Privacy statement: what we do with your personal data

Privacy statement: what we do with your personal data

Your privacy is important to us and we take great care to protect it. We collect your personal details when you fill in a form, write us a letter, phone us or send us an email.

For data protection information see our data protection policy page.

How we handle your data

The Secretary of State for Health and Social Care has directed NHS Digital to collect and analyse data from providers and other organisations involved in managing the coronavirus (COVID-19) response and then disseminate information and analysis to other bodies for the purpose of planning and managing the response.

All local authorities have been given legal notice to support the processing and sharing of information to help the COVID-19 response under Health Service Control of Patient Information Regulations 2002. This is to ensure that confidential patient information can be used and shared appropriately and lawfully for purposes related to the COVID-19 response.

This means that in some cases, Bristol City Council will be obliged to share your personal data with other services if it relates specifically to the COVID-19 response. This is a temporary measure, which is currently due to expire on 30 March 2021.

You can read the full COVID-19 privacy notice for how we are handling your data during the COVID-19 crisis.

Who we are

Bristol City Council is responsible for ensuring we only collect the information necessary to provide you with a service, to only share your information when it has a legal basis to do so, and to ensure we maintain the highest standards necessary to protect your information.

Our main office is based at:
Bristol City Council
City Hall
College Green

Telephone: 0117 922 2000

Why we collect your information 

So we can deliver our many services we must collect personal information about our citizens, service users, staff and anyone else we provide a service to and receive a service from.  

We will not disclose your information for marketing purposes unless you have given us permission to do so.  

We will use the data to plan service provision, and help managers to monitor the efficiency, effectiveness and quality of services.

Specifics about why information is collected for our various services can be found in the Privacy Notices tab below.

Personal information recorded on CCTV

We also use CCTV as a tool in reducing crime and monitoring Bristol’s transport systems. So from time to time your image may be captured as part of our CCTV network. 

Refer to the Privacy Notice tab below for more information on how your information is used.

When do we share your information

There are some circumstances where the council is by law required to pass on your information.

This includes where we have a statutory enforcement duty; disclosures we are required to make by law; or to detect or prevent fraud and to audit or administer public money.  

For more information visit our fraud prevention and detection page.  

We will also share information:

  • To deliver a service you have requested we will pass your information to contractors, suppliers and other partner agencies.
  • So that health and social care professionals directly involved in your care, can share a summary of your medical record via a secure system called Connecting Care.  
  • To help improve the health and wellbeing of Bristol residents. This data comes from a range of sources including hospitals and birth/death registrations. Find out more on our Healthy Living page.
  • We may also use your data to identify, understand and meet the needs of individuals and families who will benefit from a multi- agency response. For more information visit our Think Family page.
  • We may also share this data with other parts of BCC to improve the overall service you receive.
  • As required by central government, we may also share data to comply with statistical return requirements

We may also share your information without asking you if the law says we must or there is a risk of serious harm or threat to life. 

How long we will keep your information for

We will keep your information only as long as we need to.  Sometimes the law tells us how long we must keep personal data for.  

We have a Retention Schedule (spreadsheet, 289KB) (opens new window) which lists all the categories of data we keep and when it must be deleted by. 

Different parts of the council’s business require different retention periods, and the length of time we need to keep your information for will be included in the Privacy Notice tab below relevant to the council service you use.

Transfer of personal data outside the UK

For the most part personal data we collect is only processed by processors within the EU. However in the small number of cases where that is not possible we ensure data processed by countries outside the EU have formally recognised levels of adequate data protection in full compliance with:

  • GDPR Article 45 “Transfers on the basis of an adequacy decision" or
  • Article 46 “Transfers subject to appropriate safeguards”

This ensures the same levels of protection for your information as we do here in the UK.

In some exceptional circumstances, the council may use Zoom under strict internal guidelines for video conferencing involving personal data. Data processed via Zoom is processed within the USA and safeguarded by the EU-US Privacy Shield Framework that enables the safe transfer of data under EU law. Visit their website to read the ZOOM Privacy Policy.

How to make an enquiry about your data or lodge a complaint

You have the right to object to the processing of your information and to have any inaccurate information corrected.

In certain circumstances you have the right to have data held about you erased, or the use of it restricted, you may be able to object to processing as well as have the right to have your data transferred to another data controller. 

You can submit an enquiry if you want to:

  • See the information we hold about you (including accessing any CCTV footage of yourself), this is known as a Subject Access Request, more details and how to make a request can be found on the Data Protection and Subject Access Request page.
  • Update or correct your information if it is inaccurate by contacting Citizens Services.
  • Raise any concerns or complaints, restrict how we process your data, object to processing by contacting the Data Protection Officer.

If you need to contact the Council’s Data Protection Officer, you can email or write to:

Data Protection Officer
Bristol City Council 
P O Box 3399

You also have the right to complain to the Information Commissioner’s Office (ICO) if you think we have dealt with your information in an inappropriate manner.

You can write to the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane

How we use cookies on our websites

We sometimes store small files called cookies on your computer or other device to help improve your experience on our website. 

We collect web statistics automatically about your visit to our site based on your IP address. This information is used to help us to improve your experience on our website.

Fraud Prevention and Detection

Bristol City Council is required by law to protect the public funds it administers.

It may share information provided to it with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

Internal Audit may use your data for testing purposes in order to fulfil its responsibilities under the Accounts and Audit Regulations 2015 (Section 5).

Privacy Notices

To understand what legal right we have to collect your information, what we use your information for, with whom we share it and for how long we keep it click on the links below to take you to the privacy notice for the council services you use.