Last updated: 28 March 2019 Version 2
Who we are
The Council’s legal name is the Borough Council of Pendle, although we are more commonly known as Pendle Borough Council. Our address is:The Town Hall Market Street Nelson Lancashire BB9 7LG
The Council is a local government authority and is responsible for delivering services to its residents and businesses within the borough. This privacy notice explains how we use any personal information we collect about you.
The Council is registered as a ‘data controller’ under the Data Protection Act (ICO registration Z9180064) as we collect and process personal information about you. This applies to council staff and members of the public.
We process and hold your information in order to provide public services. This notice explains how we use and share your information. Information may be collected on a paper or online form, by telephone, email, CCTV or by a member of our staff or one of our partners.
- What kind of personal data do we process
- Why do we collect information about you
- If you fail to provide personal information
- How we use your information
- How we store your information
- How long will we use your personal data for
- When and why we share your information
- Electoral Registration
- Detection and prevention of fraud – Data Matching
- Emergency response management
- Telephone calls
- Using our website
- Third-party links
- My account – self service
- How we protect your information
- Sending information outside the European Economic Area (EEA)
- Your rights
- Contact information and further advice
- Changes to this privacy notice
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version.
- Profile Data includes, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences (examples include Visitor and Tourism related information).
We may also collect Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health). We may also process information about criminal convictions and offences.
We need to collect and hold information about you, in order to:
- Deliver public services and support to you
- Respond to requests from you
- Confirm your identity to provide some services
- Contact you by post, email or telephone
- Understand your needs to provide the services that you request
- Understand what we can do for you and inform you of other relevant services and benefits
- Obtain your opinion about our services
- Update your customer record
- Process financial transactions
- Prevent and detect fraud and corruption in the use of public funds
- Allow us to undertake statutory functions efficiently and effectively
- Comply with legal obligations which the Council is subject to including those related to diversity and equalities
Where we need to collect personal data by law, based on public interest or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to help you further. We might not be able to provide you with a product or service unless we have enough information, or your permission to use that information.
We will use the information you provide in accordance with Data Protection legislation. The lawful basis for us to collect and process personal information about you is that it is necessary for us to perform a task in the public interest or for our legal function as a public authority.
In limited circumstances we may rely on consent to process your personal data. An example of this is where you have asked to join a mailing list for matters such as tourism or visitor related information. Where we do this you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We will endeavour to keep your information accurate and up to date and not to keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept. We will process your information for the following purposes:
- For the service you requested, and to monitor and improve the council’s performance in responding to your request
- To allow us to be able to communicate and provide services and benefits appropriate to your needs
- To make sure that we meet our legal obligations
- For law enforcement functions, wherever necessary
- For the prevention and detection of fraud or crime
- To process financial transactions, which include grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies like the Department for Work and Pensions
- To collect money that is owed to us
- To protect individuals from harm or injury where necessary
- To allow the statistical analysis of data so that we can plan the provision of our services and help check the quality of services and with research and planning of new services.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
The Council will hold your personal data based on the following criteria.
- For as long as we have reasonable business needs
- For as long as we provide goods and /or services to you and then for as long as someone could bring a legal claim against the Council
- Retention periods in line with legal and regulatory requirements or guidance
We may need to share your information within the Council between departments and with external agencies such as other public bodies and companies that carry out activities on the Councils behalf. We may also share your personal information when we consider there are genuine reasons for doing so that outweigh the protection of your privacy. Examples include in order to detect and prevent crime and fraud; or if there are serious risks to the public, our staff or to
- other professionals
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can override your right to privacy. If we're worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we'll discuss this with you and, if possible, get your permission to tell others about your situation before doing so. We may still share your information if we believe the risk to others is serious enough to do so.
There may also be occasions when the risk to others is so great that we need to share information straight away. If this is the case, we'll make sure that we record what information we share and our reasons for doing so. We'll let you know what we've done and why if we think it is safe to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your information will not be passed to organisations external to us and our partners for marketing or sales purposes, or any other commercial use without your prior express consent.
The Council uses the Individual Electoral Registration Digital Service (IERDS) to verify electoral registration applications from potential electors within the borough. To verify your identity, the information you provide will be processed the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department for Work and Pensions and the Cabinet Office suppliers that are data processors for the IERDS. You can find more information about this on the Gov.UK website.
The Council is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises. We participate in the cabinet Office’s National Fraud Initiative (NFI); a data matching exercise to assist in the prevention and detection of fraud. More Information about the National Fraud Initiative is available on the GOV.UK website. The Cabinet Office Privacy Notice provides more information on how data is processed under the NFI.
Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Council is required by the Cabinet Office to provide data for data matching exercises to help in the prevention or detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise. Details of the core mandatory data required by the Cabinet Office are set out below and in the National Fraud Initiative Guidance although not all datasets listed below apply to Pendle Council:
- Trade creditors' payment history and trade creditors' standing data
- Housing benefits
- Council tax (required annually) and council tax reduction schemes
- Electoral register (required annually)
- Students eligible for a loan
- Private supported care home residents
- Transport passes and permits
- Insurance claimants
- Licences – market trader/operator, taxi driver and personal licences to supply alcohol
- Personal budget (direct payments)
The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned. Data matching by the Cabinet Office is subject to a Code of Practice.
Data matching may also be used to assist us in responding to emergencies or major incidents, by allowing us, in conjunction with the emergency services, to identify individuals who may need additional support in the event of an emergency.
We will tell you if we record or monitor any telephone calls you make to us. Calls made direct to, or from, our Contact Centre (01282 661661) are recorded. We don’t record any financial card details if you make payments to us via telephone.
If you email us, we may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons, we will not include any confidential information about you in any email we send to you, unless you consent to this.
We suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online forms and services.
You can sign up for email alerts for selected services using an external service from Dotmailer, with control over your preferences.
If you are a user with general public access, the Pendle website only captures a number called your IP address, which is automatically recognised by the system.
The system will record personal information if you:
- Subscribe to or apply for services that require personal information
- Report a fault and give your contact details for us to respond
- Contact us and leave your details for us to respond
Collecting data via our website
We use Hotjar to understand how you use our website. We do this using heatmaps and page recordings. All information collected is anonymous. You can read more about how Hotjar protects your privacy.
This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We use a range of different systems, requiring a different account username and password to sign in. We make sure that these are kept secure in our systems, but you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computers and other applicable devices, and you agree to accept responsibility for all activities that occur under your account or password.
We have installed CCTV systems in some of our premises used by members of the public, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions, there may be a need to keep images for longer, for example where a crime is being investigated.
We will only disclose images to other authorised bodies who intend to use it for the purposes stated above. Images will not be released to the media for entertainment purposes or placed on the internet for public viewing.
We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Home Office.
Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be subject to security measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it.
We have an Information Governance Framework that includes a Data Protection Policy and a set of Information Security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
We will not keep your information longer than it is needed or where the law states how long it should be kept. We will dispose of paper records or delete any electronic personal information in a secure way.
We may use third parties for some services (e.g. web hosting services) which may result in your personal information being stored in a country outside of the European Economic area but only with data processing agreements that meet our legal obligations under Data Protection legislation.
You have the right to request that the Council to stop processing your personal data in relation to any council service. However, this may cause delays, or prevent us delivering a service to you. Where possible, we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
We try to ensure that any information we hold about you is correct. There may be situations where you find the information we hold is no longer accurate and you have the right to have this corrected. Please contact us if this is the case.
In certain circumstances, you have the right to have personal data erased. This is known as the ‘right to be forgotten.’ This right is not absolute and only applies in certain circumstances. In most cases, Pendle Council will be processing your data for the performance of a “public task”, for example, collecting Council Tax and will not be able to erase your details.
You are legally entitled to request access to any information about you that we hold, and to receive a copy. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if your request is unfounded, repetitive or excessive.
Please see our Data Protection page for options on how to access your personal information.
If you would like to discuss your information rights further, please email firstname.lastname@example.org.
The Council has appointed its Head of Legal Services, Howard Culshaw, as its Data Protection Officer. If you have questions about the use of your personal data by the Council you can contact Howard.
For more information on Data Protection in general, or if you wish to make a complaint relating to how your personal data has been used, please contact the Information Commissioner Office. The Information Commissioner’s Office is an independent body set up to uphold information rights in the UK. They can be contacted through the ICO website or their helpline on 0303 123 1113, or in writing:
Information Commissioner’s Office
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice and the current version will be at here.