IMPORTANTPayment service unavailable - We are making important improvements to our payment system, so phone and online payments are unavailable until Wednesday 4 December. Find out more about the improvements and other ways to pay during this time.

Overarching Privacy Notice

Somerset Council provides a wide range of services to the people of Somerset. In order to provide those services, we process large amounts of your personal data. Personal information is any information which identifies and relates to a living person.

We are registered as a data controller for the data we collect, process, and hold, and our Data Protection Notification (registration number Z5957592) includes generic information about the types of personal data we process, what we use it for, and who we share it with.

Contact details

Somerset Council
County Hall
Taunton
TA1 4DY

Phone 0300 123 2224

Data protection officer (DPO)

Lucy Wilkins

Contact the Data Protection Officer by email on informationgovernance@somerset.gov.uk

This notice is overarching and provides general information about how the Council processes data. Please refer to service privacy notices for specific information about how the services you are engaged with collect, use and hold your data.

Purpose for processing

We collect, use and hold personal information so that we are able to effectively deliver our services.

We will use your information to support us with one or more of the following:

  • delivering services and support to you or your family
  • managing services we provide to you or your family
  • training and managing the employment of our workers who deliver our services
  • investigating any worries or complaints you have about our services
  • keeping track of spending on services
  • checking the quality of services
  • researching and planning new services

Categories of personal data

We collect information in a variety of ways including paper forms, web forms, in a face-to-face meeting with you, by telephone, email or letter, through the use of CCTV or sometimes from one of our partners. We also sometimes receive information about you from people you know, if they are concerned about you, or you have given them permission to represent you.

The information we collect will depend on the services delivered but may include:

  • personal details
  • family details
  • lifestyle and social circumstances
  • goods and services
  • financial details
  • employment and education details
  • housing needs
  • visual images, personal appearance and behaviour
  • licences or permits held
  • student and pupil records
  • case file information

For some services, we may also require information that falls under the following special categories (sensitive information):

  • physical or mental health details
  • racial or ethnic origin
  • trade union membership
  • political affiliation
  • political opinions
  • offences (including alleged offences)
  • religious or other beliefs of a similar nature
  • criminal proceedings, outcomes and sentences
  • biometric information

Legal basis for processing

To process your personal data, we must have a lawful basis under Article 6 of the General Data Protection Regulation and under Article 9 if we are processing special category data.

Some of our services are required by law or we have a public duty to deliver them. In other cases, services may be non-statutory but available on request. This will affect the lawful basis on which we rely to process your personal data and that will be specified in the service privacy notices.

Data sharing

In some circumstances we have an obligation to work with and share information with partner organisations such as the NHS, schools and Police. Sometimes we contract external organisations to deliver services on our behalf and it is necessary to share information with them so that that they can provide those services.

Service specific privacy notices will explain who we will share your data with.

We also work with many partner organisations, sometimes to meet a legal obligation, and sometimes with your consent. Whenever we need to share your information we will tell you when we collect it. If we obtain your information from another organisation, we will tell you as soon as is reasonably possible.

Where appropriate, the personal information we have collected from you will be shared with fraud prevention agencies. They will use it to prevent fraud and money laundering, and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. You can find further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, on the CIFAS website.

Data storage

Your data will not be transferred abroad unless this is stated in the service specific privacy notice. Your data will be retained in line with the council’s retention schedule and details for each service will be provided in their privacy notices.

Organisational Use of Generative Artificial Intelligence

At Somerset Council, we are committed to transparency and the responsible use of Generative Artificial Intelligence (AI) in our business processes. This notice aims to inform you about how we implement Artificial Intelligence and your rights regarding its use. We are dedicated to safeguarding your privacy and ensuring that our AI implementations are ethical and transparent. If you have any questions or concerns about how Artificial Intelligence is used within our organization, please do not hesitate to contact us. At no point will Artificial Intelligence be used as a purely automated decision-making tool. The Council has considered the impacts of utilising this technology, and a Data Protection Impact Assessment has been completed.

For any queries relating to our use of AI , please contact us at InformationGovernance@somerset.gov.uk.

Artificial Intelligence in Business Processes

For any Artificial Intelligence  implementation that assists a business process, we ensure that individuals are informed of its use before their user journey begins. This means that if Artificial Intelligence is being used to facilitate or enhance a business operation that you are involved in, you will be notified at the outset. Our goal is to provide clarity and maintain trust in our AI -driven processes. When using Generative Artificial Intelligence tools, we will never train any Artificial Intelligence model with end user data.

Artificial Intelligence for Personal Productivity

If Artificial Intelligence is used solely as a drafting or research tool by a member of staff for personal productivity or accessibility benefits, disclosure is not required. These tools are designed to aid individual tasks and do not impact broader business processes or decision-making. Therefore, no specific notification will be provided for such uses.

Your rights

You have a number of rights in relation to your personal data including the right to ask for a copy of the information we hold about you. For more information, please see our information rights section. You also have the right to complain about how we use and share your data to the Information Commissioner’s Office.

You can contact the Data Protection Officer by email on informationgovernance@somerset.gov.uk  or write to them to make a complaint about the way that Somerset Council has handled your personal data.

For information about the data we collect and how we use it in relation to specific services, please see the links to service specific privacy notices below.

Service Privacy Notices

Your rights

You can find out about your rights on the information we hold about you.

Last updated: November 19, 2024

Next review due: May 19, 2025

Back to top