Coronavirus (COVID-19) privacy notice

Coronavirus (COVID-19) privacy notice

How we will deal with your data during the current Coronavirus pandemic.

Bristol City Council is committed to protecting your privacy when you use our services or interact with us in other ways during the current coronavirus pandemic.

This privacy notice explains how Bristol City Council will collect, use and protect personal data with regard to coronavirus (COVID-19). You can view our main privacy notice on our privacy page.

Who we are

Bristol City Council is responsible for ensuring we only collect and use the personal information necessary to provide you with a service, or for our interaction with you and to ensure we maintain the highest standards necessary to protect your personal information.

Bristol City Council
City Hall
College Green
Tel: 0117 922 2000

Our Data Protection Officer makes sure we follow the law. If you have any concerns or questions about how we look after your personal information, contact our Data Protection Officer by:

What personal information we use and why

We may use personal information, including information about health and ethnicity that we already hold about our residents, employees and stakeholders. You may have provided this information for a specific reason for example, council tax, housing, or in relation to another council function or service.

We may, in this current crisis, ask you for:

  • additional information about you that you have not already supplied, for example if you have any underlying illnesses or are vulnerable. This is so we can offer help and prioritise our services during the pandemic and work with government and statutory agencies in responding to the pandemic
  • name, contact details, date of birth, NHS Number and information about your symptoms if you are in the same household as a BCC employee in a critical role and requesting a COVID-19 test.
  • contact details and specific health information when you enter buildings and spaces owned, run or used by the council to provide services and exercise our functions. This is so we can comply with government requirements to facilitate effective track and testing in order to control the spread of the virus

We must be as transparent as possible and let you know why we are processing your data and usually would tell you if personal information you provided would be used for a different purpose. Due to the current emergency this will not always be possible.

Any information which we process will be used only for purposes relating to the coronavirus (COVID-19) pandemic, and we will only process information that is relevant and limited to what is necessary for that purpose.

Legal basis for processing your personal data

The reason we are processing your personal data will determine the legal basis for processing it. The legal bases for processing by the council as a public authority will be:

  1. Where disclosure is in the vital interests of yourself or another person GDPR Article 6(1)(d) and 9(2)(c)
  2. Where it is necessary for the reasons of substantial public interest Article 9(2)(g) and Statutory etc and government purposes DPA 2018 Sch 1 Part 2(6)
  3. Where it is in the interest of public health Article 9(2)(i), DPA 2018 Sch 1 Part 1(2) and DPA 2018 Sch 1 Part 1(3)
  4. Where it is necessary to carrying out our obligations field of employment and social security and social protection law Article 9(2)(b) and DPA 2018 Sch 1 Part 1(1)
  5. Where it is necessary to comply with a legal obligation Article 6(1)(c)
  6. Where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested us Article 6(1)(e)

Sharing your personal data

It may be necessary to share your information with other public authorities, emergency services, and other stakeholders such as charities and voluntary organisations as necessary and where it's relevant and proportionate to do so during this emergency.

If we already hold information regarding individuals who may be vulnerable, as defined in the current guidance from the Government and Public Health England, we may share this information for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council.

How we protect your information

We work hard to make sure that the records we hold about you are looked after securely and are only available to those who have a right to see them.  Some ways we do this are by:

  • controlling access to systems and networks
  • training of staff so they understand how to look after your information
  • putting in place controls over where data is stored
  • ensuring personal information sent by email is encrypted
  • deleting personal information when it is no longer needed

Transfer of personal data outside the UK

Most personal information we collect and use is stored on systems in the UK. On occasion, your information may leave the UK either to get to another organisation or if it is stored in a system outside the EU. Details of these transfers can be found in the service area privacy notices and our main privacy notice.

In some exceptional circumstances it may be necessary use services which process personal data outside of the EU. In the limited cases where we transfer data outside the UK to non-EU countries we will ensure adequate safeguards are in place to protect personal data.

How long we keep your personal data

We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, or there is a legal requirement to keep the data for a set period of time. 

We do not know how long data relating to the management of the pandemic will be retained but will keep that under review.

Where your personal data is collected for the purposes of contact tracing only, it will be deleted by us 21 days after your visit.

Where we do not need to continue to process your personal data, it will be securely destroyed. We will always seek to anonymise data so that you cannot be identified wherever that is possible.

Your Rights

You have the right to ask for access to your data and where data is found to be inaccurate to have that data corrected. 

In certain circumstances you have the right to have data held about you erased, or the use of it restricted. You may be able to object to processing and may also have the right to have your data transferred to another data controller.


If you've any concerns, or complaints about the way you data is handled email the council's Data Protection Team at

Or you can write to The Data Protection Officer, City Hall, College Green, Bristol BS1 5TR

If your concerns are not resolved to your satisfaction you have the right to complain to the Information Commissioner's Office to investigate the matter further by writing to:

Information Commissioner's Office
Wycliffe House
Water Lane

The Information Commissioner’s Office has published its own advice on data handling during the pandemic.

Changes to this privacy notice

We will keep this privacy notice under regular review and if we make any changes, we will publish the updated version on our website.