Privacy statement: what we do with your personal data
Privacy statement: what we do with your personal data
Your privacy is important to us and we take great care to protect it. We collect your personal details when you fill in a form, write us a letter, phone us or send us an email.
The Secretary of State for Health and Social Care has directed NHS Digital to collect and analyse data from providers and other organisations involved in managing the coronavirus (COVID-19) response and then disseminate information and analysis to other bodies for the purpose of planning and managing the response.
All local authorities have been given legal notice to support the processing and sharing of information to help the COVID-19 response under Health Service Control of Patient Information Regulations 2002. This is to ensure that confidential patient information can be used and shared appropriately and lawfully for purposes related to the COVID-19 response.
This means that in some cases, Bristol City Council will be obliged to share your personal data with other services if it relates specifically to the COVID-19 response. This is a temporary measure which is under constant review and will not last beyond the duration of the pandemic response.
You can read the full COVID-19 privacy notice for how we are handling your data during the COVID-19 crisis.
This privacy notice explains how we use information about you and how we protect your privacy.
Each of our service areas have their own privacy notice with more detailed information. This covers how we handle your information for specific council services, including who we may share your information with and why.
For data protection information see our data protection policy page.
Who we are
Bristol City Council is the data controller and is responsible for ensuring that we:
- only collect and use the personal information necessary to provide you with a service, or for our interaction with you
- maintain the highest standards necessary to protect your personal information
Bristol City Council
Call: 0117 922 2000
Our Data Protection Officer monitors Bristol City Council’s compliance with the law and provides advice.
If you have any concerns or questions about how we look after your personal information, contact our Data Protection Officer:
Data Protection Officer
Bristol City Council
What is personal information
Personal information is anything that identifies and relates to a living person.
It can include information that when put together with other information can identify a person.
For example, this could be your:
- contact details
- bank details
- personal and family history
- identification numbers
- online identifiers
Special category information
Some personal information is more sensitive and needs more protection.
It's often information that is very personal to you and is information that can reveal or is concerning your:
- Racial or ethnic background
- Genetic or biometric data
- Political opinions
- Religious or philosophical beliefs
- Sex life
- Sexual orientation
- Trade union membership
Criminal Offence information is any information that can reveal or is concerning your criminal history.
We get most of the personal information we use from you and from what we learn about you through your interactions with us.
We may also get some information about you from:
- the technology you use to access our services
- information you make public on social media
- family members
- your legal representative
- information from publicly available sources
- health and education providers
- commissioned partners
- regulatory bodies
- police and other local authorities
Details about what information we get from other sources can be found in the different service area privacy notices.
Why do we need your personal information
We may need to use your personal information to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers
- help investigate any worries or complaints you have about our services
- keep track of spending on services
- check the quality of services
- help with research and planning of new services
- prevent and detect crime and fraud
There are circumstances when you are required by law or contract to provide personal information.
When this is the case, you can find the details in the different service area privacy notices.
Our legitimate interests
There may be some limited circumstances when we process your personal data as it is in our legitimate interests to do so.
When this occurs, our legitimate interests are provided in the relevant service area’s privacy notice.
We sometimes store small files called cookies on your computer or other device to help improve your experience on our website.
We collect web statistics automatically about your visit to our site based on your IP address.
This information is used to help us to improve your experience on our website.
Our use of automated decision making and profiling
There are some circumstances when BCC uses automated decision making and profiling.
When this occurs, details of this are provided in the relevant service area’s privacy notice.
How the law allows us to use your personal information
There are a number of legal reasons why we are allowed to collect and use your personal information.
These are different for each council service and the specific details are contained in their privacy notice.
A summary of these reasons is set out below:
You have given your consent for us to use your personal information.
We need the information because you have:
- entered into a contract with us, or
- asked us to do something before entering into a contract
We need the information to comply with the law.
We need the information to protect someone’s life in an emergency
We need the information to exercise our official authority and to carry out tasks in the public interests that are set out in law
We need the information to conduct our legitimate business for non-statutory services
Summary of additional legal reasons
There are additional legal reasons which have to apply when we process your special category personal information and criminal offence personal data.
A summary of these is set out below:
- We need your information for employment, social security or social protection purposes
- We need your information to deliver health or social care services
- You have made your information publically available
- You have given your explicit consent
- We need your information to defend or make legal claims
- There is a substantial benefit to society as a whole for us to use the information
- We need the information to protect someone’s life in an emergency
- We need the information to protect public health in the public interest
- We need the information for archiving, research or statistical purposes.
We process criminal offence personal data where it is authorised by law.
Who do we share your personal information with
Sometimes we have a legal duty to provide personal information to other organisations.
This includes where we have a statutory enforcement duty, disclosures we are required to make by law, to detect or prevent fraud and to audit or administer public money.
Sometimes we share data with other organisations in the exercise of our functions as a local authority, which includes via the Connecting Care system which enables health and social care professionals to share medical records.
We only share information if necessary and where we have a legal basis for doing so.
We may share your personal information with a range of organisations to store personal information on our behalf or help deliver our services.
When we do this, we always have an agreement in place to make sure that organisation complies with data protection law to keep your information safe.
When we share your personal information, details are provided in the relevant service area’s privacy notice.
We also share some personal information within Bristol City Council to ensure the successful delivery of local services.
Occasionally, we may share your personal information when we feel there is a good reason that is more important than protecting your privacy, for example:
- if there are serious risks to the public, our staff or other professionals
- to protect a child, or
- to protect adults who are thought to be at risk
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed by others, we’ll discuss this with you and if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
If the risk is so great we need to share information urgently, we’ll record:
- what information we share
- our reasons for doing so
We’ll let you know what we’ve done and why, if it is safe to do so.
From time to time we conduct surveys to establish information to assist us in gaining your direct thoughts and opinions on our products, systems (Facebook, Linked In, Websites etc) and services.
Each Survey will invite you to participate. this will be classed as asking for your consent to participate; your information gathered at the time of the survey will be only used for that purpose of the survey and will not assume consent for any other purpose.
In some circumstances Bristol City Council may use a Consultant company (3rd party) to run and manage surveys on our behalf. They will be specified in the Survey’s purpose statement.
Details of the purpose and scope of the Survey will be made clear for each Survey we may ask you to participate in, this will provide you with the details for you to clearly decide if you want to consent to participate in the Survey.
Personal data collected during the survey will be deleted upon the completion of the survey analysis and will not be stored or used for any other purpose. Each Survey will request your consent each time you participate.
Participation in our surveys will not impact or influence any future mailing preferences in the future and unless otherwise stated your participation will be anonymous.
Fraud Prevention and Detection
Bristol City Council is required by law to protect the public funds it administers.
We may share information provided to it with other bodies responsible for:
- administering public funds or
- where undertaking a public function, in order to prevent and detect fraud
How we protect your information
We work hard to make sure that the records we hold about you are:
- looked after securely
- only available to those who have a right to see them
Some of the ways we do this are by:
- controlling access to systems and networks
- training of staff so they understand how to look after your information
- putting in place controls over where data is stored
- ensuring personal information sent by e-mail is encrypted
- deleting personal information when it is no longer needed
More information about how we protect your personal information can be found in our information security policy.
Will my personal data be sent outside the UK
Most personal information we collect and use is stored on systems in the UK.
On occasion, your information may leave the UK:
- either to get to another organisation or
- if it is stored in a system outside the EU
Details of these transfers can be found in the service area privacy notices.
When this happens, we make sure the country it is sent to has the required level of data protection.
We take additional steps to protect your information including:
- making sure it is transferred securely
- there is a contract in place which ensures the recipient will protect your information
We do all we can to make sure your information is not sent to a country that is not deemed to look after your personal data sufficiently by the UK or EU governments.
If we have to send it to such a country, we will seek advice from the Information Commissioners Office first.
How long do we keep your personal information
We'll only keep your information as long as we need to.
Each service states how long your information may be kept for in its privacy notice. This ranges from months for some records to indefinitely for others.
Sometimes the law states how long we must keep personal data for. We try to include all of these time limits in our Retention Schedule.
Your rights in relation to your personal information that we collect and use
You have a number of rights in relation to the personal information we collect and use about you.
Further information about these rights can be found on the Information Commissioner’s individual rights page.
You can ask for access to a copy of the personal information we have about you in both paper and electronic records.
If you would like a copy of the personal information we hold about you, you can contact us either by:
- online Subject Access Request form
- email: firstname.lastname@example.org
- or by writing to our Data Protection Officer
We cannot share any information which contains:
- personal information about other people
- information a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing
Additionally, we will not give you a copy of the personal information if we think that giving it to you may stop us from preventing or detecting a crime.
You can ask us to change information you think is inaccurate
If the information we hold about you is inaccurate or incomplete let us know by contacting Citizens Services.
We may not always be able to change or remove the information but we:
- will correct factual inaccuracies
- may include your comments in the record to show that you disagree with it
You can ask for your information to be deleted
In some circumstances you can ask for your personal information to be deleted for example, where:
- your information is no longer needed for the reason for which it was collected in the first place
- you have removed your consent for us to use your information
- there is no legal reason allowing our use of your information
- deleting the information is a legal requirement.
We don’t have to delete your information if:
- we are required to have it by law
- it’s used to carry out a task in the public interest or our exercise of official authority
- it’s used for freedom of expression and information
- it‘s used for public health purposes or preventative or occupational medicine purposes (special category data only)
- it’s scientific or historical research, or statistical purposes where it would make information unusable
- it’s necessary for legal claims
You can ask us to limit what we use your personal data for
You are able to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information and have told us about it
- we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When use of information is restricted, it can’t be used other than to securely store the information and with your consent to handle legal claims and protect others or where it is required by law.
When use of information is restricted at your request, we will inform you before we carry on using your personal information.
You can ask us to stop using your personal information for any council service. If this request is granted, this may cause delays or prevent us delivering that service.
Where possible we’ll try to comply with your request, but we may need to hold or use information because we are required to by law.
You can ask to have your information moved to another provider (data portability)
If we are using your information with your consent or to comply with a contract, and we use it only through a computer, you have the right to ask for your personal information to be given to you or another service provider in a machine readable format.
It’s unlikely this will apply in relation to personal information used by the Council.
You can ask to have any computer made decisions explained to you, including details of how we may have ‘profiled’ you.
You have the right to question decisions made about you by a computer, unless the use of your information in this way is needed to:
- comply with a contract between you and the Council or
- it is required by law or you have given your consent to your information being used in this way
This includes the right to object if you are being ‘profiled’, that is, decisions are made about you based on your personal information.
You can object to us sending you direct marketing
You have the right to ask us to stop sending you marketing information about our services. If you ask us to stop, we will do so.
You may have the right to object to our use of your personal information
In some circumstances you can object to our use of your personal data. In these circumstances we weigh your right to privacy against the wider public interest in continuing to use your data.
You have the right to withdraw your consent
When we rely on your permission to use your personal information, you have the right to withdraw your consent to us using your personal information at any time.
How to exercise your rights
You can exercise any of these rights, ask questions about how we use your personal data or complain by contacting us at email@example.com
You can also write to our Data Protection Officer at:
Data Protection Officer
Bristol City Council
If you think we have dealt with your information inappropriately or unlawfully, you have the right to complain to the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office