Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer Contact – firstname.lastname@example.org
Somerset County Council’s Contact Centre provides a ‘front door’ for customers contacting the Council by telephone, email, Facebook Messenger and through web chat. The personal information processed by Contact Centre staff will depend on the nature of the contact and the services requested but may include:
- Identifying information (such as name, address, contact details, date of birth, family information, unique identification number (e.g. NHS Number).
- Details of services received and/or required.
- Special category data as defined in Article 9 of the General Data Protection Regulation.
Purposes for processing
We use your personal information to:
- Understand the nature of your enquiry and provide information and advice about services which you are requesting or that we feel may be of benefit.
- Deliver or enable the delivery of our services.
- Make referrals to our services.
- Signpost to other organisations where appropriate.
Legal basis for processing
We rely on the following provisions of the General Data Protection Regulation (GDPR) as the lawful bases for processing your personal data:
- Article 6 1(e) – Public task
Somerset County Council carries out a number of tasks across all services in the public interest or in the exercise of official authority vested in us and, in some cases, it is necessary to process your personal data in order to undertake such tasks. The Contact Centre works across the whole council, providing a ‘front door’ for all services. All data processed by the Contact Centre in relation to our wider services will be processed in accordance with the relevant privacy notices.
We rely on the following provision of the General Data Protection Regulation (GDPR) as the lawful basis for processing your special category data:
- Article 9 2(g) – substantial public interest
In order to deliver some services it may be necessary to process data which is classed as special category. This is information about you which, due to the nature of it, is afforded additional protections under data protection law.
The legislation to which our public tasks relate are detailed on service privacy notices where appropriate.
Your personal information may be shared with internal departments or with external partners and agencies involved in delivering services on our behalf. However, we will only share information with organisations who will also comply with appropriate data protection laws. You will be informed in the service specific privacy notice of who your data may be shared with (if at all) and appropriate contracts or agreements will be in place to ensure the data sharing is appropriately managed.
We have appropriate security measures in place to prevent personal information from being accidentally lost or misused. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
Your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
The Contact Centre records telephone conversations (inbound and outbound) and stores emails and Facebook Messenger and web chat transcripts for quality monitoring and training purposes. Calls recordings and emails will be retained for 12 months and web chat and Facebook Messenger transcripts will be retained for a period of 6 months.
Service specific data collected by the Contact Centre will be transferred to the appropriate service/systems and will be retained in accordance with the stated requirements of that service.
Under the General Data Protection Regulation (GDPR) you have a number of rights in relation to the data we hold about you. These include the right to ask for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. Further information about your rights and how to exercise them can be found on our website.
You also have the right to complain to the regulator (The Information Commissioner) and details can be found at https://ico.org.uk/make-a-complaint/
In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.