Overarching Privacy Notice

Somerset Council provides a wide range of services to the people of Somerset. In order to provide those services, we process large amounts of your personal data. Personal information is any information which identifies and relates to a living person.

We are registered as a data controller for the data we collect, process, and hold, and our Data Protection Notification (registration number Z5957592) includes generic information about the types of personal data we process, what we use it for, and who we share it with.

Contact details

Somerset Council
County Hall
Taunton
TA1 4DY

Phone 0300 123 2224

Data protection officer (DPO)

Lucy Wilkins

Contact the Data Protection Officer by email on informationgovernance@somerset.gov.uk

This notice is overarching and provides general information about how the Council processes data. Please refer to service privacy notices for specific information about how the services you are engaged with collect, use and hold your data.

Purpose for processing

We collect, use and hold personal information so that we are able to effectively deliver our services.

We will use your information to support us with one or more of the following:

  • delivering services and support to you or your family
  • managing services we provide to you or your family
  • training and managing the employment of our workers who deliver our services
  • investigating any worries or complaints you have about our services
  • keeping track of spending on services
  • checking the quality of services
  • researching and planning new services

Categories of personal data

We collect information in a variety of ways including paper forms, web forms, in a face-to-face meeting with you, by telephone, email or letter, through the use of CCTV or sometimes from one of our partners. We also sometimes receive information about you from people you know, if they are concerned about you, or you have given them permission to represent you.

The information we collect will depend on the services delivered but may include:

  • personal details
  • family details
  • lifestyle and social circumstances
  • goods and services
  • financial details
  • employment and education details
  • housing needs
  • visual images, personal appearance and behaviour
  • licences or permits held
  • student and pupil records
  • case file information

For some services, we may also require information that falls under the following special categories (sensitive information):

  • physical or mental health details
  • racial or ethnic origin
  • trade union membership
  • political affiliation
  • political opinions
  • offences (including alleged offences)
  • religious or other beliefs of a similar nature
  • criminal proceedings, outcomes and sentences
  • biometric information

Legal basis for processing

To process your personal data, we must have a lawful basis under Article 6 of the General Data Protection Regulation and under Article 9 if we are processing special category data.

Some of our services are required by law or we have a public duty to deliver them. In other cases, services may be non-statutory but available on request. This will affect the lawful basis on which we rely to process your personal data and that will be specified in the service privacy notices.

Data sharing

In some circumstances we have an obligation to work with and share information with partner organisations such as the NHS, schools and Police. Sometimes we contract external organisations to deliver services on our behalf and it is necessary to share information with them so that that they can provide those services.

Service specific privacy notices will explain who we will share your data with.

We also work with many partner organisations, sometimes to meet a legal obligation, and sometimes with your consent. Whenever we need to share your information we will tell you when we collect it. If we obtain your information from another organisation, we will tell you as soon as is reasonably possible.

Where appropriate, the personal information we have collected from you will be shared with fraud prevention agencies. They will use it to prevent fraud and money laundering, and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. You can find further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, on the CIFAS website.

Data storage

Your data will not be transferred abroad unless this is stated in the service specific privacy notice. Your data will be retained in line with the council’s retention schedule and details for each service will be provided in their privacy notices.

Your rights

You have a number of rights in relation to your personal data including the right to ask for a copy of the information we hold about you. For more information, please see our information rights section. You also have the right to complain about how we use and share your data to the Information Commissioner’s Office.

You can contact the Data Protection Officer by email on informationgovernance@somerset.gov.uk  or write to them to make a complaint about the way that Somerset Council has handled your personal data.

For information about the data we collect and how we use it in relation to specific services, please see the links to service specific privacy notices below.

Service Privacy Notices

Your rights

You can find out about your rights on the information we hold about you.

Last updated: August 20, 2024

Next review due: February 20, 2025

Back to top