Lewisham Council Privacy Statement
Introduction
Lewisham Council is registered as a ‘Data Controller’ with the Information Commissioner’s Office (ICO) under the General Data Protection Regulation, as we collect and process personal information about you.
We process and hold your information in order to provide public services. This notice explains how we use and share your information. Information may be collected on a paper or online form, by telephone, email, CCTV or by a member of our staff, or one of our partners.
We have an appointed Data Protection Officer, who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact:
The Interim Data Protection Officer
Petra Der Man
020 8314 9928
DPO@lewisham.gov.uk
Why do we collect information about you?
- deliver public services
-
confirm your identity to provide some services
-
contact you by post, email or telephone
-
understand your needs to provide the services that you request
-
understand what we can do for you and inform you of other relevant services and benefits
-
obtain your opinion about our services
-
update your customer record
-
help us to build up a picture of how we are performing at delivering services to you and what services people need
-
prevent and detect fraud and corruption in the use of public funds
-
allow us to undertake statutory functions efficiently and effectively
-
make sure we meet our statutory obligations including those related to diversity and equalities.
We may not be able to provide you with a product or service unless we have enough information.
We will process your information for the following purposes
- for the service you requested, and to monitor and improve the council’s performance in responding to your request
-
to allow us to be able to communicate and provide services and benefits appropriate to your needs.
-
to ensure that we meet our legal obligations
-
where necessary for the law enforcement functions
-
to prevent and detect fraud or crime
-
to process financial transactions including grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions
-
where necessary to protect individuals from harm or injury
-
to allow the statistical analysis of data so we can plan the provision of services.
We will not pass any personal data on to third parties, other than those who either process information on our behalf, or because of a legal requirement, and will only do so, after we have ensured that adequate organisational and technical measures are in place to protect the data.
We will not disclose any information that you provide ‘in confidence’ to us, to anyone else without your permission, except in situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put a person at risk.
We may process your information overseas using web services that are hosted outside the European Economic Area, but only with data processing agreements that meet our obligations under the General Data Protection Regulation.
Legal basis for processing your personal information
There are a number of legal reasons why we need to collect and use your personal information.
Each privacy notice from the menu on the left explains the legal basis for processing your information by the respective service areas. Generally we collect and use personal information where:
-
you, or your legal representative, have given consent
-
you have entered into a contract with us
-
it is necessary to perform our statutory duties
-
it is necessary to protect someone in an emergency
-
it is required by law
-
it is necessary for employment purposes
-
it is necessary to deliver health or social care services
-
you have made your information publicly available
-
it is necessary for legal cases
-
it is to the benefit of society as a whole
-
it is necessary to protect public health
-
it is necessary for archiving, research, or statistical purposes.
If we process your information entirely from your ‘Consent’ (i.e. non-statutory service), you have the right to withdraw it any time. If you want to withdraw your consent, please contact DPO@lewisham.gov.uk and tell us which service you’re using so we can deal with your request.
Information sharing
We may, occasionally, need to share your information with other business areas within the council, and third parties that provide services. These providers are obliged to keep your details securely, and use them only to fulfil a justified need.
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the General Data Protection Regulation, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime or fraud.
Where we need to disclose Special Category or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to.
We may disclose information when necessary to prevent risk of harm to an individual.
We have Information Sharing Agreements in place with other partners and external organizations to help deliver the best services for you. We do this to comply with data protection law and so you can be confident that they all comply with the same privacy principles as the local authority.
At no time will your information be passed to external organisations for marketing or sales purposes or for any commercial use without your express consent.
Detection and prevention of crime and fraud
Lewisham Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of crime and fraud. We may also share this information with other bodies that are responsible for auditing or administering public funds including the Cabinet Office, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police.
In addition to undertaking our own data matching to identify errors and potential frauds we are required to take part in national data matching exercises undertaken by the Cabinet Office. The use of data by the Cabinet Office in a data matching exercise is carried out under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned.
The personal information we have collected from you will also be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found online.
In limited situations we may monitor and record electronic transactions (website, email and telephone conversations). This will only be used to prevent or detect a crime, or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.
Emergency response management
Data matching may be used to assist the council in responding to emergencies or major accidents, by allowing the council, in conjunction with the emergency services, to identify individuals who may need additional support in the event of e.g. an emergency evacuation.
Telephone calls
Ordinarily we will inform you if we record or monitor any telephone calls you make to us. This will be used to increase your security, for our record keeping of the transaction and for our staff training purposes.
Emails
If you email us we may keep a record of your email address, as well as your email for our records. For security reasons we will not include any confidential information about you in any email we send to you. We would also suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online services or by post.
Website
If you are a user with general public access, our website does not store or capture personal information, but merely logs a number called your IP address which is automatically recognised by the system.
The system will record personal information if you:
- subscribe to or apply for services that require personal information
- report a fault and give your contact details for us to respond
-
contact us and leave your details for us to respond.
We employ cookie technology to help log visitors to our website.
Cookies
We sometimes place small data files on your computer. These are known as cookies and most websites do this. A cookie is a string of information that is sent by a web site and stored on your hard drive or temporarily in your computer’s memory. The information collected is used for the administration of the server and to improve the service provided by the web site. Cookies provide an audit trail of your browsing history, you can reject the use of cookies but you may be asked for information again, e.g. to participate in a survey.
They improve browsing by:
-
remembering who you are after you login to the site
-
prefill some of the online forms with information you already gave to us so you don’t need to keep entering it;
-
measuring how you use the website to make your browsing experience more efficient and user friendly.
Apart from the ones related to the login process our cookies aren’t used to identify you personally. They exist to make the site work better for you. You can manage and/or delete these small files as you wish.
Further information and how to block cookies is located on our cookies page.
To learn more about cookies and how to manage them visit AboutCookies.org.
CCTV
We have installed CCTV systems in some of our premises used by members of the public for the purposes of public and staff safety, and crime prevention and detection. They are also installed in various sites across the Borough for public and staff safety, crime prevention and detection, and the abuse of council policies. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.
We will only disclose CCTV images to others who intend to use the images for the purposes stated above. CCTV images will not be released to the media for entertainment purposes or placed on the internet.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You may make a request for CCTV images you appear in.
How we protect your information
Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be protected by adequate organisational and technical measures, to ensure it can’t be seen by, accessed or disclosed to anyone who shouldn’t.
We have an Information Governance Framework that includes a Data Protection and Privacy Policy and a set of Information Security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
We will not keep your information longer than it is needed or where the law states how long this should be kept. We will dispose of paper records or delete any electronic personal information in a secure way.
Your rights
The General Data Protection Regulation requires the Council to ensure that any information we hold about you is correct. There may be situations where you find the information we hold is no longer accurate and you have the right to have this corrected.
You have the right to request that Lewisham Council stop processing your personal data in relation to any council service, however, this may affect service delivery to you. This right applies primarily to ‘Consent’ based services and not ‘Statutory’ service offerings.
Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement.
Correct the personal information we hold about you
Please contact the service holding the information or the Corporate Information Team to exercise any of these rights, or if you have a complaint about how your information has been used.
How to have your information moved to another provider
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.
It is unlikely that data portability will apply to most of the services you receive from the Council.
You can ask to have any computer made decisions explained to you, and details of how we may have risk profiled you.
You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.
You also have the right to object if you are being profiled. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when Lewisham Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer at DPO@lewisham.gov.uk for details of how we are using your information.