London Councils Privacy Notice
This Privacy Notice explains how we use information about you and how we protect your privacy.
We have separate privacy notices for some of our services and additional information in our ‘Service details’ document [TO FOLLOW – please contact data firstname.lastname@example.org for queries about specific service areas).
We may update this Privacy Notice from time to time to make sure it accurately reflects what we do with your information.
If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Officer at data email@example.com or on 020 7934 9836.
What is personal information?
Personal information can be anything that identifies and relates to a living person. It includes obvious things like your name or address and also license plates, postcodes and ip addresses.
Some information is considered more sensitive. This includes information about;
- ethnic origin;
- trade union membership;
- biometrics (where used for ID purposes);
- sex life; or
- sexual orientation.
- criminal history
We take greater care when using this type of information.
What information do we collect?
The information we collect varies depending on how you interact with London Councils. For example, if you register for an event we will ask for your contact details and job title. If you apply for a Freedom Pass, we will need additional information in order to verify your eligibility. We will only collect what is necessary for the task.
Please read our ‘Service details’ document to find out more details about the types of information we collect for different services.
We may also receive information from the London Boroughs in order to fulfil our functions for them.
What do we use the information for?
We may use your personal information for the following purposes:
- to provide you with a service
- to communicate with you about our services
- to review and improve our services
- to support research and planning of new services
- to keep track of spending
- to respond to a request for information
- to investigate a complaint
- where otherwise necessary and permitted under data protection legislation
Why can we use the information?
Most of the personal information London Councils uses will be used because we are need to comply with a legal obligation, because we have official authority, or it is in the public interest to do so.
Occasionally we will rely on other legal reasons which allow us to use personal data. These include consent, to fulfil a contract, to protect an individuals vital interests or because it is in the legitimate interests of the organisation and those interests are not outweighed by your interests.
Where we ask for your consent to use your information, for example to send you marketing material, you can withdraw your consent at any time.
Voluntary equalities information
Sometimes we request equalities information from you, most often about ‘Protected Characteristics’, as defined by the Equality Act 2010. These include ethnicity, age, religion, gender, marital status, sexual orientation, maternity status and disability status.
If this information isn’t required for the service we are providing you then we ask for it because the Equality Act requires public authorities to show that they have given ‘due regard’ to equalities as they plan and deliver services and when they consult service users.
We may use this information to find out;
- Who is using our services
- Who is not using our Services
- What are the experiences of different groups of customers
- Are services reaching the people who need them most?
This information helps us improve our services for all to better plan for the future and to ensure no one is disadvantaged.
You are not required to provide this information to use our Services. We will make it clear that it is voluntary when it is requested and include a ‘prefer not to say’ option if you do not want to provide it.
How long do we keep your information for?
How long we keep your information, depends on why we need it. Sometimes we are required to keep information for a set time period to comply with a law or regulation. Where there is no law to follow, we will make a business decision about how long to keep the information, taking into account what it was used for. We will only keep information for as long as there is a legal or business need for us to do so.
Our decisions about how long to keep information for are recorded in retention schedules and information is securely deleted when it is no longer required.
Who is responsible for your information?
London Councils is a data controller and responsible for the information we hold about you where we are responsible for making decisions about how the information is used.
For some of our services we engage data processors who work on our behalf. We have contracts in place with all our data processors. The contracts state what they can do with your personal information and they are not permitted to do anything unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct. In these situations, London Councils remains responsible for your information.
In some circumstances, we are also data processors on behalf of the London Boroughs who are data controllers. In those circumstances, we are responsible for meeting the requirements of the data controllers and adhering to data protection legislation.
How do we protect your information?
We will do what we can to make sure we hold records about you in a secure way, and we will only make them available to those who have a right to see them. The information security measures we've put in place include:
- training staff in their data protection responsibilities
- developing procedures to ensure we meet our legal requirements under data protection law
- putting processes in place to ensure good Information Governance practices
- access to your information is only given to those who need to know and where it is necessary
- ensuring information will not be held for longer than required and will be disposed of securely
- encrypting all our electronic devices and sensitive information that is transmitted is encrypted
- not storing your information outside the EU
- conducting regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
How can you manage your own information?
There is an option to unsubscribe on all the information emails we send you, as well as any marketing emails.
If you want to amend or delete your information, ask us to stop using it or ask us for a copy of the information we hold about you, please contact firstname.lastname@example.org
If you have consented to us using your information and you wish to withdraw the consent, please contact email@example.com.
If you would like more information about your rights, please visit; https://ico.org.uk/your-data-matters/
We do not routinely send your information to non-EU countries. Occasionally we may engage a processor who operates in non-EU countries. If we transfer your information beyond the EU, we will make sure that it’s protected in the same way as if it was being used in the EU.
To keep your information safe we will either:
- transfer it to a non-EU country with privacy laws that give the same protection as the EU. You can find out more on the European Commission Justice website
- put in place a contract with the recipient that means they must protect it to the same standards as the EU. You can find out more information on the European Commission Justice website.
- transfer it to organisations that are part of the Privacy Shield - this is a framework that sets privacy standards for data sent between the US and EU countries and makes sure those standards are similar to what is used within the EU. Find out more about the Privacy Shield on the European Commission Justice website
If we intend to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.
Questions and complaints
If you have any questions about how we handle your personal data, please contact us at firstname.lastname@example.org
If you want to complain about the way we have handled your information, you can contact us at email@example.com or you can complain to the Information Commissioner at https://ico.org.uk/make-a-complaint/