Privacy notices - Public Health privacy notice

All local authorities have a duty to improve the health of the population they serve. To help with this, our Public Health team use data and information from a range of sources.

We use this data to measure the health, mortality, morbidity and care requirements of our population. It allows us to plan and deliver health and care services in a coordinated and efficient way.

The type of personal information we collect

Your personal data will be used to process your application for the services you require provided by Public Health and will include data such as:

• name
• date of birth
• address

This may also include special category information such as:

• health records
• sexual orientation

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for processing your application for the services you need provided by public health.

We also receive personal information indirectly, from the following sources in the following scenarios:

• NHS Digital provide:
  • access to civil registrations datasets, which include births and deaths registrations - this information is person-identifiable
  • a pseudonymised hospital episode statistics dataset - these datasets are used for the following purposes:
    • measuring the health, mortality and care needs of the population
    • planning, evaluating and monitoring health and social care policies, services or interventions
    • protecting or improving public health, including such subjects as:
      • the incidence of disease
      • the characteristics of persons with disease
      • the risk factors pertaining to sections of the population
      • investigating specific areas of local concern relating to the health of the local population
      • the effectiveness of medical treatments
• Fit4all community physical activity service
• social prescribing service
• stop smoking service
• tier 2 adult weight management service

We use the information that you have given us in order to process your application for the services you require provided by public health.

How the law allows us to use your personal information

Public Health has various legal obligations, such as those stated in the following:

• Health and Social Care Act 2012
• Control of patient information notice: COVID-19 - Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002
• Children and Families Act 2014
• Local Authority Public Health Functions Regulations 2013 and related statutory instruments and their subsequent amendments, to provide health and wellbeing services that include, but not limited to:
  • open access sexual health services
  • national child measurement programme
  • health checks for eligible people
  • public health advice
  • health protection
  • to keep to the general duty to improve public health and any other steps to improve the health of people who live in the area, to help individuals minimise the risks to their health and to encourage individuals to adopt healthier lifestyles

Also, data depending on the types of information being held and analysed. These include:

• Section 42 (4) of the Statistics and Registration Service Act 2007 as amended by section 287 of the Health and Social Care Act 2012
• Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002

Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis for processing is Article 6 UK GDPR:

• (a) you have given consent
• (b) process is necessary for the performance of a contract
• (c) processing is necessary for compliance with a legal obligation to which we are subject

Special category data

Special category data is being processed under Article 9 UK GDPR:

• (a) you have given your consent
• (e) processing relates to personal data which are manifestly made public by the data subject
• (h) processing is necessary for the purposes of preventative or occupational medicine

You can read the guide to lawful basis for processing special category data on the Information Commissioner's Office website.

Your consent

If we ask you for your consent when providing our service you have the right to withdraw consent as fully explained below. Where we do use consent to process your personal data, we will explain to you what we are asking you to agree to and why.

If we have consent to use your personal data, you have the right to remove it at any time. If you want to remove your consent, email public.health@bracknell-forest.gov.uk and we will deal with your request. Should you remove your consent we are unlikely to be able to provide continued services to you.

You also have the right to:

• opt out of Bracknell Forest Council public health receiving and processing your personal identifiable information from NHS Digital datasets
• choose not to have information about you shared or used for any purpose beyond providing your own treatment or care

However, there are occasions where service providers will have a legal duty to share information, for example safeguarding.

The process for opting out will depend on what the specific data is and what programme it relates to. You can contact your GP for more information about registering an opt-out or to end an opt-out you have already registered.

We have a contractual obligation

Performance of a contract when providing a service with an external provider such as a business providing universal and targeted public health nursing services to children and young people.

Under the contract you have a right to object to processing as explained below, under 'your data protection rights'.

Public interest

Public interest when providing a service in our official capacity, such as the promotion of a ‘Stop smoking’ campaign.

Who we share your information with

We will need to share you personal data with third parties to deliver our services. Third parties include (for example, police, care home services) This is not an exhaustive list.

You can ask us for more information on the third party service providers. We will not sell your personal data to any party.

Data that is received through our Data Access Agreements (DAA) with NHS Digital (hospital episode statistics and access to civil registrations – including births and deaths) will not be disclosed with a third party that is not identified in our licence agreement.

Any data that is shared will be anonymised and aggregated to a level that complies with the Office of National Statistics Guidance or if we are required to do so for legal reasons. This data is provided through the Personal Demographics Service.

In order to carry out our legal obligations the council may share the school census data it collects from the schools in the Bracknell Forest area with its appointed commissioners.

Service adjustments

If you need service adjustments, email public.health@bracknell-forest.gov.uk.