- About us
- Our response to Coronavirus (COVID-19)
- What kind of information are you talking about
- Why would we collect person data
- What types of information do we hold
- Who we collect information from
- Who do we share information with
- How long do we keep information for
- Our Directorates
- Law Enforcement and Fraud
- Your rights
Peterborough City Council is a data controller and processor for the purposes of Data Protection legislation. This means that we are responsible for deciding the purpose of collecting and using information, but as a processor we also use the information in line with why we collected it as part of our everyday work.
Peterborough City Council become a unitary authority in 1998, having previously been part of Cambridgeshire County Council. As a unitary authority, the council has both the powers of a non-metropolitan county and district council combined. This means that we provide services such as social care and education, which a county council may supply, but we also provide planning, Council Tax, Benefits and the regulatory services that a district council provides.
This privacy notice explains what the council does generally, and has links to our directorates and what services sit within those directorates. All directorates and services come under Gillian Beasley, our Chief Executive.
We also have a section on your rights and how you can contact us to exercise these rights.
We are always looking to improve our privacy notices to ensure that you understand what data we collect, why and what we do with it. If you have any comments or questions then we would like to hear from you.
Our response to Coronavirus (COVID-19)
Read our shared privacy notice in relation to the information we are using in our response to the current coronavirus situation. This is shared with Cambridgeshire County Council as we are working together to provide support and care for communities at this time.
You can also read our joint privacy notice explaining how Public Health are collecting, sharing and analysing data as part of working with central government, health and care providers, voluntary sectors and volunteers to deliver vital care and support to our local communities.
Self-Isolation Payment Privacy Notice
On 28 September 2020, the Government passed into law a national Test and Trace Support scheme. From 12 October, a one-off payment of £500 or access to a discretionary fund will be available for eligible individuals. More information about this scheme can be found online.
If you apply, we will need to process your personal data to assess whether you are eligible to receive financial support, and if so, to provide a payment to you. This Privacy Notice sets out what personal data we will use, how we will use it, and why we need to, when an applicant applies for this support.
The Department of Health and Social Care (DHSC) has commissioned NHS Test and Trace on behalf of the government and is the data controller for the purposes of providing Test and Trace data to Peterborough City Council.
Peterborough City Council are the data controller for the purposes of assessing eligibility, administering and making payments under the Test and Trace Support scheme.
If you have been told by the NHS to self-isolate, either because you have tested positive for COVID-19 or you have been in contact with someone who has tested positive, you may be entitled to some financial support during your self-isolation period.
What are Self-Isolation Payments?
People who are eligible will receive:
A £500 one-off Test and Trace Support payment or provision from the discretionary fund to remain at home to help stop the spread of the virus.
Categories of personal data we collect and process
We collect and process the personal data that you provide to us when completing your application for a self-isolation support payment, which may include:
- Full name;
- Full residential address;
- Email address;
- Mobile telephone number;
- Home telephone number;
- Proxy applicant details (as above where you may nominate someone else to complete this application on your behalf);
- Employer name and address;
- NHS notification number (the unique reference you will be given by NHS Test and Trace Service to self-isolate);
- Bank account details;
- Your National Insurance Number;
- Proof of self-employment e.g. recent business bank statement (within the last two months), most recent set of accounts or evidence of self-assessment
Source and categories of personal data
We will obtain data from the NHS Test and Trace Service to confirm that you have either tested positive for COVID-19 or you have been in close contact with someone who has tested positive for COVID-19. As this data is related to your health it is referred to as ‘special category data’.
You or your nominated representative will also provide us with additional personal data in relation to your application for a Self-Isolation Payment.
What we use your personal data for
We will carry out checks with the NHS Test and Trace Service and the Department for Work and Pensions (DWP), for verification purposes, Her Majesty’s Revenue and Customs (HMRC), for tax and National Insurance purposes, and potentially with your employer in validating your application.
Information relating to your application will also be sent to the DHSC to help understand public health implications, allow us to carry out anti-fraud checks and determine how well the scheme is performing.
We will not share this data with other organisations or individuals outside of Peterborough City Council and parties acting on our behalf to process this data for any other purpose.
We will provide information to HMRC in relation to any payments we make because Self-Isolation Payments are subject to tax and National Insurance contributions. If you are self-employed, you will need to declare the payment on your self-assessment tax return.
Our lawful basis for processing the personal data
We must have a legal basis to process your personal data. Our lawful basis in the processing that we’ll undertake in assessing your eligibility for, and in making any self-isolation payment to you, is based on a legal obligation.
Where we use personal information to confirm that someone is eligible for a self-isolation payment, the sections of the law that apply are:
- GDPR Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- GDPR Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare;
- Data Protection Act 2018 Schedule 1 Part 1 (2) - health or social care purposes
Separately, we have special permission from the Secretary of State for Health and Social Care to use confidential patient information without people’s consent for the purposes of diagnosing, recognising trends, controlling and preventing, and monitoring and managing communicable diseases and other risks to public health.
This is known as a ‘section 251’ approval and includes, for example, using your test results if you test positive for COVID-19 to start the contact-tracing process.
The part of the law that applies here is section 251 of the National Health Service Act 2006 and Regulation 3 of the associated Health Service (Control of Patient Information) Regulations 2002.
You can find more information on this via the NHS Contact Tracing Privacy Notice.
Data Processors and other recipients of your data
These are the recipients with which your personal data is shared:
Her Majesty’s Revenue and Customs (HMRC) for tax and National insurance purposes;
Your employer for verification checks purposes;
Serco Ltd who will be performing function on behalf of Peterborough City Council and under contract
International Data Transfers and Storage
Peterborough City Council will not store or transfer your personal data outside of the UK or EEA.
Personal data disposal and retention
We will only keep your personal data for as long as it is needed for the purposes of the COVID-19 emergency, and for audit and payment purposes.
Your rights as a data subject
By law, you have a number of rights as a data subject and this does not take away or reduce these rights. Your rights under the EU General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 applies.
All information is processed in accordance with our data protection policy and you can find our how we use personal information and your rights here, https://www.peterborough.gov.uk/council/council-data/corporate-privacy-notice.
You can also find out how to contact us at the same page.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
Automated decision making or profiling
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Changes to our policy
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on our website.
What kind of information are you talking about
The legislation covers “personal data” which is information which directly or indirectly identifies a person. This could mean name, address, date of birth, National Insurance Number, IP address or genetic data. Some personal data is what we used to call sensitive personal data but is now called special categories of data. These still include types of information like ethnicity, religion and health.
Why would we collect person data
For some council services there is a need to collect personal data so that we can get in touch or provide the service you require. Many of these services are statutory, which means that we are required by law to provide them, and this will be why we ask for information from you. This is our legal basis for using the information because without the information then we would not be able to that service to you.
Each service will have its own requirements and you will only be asked to provide the information which we need in order to provide you with that service. If you contact the Chief Executive’s Office for assistance then we will ask for information to enable your question to be answered or forwarded to an officer to provide the answer to you.
There will be some services which we need your consent to collect and use your information. Where this is the case then we always make this clear to you when you first become involved with the service.
You always have the right to withdraw from receiving that service. If you do withdraw consent then we will always make sure that we explain the impact of you doing this is.
It may also be that we provide a service to you which is statutory, but we would like to use some information for another reason, such as research or evaluation of our work. Where we need your consent to do that, we will make this clear to you and give you a choice.
What types of information do we hold
This will depend on the service and what information is needed however it will include both personal data and special categories of data. It may include but not be limited to:
- Identification Number
- Email address
- IP Address
- Date of birth
- Household members
- Criminal Offences
- Physical Health
- Mental Health
- Sexual health
- only ask for information if we have legitimate grounds to do so
- explain why we are asking for that information
- only ask for the information we actually need
- keep accurate and up to date information
- only keep information for as long as it is needed
- to ensure that we take appropriate steps to keep your information secure
All staff who have access to information about you will have received training on data protection and information security. All data is stored within the European Union except for data relating to the council's email marketing system. This data is stored in the USA under the provisions of the EU-US Privacy Shield Framework.
Who we collect information from
It will depend on the service, however, the starting point will normally be yourself or someone acting on your behalf.
We may also receive information from other organisations who we work with to deliver a service. For example, your information may be shared with us by a health professional because we will provide reablement services to you. In those cases, the person or agency referring you should tell you what they are doing.
We may also receive information about you or family members, because the organisation which holds that data is required by law to provide us with it. This is often a school or pre-school who are required to inform us about children attending the school. Sometimes we may need to ask other agencies or organisations for relevant information about you to fulfil our legal responsibilities or to provide services.
Who do we share information with
It will depend on what service you are receiving as to who we share information with and why. It will depend on what service you receive and where permitted but this may include but not limited to:
- Other Local Authorities
- Law Enforcement
- Trade Unions
- Central Government
- Health and social
- Housing Providers
- Fire Service
- Legal Representatives
- Debt Collection
- Regulatory bodies like OFSTED
- Members and political parties
- Commissioned Service Providers
We work with a number of different partners to provide services. This may be government departments like the NHS or local health providers like GPs, it may be the Police or the Department for Work and Pensions.
We may pass your information to these other agencies or organisations as allowed or required by law, for example to enable them to carry out their statutory duties, or where it is necessary to prevent harm to yourself or other individuals.
We have strategic partners like Serco and Skanska. This means that we provide them with your information to provide services like Council Tax administration or highways work. This is always done under a contract so that they can only use your information for the reasons specified in the contract, and must abide by the same data protection legislation as we do.
We may pass your personal data onto the people who provide a service such as care or support to you. These providers are obliged to keep your details securely, and use them only to fulfil your request. Once your request has been dealt with or the case has been closed, they will dispose of the details. If we wish to pass your sensitive personal data onto a third party, we will only do so once we have obtained your consent, unless we are legally required to do so.
Sometimes in order for us to provide services, there may be occasions when we share your data with those who carry work out on our behalf. For example, we may ask an external service provider to review Council Tax discounts or to undertake a statutory assessment of a service.
How long do we keep information for
Under Data Protection, we are required to keep information for as long as it is required. It does not however specify how long a specific piece of information should be retained for. Therefore each department will use a retention schedule for documents etc which it holds and have a secure means of destruction. This can be made available.
Specific information relating to the information collected by each of our directorates can be accessed by clicking on one of the pdf links below. There will also be specific privacy notices attached to specific projects or pieces of work which will contain very clear information for you on how your information is being used.
|Legal and Governance||
The department consists of Legal Services, Information Governance, Electoral Services, the Civic Office and Democratic Services
The department consists of services such as employee relationship, training and occupational health as well as recruitment.
The Resources department consists of the following: Financial Services, Commercial Group, Cemeteries, cremation and registrars
|Growth & Regeneration||
The Growth and Regeneration directorate is in charge of driving that growth and overseeing major regeneration projects in the city. It includes Planning, Highways and Transport and Waste. It also includes City Services and External Communications, Regulatory Services such as Trading Standards and Environmental Health.
The teams within the Public Health directorate help people to stay healthy, and protecting them from threats to their health.
|People & Communities||
This directorate is responsible for ensuring the needs of our residents are met, particularly those that are most vulnerable. The directorate includes five service directorates as below:
Law Enforcement and Fraud
Peterborough City Council have certain functions such as Trading Standards, Environmental Health and other enforcement services.
In these instances, data that is identified for the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security is processed under the provisions of Part 3 of the Data Protection Act. This is because it is necessary for the purpose of law enforcement purposes.
The access to your rights will remain the same as described in this notice.
Our legal basis for the processing personal data will be where it is necessary for the law enforcement purpose i.e. the prevention, investigation, detection and prosecution of criminal offences as we are required to do so by law. We will only conduct sensitive sensitive processing under Part 3 of the Act where it is necessary for us to meet our duties such as preventing fraud or detecting criminal offences.
We are under a duty to protect the public funds we administer and to this end may lawfully use and disclose information to other public sector agencies for the purpose of:
- preventing or detecting fraud and any other crime and/or to administer council tax
- to protect public funds in investigating misuse of public money
The Cabinet Office currently require us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the National Fraud Initiative for matching for each exercise, and these are set out in guidance, which can be found on the National Fraud Initiative page of GOV.UK.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. Data matching by the Cabinet Office is subject to a Code of Practice, the code of practice can be found on GOV.UK.
You have rights under Data Protection and these are stated on our Data Protection Rights page.
The request will be submitted to the Data Protection Officer and the Information Governance Service. There are reasons why we may not be able to agree to your request but we will explain why and always look to see how we can help you.
If you are unhappy about how your information has been collected, used or stored then you can complain to:
The Data Protection Officer for Peterborough City Council is shown below:
Peterborough City Council
Town Hall, Bridge Street
The Information Commissioner’s Office is the UK's independent body set up to uphold information rights. Their role is to uphold information rights in the public interest. They can be contacted as below:
The Information Commissioner’s Office
Wycliffe House, Water Lane
Tel: 01625 545700