Breadcrumb

Privacy statement: what we do with your personal data

Privacy statement: what we do with your personal data

Your privacy is important to us and we take great care to protect it. We collect your personal details when you fill in a form, write us a letter, phone us or send us an email.

How we handle your data

The Secretary of State for Health and Social Care has directed NHS Digital to collect and analyse data from providers and other organisations involved in managing the coronavirus (COVID-19) response and then disseminate information and analysis to other bodies for the purpose of planning and managing the response.

All local authorities have been given legal notice to support the processing and sharing of information to help the COVID-19 response under Health Service Control of Patient Information Regulations 2002. This is to ensure that confidential patient information can be used and shared appropriately and lawfully for purposes related to the COVID-19 response.

This means that in some cases, Bristol City Council will be obliged to share your personal data with other services if it relates specifically to the COVID-19 response. This is a temporary measure, which is currently due to expire on 30 March 2021.

You can read the full COVID-19 privacy notice for how we are handling your data during the COVID-19 crisis.

This privacy notice explains how we use information about you and how we protect your privacy.

Each of our service areas have their own privacy notice with more detailed information. This covers how we handle your information for specific council services, including who we may share your information with and why.

For data protection information see our data protection policy page.

Who we are

Bristol City Council is the data controller and is responsible for ensuring that we:

  • only collect and use the personal information necessary to provide you with a service, or for our interaction with you
  • maintain the highest standards necessary to protect your personal information

Our address:

Bristol City Council
City Hall
College Green
Bristol
BS1 5TR 

Call: 0117 922 2000

Our Data Protection Officer monitors Bristol City Council’s compliance with the law and provides advice.

If you have any concerns or questions about how we look after your personal information, contact our Data Protection Officer:

Email: data.protection@bristol.gov.uk

Write to:

Data Protection Officer
Bristol City Council
City Hall
College Green
Bristol
BS1 5TR

What is personal information

Personal information is anything that identifies and relates to a living person.

It can include information that when put together with other information can identify a person. 

For example, this could be your:

  • name
  • contact details
  • bank details
  • personal and family history
  • identification numbers
  • online identifiers

Special category information

Some personal information is more sensitive and needs more protection.

It's often information that is very personal to you and is information that can reveal or is concerning your:

  • Racial or ethnic background
  • Genetic or biometric data
  • Health
  • Political opinions
  • Religious or philosophical beliefs
  • Sex life
  • Sexual orientation
  • Trade union membership

Criminal Offence information is any information that can reveal or is concerning your criminal history.

We get most of the personal information we use from you and from what we learn about you through your interactions with us. 

We may also get some information about you from:

  • the technology you use to access our services
  • information you make public on social media
  • family members
  • your legal representative
  • referees
  • employers
  • information from publicly available sources
  • health and education providers
  • commissioned partners
  • regulatory bodies
  • police and other local authorities 

Details about what information we get from other sources can be found in the different service area privacy notices.

Why do we need your personal information

We may need to use your personal information to:

  • deliver services and support  to you
  • manage those services we provide to you
  • train and manage the employment of our workers
  • help investigate any worries or complaints you have about our services
  • keep track of spending on services
  • check the quality of services
  • help with research and planning of new services
  • prevent and detect crime and fraud

There are circumstances when you are required by law or contract to provide personal information.

When this is the case, you can find the details in the different service area privacy notices.

Our legitimate interests

There may be some limited circumstances when we process your personal data as it is in our legitimate interests to do so.

When this occurs, our legitimate interests are provided in the relevant service area’s privacy notice.

Our use of cookies on our websites

We sometimes store small files called cookies on your computer or other device to help improve your experience on our website.

We collect web statistics automatically about your visit to our site based on your IP address.

This information is used to help us to improve your experience on our website.

Our use of automated decision making and profiling

There are some circumstances when BCC uses automated decision making and profiling.  

When this occurs, details of this are provided in the relevant service area’s privacy notice.

How the law allows us to use your personal information

There are a number of legal reasons why we are allowed to collect and use your personal information.

These are different for each council service and the specific details are contained in their privacy notice.  

A summary of these reasons is set out below:

Consent

You have given your consent for us to use your personal information.

Contract

We need the information because you have:

  • entered into a contract with us, or 
  • asked us to do something before entering into a contract

Legal Obligation

We need the information to comply with the law.

Vital Interests

We need the information to protect someone’s life in an emergency

Public Task

We need the information to exercise our official authority and to carry out tasks in the public interests that are set out in law

Legitimate Interests

We need the information to conduct our legitimate business for non-statutory services

Summary of additional legal reasons

There are additional legal reasons which have to apply when we process your special category personal information and criminal offence personal data.  

A summary of these is set out below:

  • We need your information for employment, social security or social protection purposes
  • We need your information to deliver health or social care services
  • You have made your information publically available
  • You have given your explicit consent
  • We need your information to defend or make legal claims
  • There is a substantial benefit to society as a whole for us to use the information
  • We need the information to protect someone’s life in an emergency
  • We need the information to protect public health in the public interest
  • We need the information for archiving, research or statistical purposes.

We process criminal offence personal data where it is authorised by law.

Who do we share your personal information with

Sometimes we have a legal duty to provide personal information to other organisations.  

This includes where we have a statutory enforcement duty, disclosures we are required to make by law, to detect or prevent fraud and to audit or administer public money. 

Sometimes we share data with other organisations in the exercise of our functions as a local authority, which includes via the Connecting Care system which enables health and social care professionals to share medical records. 

We only share information if necessary and where we have a legal basis for doing so.

We may share your personal information with a range of organisations to store personal information on our behalf or help deliver our services.

When we do this, we always have an agreement in place to make sure that organisation complies with data protection law to keep your information safe.

When we share your personal information, details are provided in the relevant service area’s privacy notice.

We also share some personal information within Bristol City Council to ensure the successful delivery of local services.

Safety concerns

Occasionally, we may share your personal information when we feel there is a good reason that is more important than protecting your privacy, for example:

  • if there are serious risks to the public, our staff or other professionals
  • to protect a child, or
  • to protect adults who are thought to be at risk

If we’re worried about your physical safety or feel we need to take action to protect you from being harmed by others, we’ll discuss this with you and if possible, get your permission to tell others about your situation before doing so. 

We may still share your information if we believe the risk to others is serious enough to do so.  

If the risk is so great we need to share information urgently, we’ll record:

  • what information we share
  • our reasons for doing so

We’ll let you know what we’ve done and why, if it is safe to do so.

Fraud Prevention and Detection

Bristol City Council is required by law to protect the public funds it administers. 

We may share information provided to it with other bodies responsible for:

How  we protect your information

We work hard to make sure that the records we hold about you are: 

  • looked after securely  
  • only available to those who have a right to see them

Some of the ways we do this are by:

  • controlling access to systems and networks
  • training of staff so they understand how to look after your information
  • putting in place controls over where data is stored
  • ensuring personal information sent by e-mail is encrypted
  • deleting personal information when it is no longer needed

More information about how we protect your personal information can be found in our information security policy.

Will my personal data be sent outside the UK

Most personal information we collect and use is stored on systems in the UK.

On occasion, your information may leave the UK:

  • either to get to another organisation or
  • if it is stored in a system outside the EU

Details of these transfers can be found in the service area privacy notices.

When this happens, we make sure the country it is sent to has the required level of data protection.

We take additional steps to protect your information including:

  • making sure it is transferred securely
  • there is a contract in place which ensures the recipient will protect your information

We do all we can to make sure your information is not sent to a country that is not deemed to look after your personal data sufficiently by the UK or EU governments.  

If we have to send it to such a country, we will seek advice from the Information Commissioners Office first.

How long do we keep your personal information

We'll only keep your information as long as we need to.

Each service states how long your information may be kept for in its privacy notice. This ranges from months for some records to indefinitely for others.  

Sometimes the law states how long we must keep personal data for. We try to include all of these time limits in our Retention Schedule.

Your rights in relation to your personal information that we collect and use

You have a number of rights in relation to the personal information we collect and use about you.

Further information about these rights can be found on the Information Commissioner’s individual rights page.

Your rights

You can ask for access to a copy of the personal information we have about you in both paper and electronic records.

If you would like a copy of the personal information we hold about you, you can contact us either by: 

We cannot share any information which contains:

  • personal information about other people
  • information a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing

Additionally, we will not give you a copy of the personal information if we think that giving it to you may stop us from preventing or detecting a crime.

You can ask us to change information you think is inaccurate

If the information we hold about you is inaccurate or incomplete let us know by contacting Citizens Services

We may not always be able to change or remove the information but we: 

  • will correct factual inaccuracies
  • may include your comments in the record to show that you disagree with it

You can ask for your information to be deleted

In some circumstances you can ask for your personal information to be deleted for example, where:

  • your information is no longer needed for the reason for which it was collected in the first place
  • you have removed your consent for us to use your information
  • there is no legal reason allowing our use of your information
  • deleting the information is a legal requirement.

We don’t have to delete your information if:

  • we are required to have it by law
  • it’s used to carry out a task in the public interest or our exercise of official authority
  • it’s used for freedom of expression and information
  • it‘s used for public health purposes or preventative or occupational medicine purposes (special category data only)
  • it’s scientific or historical research, or statistical purposes where it would make information unusable
  • it’s necessary for legal claims

You can ask us to limit what we use your personal data for

You are able to ask us to restrict what we use your personal information for where:

  • you have identified inaccurate information and have told us about it
  • we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether

When use of information is restricted, it can’t be used other than to securely store the information and with your consent to handle legal claims and protect others or where it is required by law. 

When use of information is restricted at your request, we will inform you before we carry on using your personal information.

You can ask us to stop using your personal information for any council service.  If this request is granted, this may cause delays or prevent us delivering that service.

Where possible we’ll try to comply with your request, but we may need to hold or use information because we are required to by law.

You can ask to have your information moved to another provider (data portability)

If we are using your information with your consent or to comply with a contract, and we use it only through a computer, you have the right to ask for your personal information to be given to you or another service provider in a machine readable format. 

It’s unlikely this will apply in relation to personal information used by the Council.

You can ask to have any computer made decisions explained to you, including details of how we may have ‘profiled’ you.

You have the right to question decisions made about you by a computer, unless the use of your information in this way is needed to:

  • comply with a contract between you and the Council or
  • it is required by law or you have given your consent to your information being used in this way

This includes the right to object if you are being ‘profiled’, that is, decisions are made about you based on your personal information.

You can object to us sending you direct marketing

You have the right to ask us to stop sending you marketing information about our services. If you ask us to stop, we will do so.

You may have the right to object to our use of your personal information

In some circumstances you can object to our use of your personal data. In these circumstances we weigh your right to privacy against the wider public interest in continuing to use your data.

You have the right to withdraw your consent

When we rely on your permission to use your personal information, you have the right to withdraw your consent to us using your personal information at any time.

How to exercise your rights

You  can  exercise  any  of  these  rights,  ask  questions  about  how  we  use  your  personal  data  or complain by contacting us at data.protection@bristol.gov.uk

You can also write to our Data Protection Officer at:

Data Protection Officer 
Information Governance 
Bristol City Council
City Hall 
College Green
Bristol
BS1 5TR

If you think we have dealt with your information inappropriately or unlawfully, you have the right to complain to the Information Commissioner’s Office (ICO) at: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF