public interest or carrying out a public task.
Where we need to protect your or someone else's vital interests. For example, sharing details of your social care records with our health organisation partners in an emergency.
Where processing is necessary for the purposes of the legitimate interest of the council or a third party. We can only rely on this lawful basis if we are processing personal data for a legitimate reason other than performing our tasks as a public authority.
Law enforcement function
Where it is necessary for us to perform a law enforcement function.
When we can use your special category
With explicit consent
We can use your special category when we have your explicit consent (or that of your appointed representative).
You can contact us to remove your explicit consent at any time.
We can use your special category personal data without consent on these lawful bases, where it is necessary:
- for employment, social security and social protection law
- for the vital interests of an individual who is incapable of giving consent
- where personal data has been made public by the data subject (the person)
- for legal or judicial claims
- for reasons of substantial public interest
- to assess the working capacity of an employee
- for medical diagnosis
- for health care or social care purposes
- for archiving, scientific and historical research or statistical purposes in the public health
12. Moving your data outside the European Economic Area (EEA)
If your personal data needs to be moved outside the EEA, we will make sure that we keep it safe in compliance with the GDPR.
We will check whether the European Commission has made an adequacy decision about the country your data needs to be moved to.
An adequacy decision means that the country or international organisation has a legal framework in place to make sure that your personal data is protected. If an adequacy decision has been made then we will be able to make the transfer.
If an adequacy decision has not been made, we will make a restricted transfer of your personal data provided the transfer is covered by an appropriate safeguard listed in the GDPR.
Appropriate safeguards are listed below.
Binding corporate rules
We will make a restricted transfer if we and the intended recipient have signed up to a group document called binding corporate rules.
Standard contractual clauses adopted by the European Commission
We will make a restricted transfer if we have entered into a contract which incorporates standard data protection clauses adopted by the European Commission.
Approved code of conduct or a certification scheme
We will transfer your personal data to entities that have adopted and committed to adhere to an approved code of conduct or a certification scheme that safeguards data protection rights.
13. How long we store your personal data
We make sure that we follow our records retention schedule and do not keep your personal data for longer than necessary.
You can read our records management and data retention policy document below.
14. Your individual rights relating to your personal data
Your rights are listed in this section. If you want to use any of your rights, please contact us by:
- email: email@example.com
- phone: 01344 352000
Right of access
You may ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.
Read about right of access on the ICO website.
Right to get your data corrected
You may ask us to correct your information which you think is not accurate. You may also ask us to complete information you think is incomplete. This right may not always be available under certain circumstances
Read about your right to get your data corrected on the ICO website.
Right to get your data deleted
You may ask us to delete your personal information. This right may not always be available under certain circumstances.
Read about your right to get your data deleted on the ICO website.
Right to limit how organisations use your data
You may ask us to restrict the use of your information. This right may not always be available under certain circumstances.
Read about your right to limit how organisations use your data on the ICO website.
Right to object to the use of your data
You may have the right to object to the use of your data. This right may not always be available under certain circumstances.
You have an absolute right to object to the use of your data for the purposes of direct marketing.
Read about the right to object to the use of your data on the ICO website.
Right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you.
This right only applies if the personal data has been processed by automated means, by consent or that the processing is necessary for the performance of a contract with you (or we are in conversation with you about entering into a contract).
Read about your right to data portability on the ICO website.
Right to ask for an automated decision to be reconsidered by a human
This right protects you if we are carrying out automated decision making that will have a legal or significant effect on you.
This right does not apply if:
- the automated decision-making is necessary for entering into or performance of a contract with us
- we have your explicit consent
- we are authorised by law
Right to withdraw consent
If the legal basis for our processing of your personal information is consent then you have the right to withdraw your consent at any time.
You are not required to pay any charge for exercising your rights.
If your request is unfounded or excessive we may charge a fee to cover the administrative costs of responding to your request, or we may refuse to deal with the request.
We have one month to respond to you.
15. Your data is kept safe and secure
All the data we process and hold is kept safely and securely in our IT systems.
We have taken steps to put in place technical and organisational measures to make sure your personal data is secure.
We have procedures to deal with any suspected data security breach. If there is a suspected breach we will notify you and the ICO where we are required to do so.
16. Data matching
We may use your personal information with departments in the council for data matching purposes to effectively carry out our functions.
We are required to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, or where undertaking a public function. This is to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may show that there is an inconsistency which requires further investigation. No assumption can be made about whether there is fraud, error or any other explanation until an investigation is carried out.
We take part in the Cabinet Office’s National Fraud Initiative. This a data matching exercise to help in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
Read about the National Fraud Initiative on GOV.UK.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require consent of the individuals concerned under data protection legislation. Data matching by the Cabinet Office is subject to a Code of Practice.
Read the Code of Data Matching Practice on GOV.UK.
More information on the Cabinet Office’s legal powers and the reasons why it matches particular information is available on GOV.UK.
Read about fair processing on GOV.UK.
17. Other websites
Our website contains links to other websites. This privacy notice applies to this website only. When you link to other websites you should read their own privacy notices.
We are not responsible for the contents or reliability of the linked websites and we do not endorse the views expressed in them. Listing should not be taken as endorsement of any kind. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages.
If you are not satisfied with the way that we are holding your data, you can contact the Information Commissioner.
You can contact the ICO by:
- visiting the ICO website
- phone: 0303 123 1113
Or you can write to:
Information Commissioner's Office