Somerset County Council (SCC) complies with the Data Protection Act 1998 and is registered as a ‘data controller’.
Our Data Protection Notification (registration number Z5957592) includes information about the types of personal data we process, what we use it for, and who we share it with.
How your personal data is collected, used and shared
Personal Data: This typically includes your name, gender, date of birth and contact details. We collect and use your personal data to provide, and improve, our public services to you, and to ensure we meet our statutory obligations. Your personal data may be collected on a paper or online form, by telephone, email, or by a member of our staff, or one of our partners.
Sensitive Personal Data: This typically includes health and social care data and potentially your NHS number. This is required for statutory services, such as education and social care, protection of vulnerable children and adults, and the support of public health and wellbeing, and may involve collecting, using and sharing Sensitive Personal Data as defined by the Data Protection Act 1998.
Whenever we request personal data from you, you should be told about who is collecting the data, the specific purposes it will be used for, and who it may be disclosed to
Types of Data and how they may be shared
The types of data that are typically shared to provide joined up services include your name, contact details, date of birth, gender and NHS number.
We only share sensitive personal data in limited circumstances: where we are required to do so by law or where it is necessary to fulfil our statutory obligations. This includes providing a range of public sector services for your health and social care, and the safeguarding of vulnerable children and adults.
The sharing of personal data will include the linking of data sets held by SCC, the NHS and other public sector partners to comply with our statutory duties and to provide joined up services.
Your personal information may be shared with external service providers, acting on our behalf, in order to provide the public services you have requested from us. We undertake to share only information which is relevant and necessary for the provision of the relevant service. People we share your information with are obliged to keep your details securely, and use them only to fulfil your request.
We do not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent.
Anonymised and pseudonymised data
Your personal data may be aggregated with others and anonymised to create statistics that will be used to plan and commission services. No one who accesses this data will be able to see from whom the data originated, nor be able to trace it back to you. However, we may also collect statistical health data from the NHS which they have pseudonymised by using sophisticated encoding techniques. This data could be traced back to you, but only by persons within the NHS who are authorised to access the “key” to decode such data.
The Security of your data
SCC and its partners endeavour at all times to keep your personal data secure by storing it in secure servers both on-site and in Government accredited cloud storage. SCC endeavours to send all personal data to and from partners using encrypted email services.
Retention of your personal data
SCC will only retain and store your data for as long as it is needed for the purpose for which it was collected, or as required by the law, or as dictated by best practice as recommended by the Information and Records Management Society (IRMS).
The use of your personal data by the Joint Customer Call Centre
Somerset County Council and Taunton Deane Borough Council have a shared call centre. Your data may be collected by either an SCC or a TDBC employee, the call is then sent to the relevant service to be dealt with.
Further details on how the call centre processes your data
Prevention of Fraud
We must protect public funds and may use personal information and data-matching techniques to detect and prevent fraud, and ensure public money is targeted and spent in the most appropriate and cost-effective way. To achieve this, information may be shared with other bodies responsible for auditing or administering public funds including the Audit Commission, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. For more information see: The National Fraud Initiative.
We may also use personal information to identify and assist individuals: whose vital interests are threatened, and /or who need additional support during emergencies or major incidents, for example emergency evacuation.
We reserve the right to monitor and record electronic communications (website, email and phone conversations). There are a number of reasons why we may do this; staff training, records of conversations or detection, investigation and prevention of crime. We will inform you if your call is being recorded or monitored.
Any email sent to us, including any attachments, may be monitored for reasons of security and making sure they comply with our information governance policy. You have a responsibility to make sure any email you send to us is within the bounds of the law. Emails that we send to you or you send to us may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedule.
CCTV: We have installed CCTV systems in some of our public premises for public and staff safety, crime prevention and crime detection. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for more information about the scheme. We will only disclose CCTV images to others for the purposes stated above.
Your information rights:
You have a right to see the information we hold about you. More information on accessing your personal data .
If you find that we hold information about you that is not accurate you may have the right to have this corrected. To correct inaccurate information held about you please contact us.
There may be circumstances in which you can “opt-out” of your personal data being used for data sharing. To “opt-out” of information sharing, please contact us. Please note your request will not affect our statutory duties to share your information in circumstances where we are legally obliged to do so.
You also have a right to make a complaint if you believe that your personal data has been shared inappropriately. More information about how to make a complaint is available on our customer feedback page.
For more information from Somerset County Council please contact:
The Information Governance Team, Somerset County Council, County Hall, Taunton, TA1 4DY. firstname.lastname@example.org.
For Independent advice please contact the Information Commissioners Office (ICO)
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF - Phone: 0303 123 1113 (local rate) or 01625 545 745 - email@example.com