Data Controller – Somerset Council – ICO Registration Z5957592
Data Protection Officer contact – email@example.com
Purpose for processing – reducing health inequalities, increasing life expectancy. The priorities are to:
- Provide expert public health advice and intelligence to the Health & Wellbeing system
- Improve outcomes and narrow inequalities through influencing public policy and commissioning
- Commission high quality, effective and efficient public health services
- Protect the population’s health
For more information about the work of Public Health please see:
Legal basis for processing
By law – Public Health is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the priorities detailed above (details of specific legislation are shown below). In some cases, Public Health may ask for your explicit consent to process your personal data, see below for more details.
- Public Health (Control of Disease) Act 1984, amended by the Health and Social Care Act 2008
- Health and Social Care Act 2012
- Local Authorities Regulations 2013, Regulations 3,4,5,6,7,8
- NHS Bodies and Local Authorities Regulations 2012
- Regulations under Section 6C of the NHS Act 2006
- Social Value Act 2012
- Civil Contingencies Act 2004
Legitimate interests – Public Health uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Public Health will be shared with a range of partners when providing services including the NHS. When Public Health is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – in cases where you or another member of the public may be at risk your personal information will be shared.
Other statutory obligations – in cases where the council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the council has no other legal obligation concerning that data.
You also have the right to complain to the regulator: Information Commissioner’s Office (IOC).
Consequences – in some cases, if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent – if the legal basis for processing is explicit consent we will need to ensure you are provided with a:
- Clear explanation of exactly what is being consented to
- Clear “opt-in”
- Clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR) – to meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with opt-in options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.