Somerset COVID-19 Helpline and Web Service
Privacy Notice – Somerset COVID-19 Helpline and Web Service
Data Controllers
Somerset County Council – ICO Registration Z5957592
Mendip District Council – ICO Registration Z7552163
Sedgemoor District Council – ICO Registration Z5968381
South Somerset District Council – ICO Registration Z7228012
Somerset West and Taunton Council – ICO Registration ZA508925
Data Protection Officer contacts
informationgovernance@somerset.gov.uk
DPO@mendip.gov.uk
FOI@sedgemoor.gov.uk
DPO@southsomerset.gov.uk
DPO@somersetwestandtaunton.gov.uk
Purpose for processing
The personal data that you provide is used for the operation of the joint Somerset single COVID-19 telephone helpline and equivalent web service. The helpline/web service is a joint service between Somerset County and District Councils and provides signposting, advice and support in matters relating to the COVID-19 (Coronavirus) pandemic.
Categories of personal data
The personal data processed will depend on the nature of the enquiry made, but will include name and contact details and may include special category data (data which requires an additional level of protection due to the sensitivity of it), such as information about your health conditions.
Legal basis for processing
General personal data:
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Special category data:
Article 9(2)(g) – processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health
Data sharing
The COVID-19 helpline and web service is operated in Somerset as a joint venture between the County and District Councils. Information provided to the helpline or online will be passed to the appropriate council for action or shared with other public service partners (e.g. health providers) or voluntary services where they are appropriate to meet the need.
Your personal information may also be shared where there is a statutory obligation to do so – for example, to safeguard someone from harm or for the prevention or detection of crime or fraud.
Transfers abroad
Your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention
This data will be retained for a period of 3 years. Data may be used during this period for training, quality control and analytics.
Your rights
You have a number of rights in relation your personal data, including the the right to ask for a copy of your data. Please refer to the relevant council website for further details:
South Somerset District Council
Somerset West and Taunton Council
It should be noted that not all rights apply in all cases and that these rights are only applicable if the Council has no other legal obligation concerning that data. More information about your rights.
You also have the right to complain to the regulator,
Introduction
We provide a wide range of services to the people of Somerset. To provide those services, we process large amounts of your personal data.
We are registered as a data controller for the data we collect, process, and hold, and our Data Protection Notification (registration number Z5957592) includes generic information about the types of personal data we process, what we use it for, and who we share it with.
Contact details
Somerset County Council
County Hall
Taunton
TA1 4DY
Phone: 0300 123 2224
Email: generalenquiries@somerset.gov.uk
Data protection officer (DPO)
Lucy Wilkins
You can contact the DPO by email on informationgovernance@somerset.gov.uk
For information about the data we collect and how we use it in relation to specific services, please see the links to service specific privacy notices under Service specific privacy notices.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
If you wish to remove your consent at any time, please clear your local storage.
Google Analytics
Collects anonymous information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect anonymous information, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Forms
Our online forms use cookies to store and send information. They only use the information you choose to provide to us, which we will process in accordance with our data policies.
Most web browsers allow some control of most cookies through the browser settings.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
You can learn more about how we manage your data and your rights on our Privacy Notice.
Security
Our security software tracks IP addresses and host information to prevent attacks from malicious sources. We do not collect any personal information using this software.
Cookie names: jJdLTSncPpxvqy, lgaLzEVJsXnDQ
Cookie type: Expires after 1 day
Domain: somerset.gov.uk
Siteimprove
Cookie name: nmstat
Cookie type: Persistent – expires after 1000 days
Domain: somerset.gov.uk
About: This cookie is used to help record the visitor’s use of the website.
It is used to collect statistics about site usage such as when the visitor last visited the site.
This information is then used to improve the user experience on the website. This Siteimprove Analytics cookie contains a randomly generated ID used to recognize the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics.
Cookie name: siteimproveses
Cookie type: Session cookie
Domain: 2734886.global.siteimproveanalytics.io
About: This cookie is used purely to track the sequence of pages a visitor looks at during a visit to the site. This information can be used to reduce user journeys, and enable visitors to find relevant information quicker.
Cookie name: szcib
Cookie type: Persistent – expires after 400 days
Domain: somerset.gov.uk
About: This cookie is used to determine if the user has accepted or declined cookies. This is only set if you use the Siteimprove Cookie Info Banner solution
Cookie name: sz-feedback-should-hide
Cookie type: Session cookie
Domain: somerset.gov.uk
About: This cookie is used to hide/close a feedback widget for specific sessions (visits) on the Analytics Feedback feature. It is set when a user clicks a button in the feedback widget which indicates they don’t wish to see the widget again. The cookie contains no personal information and is used only for web analytics. It simply contains the text ‘true’ when it is set.
Cookie name: _cfduid
Cookie type: Persistent cookie
Domain: .siteimproveanalytics.com
About: The “__cfduid” cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. See: What does the CloudFlare cfduid cookie do?
Adult and health services
Directorate – Adult’s Services
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
- Safeguarding policy: Chair Safeguarding Adults Board
- Champion of standards and excellence of service provision for older people and adults with learning disabilities
- Community safety
- Drugs and alcohol partnership
- Personalisation
- Adult safeguarding
- Adult care management
- Long term care and support
- Integrated care with the NHS – SIDeR
Legal basis for processing
By law – Adult’s Services is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the services detailed above, the relevant legislation is listed in the service privacy notices listed on this web-page. In some cases, Adult’s Services may ask for your explicit consent to process your personal data, see below for more details.
Legitimate interests – Adult’s Services uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Adult’s Services will be shared with a range of partners when providing services. When Adult’s Services is required to share your personal data, you will be informed of specific data sharing organisations at the point your data is collected.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) A clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.
Children and Families (Children’s Social Care)
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing – We will process personal information about you and your family in order to provide you with appropriate services and to protect children and young people.
Business area – Contact and Referral
Purpose for processing – To assess and identify appropriate services for children and young people.
Business area – Early Support (Children with Disabilities)
Purpose for processing – To assess and identify appropriate support services for children and young people with Disabilities.
Business area – CIN (Children in Need)
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for Children in Need.
Business area – Child Protection
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to protect children at risk of harm and to support improved outcomes for Children in Need.
Business area – CLA (Children Looked After)
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for children who cannot live at home.
Business area – Leaving Care
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for young people who have been Looked After.
Business area – Adoption
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for children who are being adopted.
Legal basis for processing – by law
The relevant laws and regulations that provide the legal basis for processing personal data for the purposes defined above.
Contact and Referral
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
Early Support (Children with Disabilities)
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
CIN
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
Child Protection
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
CLA
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
Leaving Care
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
Adoption
- The Children’s Act 1989
- The Children & Young People’s Act 2008
- The Chronically Sick and Disabled Persons Act 1970
Legitimate interests – Somerset County Council will also use your data for the purposes of monitoring quality, audit, and for dealing with any enquiries or complaints.
Data sharing – the personal data provided will be shared with Somerset County Council colleagues and professionals from partner organisations, including Children’s Social Care, Education, Adults Social Care, Health, Housing and Police, in order to provide you with appropriate services and to protect children. This may include: your GP, schools and school nurses, mental health professionals, health visitors and midwives, probation officers, youth justice workers, educational psychologists, psychiatrists, psychologists, housing providers, Department of Work and Pensions, drug and alcohol workers and early years.
Where appropriate, this will be done under the Child Health Information Service procedures or as part of the Education, Health & Care Plan.
Transfers abroad – Your personal information will normally remain within the UK / European Union. If your information needs to be sent abroad you will be informed prior to any transfer.
Data retention – Somerset County Council will retain your information while it is providing you with a service and in accordance with Somerset County Council retention policies and associated statutory guidance, taking into account any legal injunction preventing the destruction of records. Statutory retention periods are based on the level of service provided: should we need to share your information for safeguarding purposes, the investigation of crimes, or because a child is looked after or adopted, the highest tariff will apply to all information held by Somerset County Council.
Please note that due to the current independent inquiry into child sexual abuse (IICSA) all records will be retained until further notice. Once the Inquiry is complete and the legal hold lifted the retention will return to the retention listed below.
Business area – Contact and Referral
Retention category – 3 years
Business area – early Support (Children with Disabilities)
Retention category – 3 years
Business area – CIN
Retention category – up to 21 years
Business area – Section 47 (no outcome of Child Protection)
Retention category – 35 years
Business area – Child Protection
Retention category – 75 years
Business area – CLA
Retention category – 75 years from 18th birthday
Business area – Leaving Care
Retention category – 75 years from 18th birthday
Business area – Adoption
Retention category – 100 years
Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/
Children's Services
Directorate – Children’s Services
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purposes for processing
- Provision of education and associated services
- Safeguarding children
- Providing services to vulnerable families, troubled families, children in need and children with disabilities
- Commissioning Sufficiency of Early Years and School places
- Proving business support for children’s services
- Providing Looked after placements; residential, fostering and adoption services
- Provision of Youth Offending and Targeted Youth Services
- Compact
- Personalisation
Legal basis for processing
By law– Children’s Services is required by a number of UK laws and European Regulations and Directives to ensure the delivery of a number of statutory services.
Public task – Children’s Services deliver a number of services in the exercise of official authority or perfom specific tasks in the public interest.
Legitimate interests – Children’s Services uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Consent – Where no other lawful basis applies, the Council will ask for your consent to process your personal data.
Data sharing – the personal data held/provided to Children’s Services will be shared with a range of partners in order that we can meet our statutory obligations and provide services. Data sharing will only take place when it is lawful to do so and will be done in compliance current data protection legislation.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared as necessary in order to protect from individuals from harm.
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for: a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator – ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Corporate Affairs
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
- Customer and community insight – business intelligence
- Customer contact
- Customer experience and information governance
- Internal and external communications
- Performance
Legal basis for processing
Public task – Corporate Affairs is required to act in the public interest to perform public duties to ensure the delivery of the services detailed above. In some cases, Corporate Affairs may ask for your explicit consent to process your personal data, see below for more details.
Legitimate interests – Corporate Affairs uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Corporate Affairs will be shared with a range of partners when providing services including National Government Departments, the NHS, the Police and other Local Authorities. When Corporate Affairs is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing.
However, these rights are only applicable if the Council has no other legal obligation concerning that data. For more information about your rights and details of how to exercise them see https://www.somerset.gov.uk/our-information/your-rights-on-the-information-we-hold-about-you/
You also have the right to complain to the regulator, ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.
Economic and community infrastructure
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
- The Commissioning, development, and improvement of Economic and Community infrastructure (ECI) including the Local Enterprise Partnership (LEP), Connecting Devon and Somerset (CDS), Hinkley Point, and the Rivers Authority.
- Delivery of ECI services, including highways, traffic management, transport, libraries, registration services, parking, rights of way, scientific services, and infrastructure delivery and ECI business support.
- Commissioning of ECI services, both internal and external, including development of policies. Services commissioned include highways, traffic management, transport, libraries, registration services, rights of way, leisure, heritage, AONB, waste, scientific services, economic development and planning, civil contingencies unit and project management unit.
- Delivery of the Somerset Waste Partnership.
Legal basis for processing
By law – ECI is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the services detailed above, the specific legislation is listed in the service privacy notices listed on this web-page. In some cases ECI may ask for your explicit consent to process your personal data, see below for more details.
Legitimate interests – ECI uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to ECI will be shared with a range of partners when providing services. When ECI is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) A clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.
Finance, legal and governance
Directorate – Finance, Legal and Governance
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
- Financial Services
- Legal Services
- Governance, including Member Support
- S151 Role
Legal basis for processing
By law – Finance, Legal and Governance is required to in response to a number of laws and statutory instruments to ensure the delivery of the services detailed above. In some cases, Finance, Legal and Governance may ask for your explicit consent to process your personal data, see below for more details.
Legitimate interests – Finance, Legal and Governance uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Finance, Legal and Governance will be shared with a range of partners when providing services including National Government Departments, the NHS, the Police and other Local Authorities. When Finance, Legal and Governance is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.
Fostering
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
- Assessing suitability to become a foster carer / stepping stones advisor
- Providing support to approved foster carers /stepping stones advisors in order to protect and care for looked after children and care leavers.
Legal basis for processing – by law
Business area – Application to be a Foster Carer / Stepping Stones provider
- 1989 Children Act, Volume 4 Fostering Services and vol 2 Care Planning
- 2000 Care Standards Act
- Adoption and Children Act 2004
- Children and Young Persons Act 2008
- Fostering Services Regulations 2011, as amended in 2013 by the Care Planning, Placement and Case Review Regulations 2013
Approved Foster Carer / Stepping Stones provider
- 1989 Children Act, Volume 4 Fostering Services and vol 2 Care Planning
- 2000 Care Standards Act
- Adoption and Children Act 2004
- Children and Young Persons Act 2008
- Fostering Services Regulations 2011, as amended in 2013 by the Care Planning, Placement and Case Review Regulations 2013
Legitimate interests – for monitoring quality, audit, and for dealing with any enquiries or complaints.
Data sharing – personal data provided will be shared with professionals from partner organisations, including Health and Police, and some private individuals in order to assess suitability to protect and care for looked after children / care leavers.
Where appropriate, this will be done under the Child Health Information Service procedures.
Transfers abroad – this data will not be transferred abroad.
Data retention – personal data relating to the assessment and support of foster carers will be retained in accordance with the Somerset County Council retention policies and associated statutory guidance, taking into account any legal injunction preventing the destruction of records. Some of your personal information will also be retained on the case records of individual looked after children / care leavers, and in some cases shared with them, even after you have ceased to be a foster carer / stepping stones provider.
Please note that due to the current independent inquiry into child sexual abuse (IICSA) all records will be retained until further notice. Once the Inquiry is complete and the legal hold lifted the retention will return to the retention listed below.
Business area – Application to be a Foster Carer / Stepping Stones provider
Legal basis for processing – 10 years
Business area – Approved Foster Carer / Stepping Stones provider
Legal basis for processing – 75 years
Business area – Approved Foster Carers / Stepping Stones provider information on individual case records of looked after children / care leavers
Legal basis for processing – 75 years from child’s 18th birthday
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/
Insurance
Notification regarding the processing of any personal data supplied on this form
Somerset County Council will act as the ‘data controller’ for any personal data that you provide to us. As such, we will ensure that the data you give to us is processed in line with our organisation’s Data Protection Policies and in line with your rights under the EU General Data Protection Regulation and associated data protection laws currently applicable in the UK.
You can contact the Council’s Data Protection Officer (DPO) at the following email address informationgovernance@somerset.gov.uk
Purpose for processing – To enable the Insurance Team to investigate thoroughly your allegation against the Council.
Legal basis for processing – The processing is required for compliance with a legal obligation which is in the exercise or defence of legal claims (GDPR Article 6 (c) and Article 9(f))
By law – Claims are processed inline with the current Ministry of Justice Civil Procedure Rules: www.justice.gov.uk/courts/procedure-rules
Legitimate interests – Somerset CC may also process your data for the purposes of audit, quality control, training and in order to deal with enquiries and complaints.
Data sharing – The information which you provide on this form will be held by Somerset County Council and may be shared with but is not limited to the Council’s contractors, solicitors, insurers Claims Underwriting Exchange (CUE) run by Insurance Database Ltd (I.D.S L) if necessary. This information will be used for the purpose of investigating your claim. This information may also be disclosed to parties mentioned above for the purpose of investigating and making a decision on your claim.
Transfers abroad – this data will not be transferred abroad
Data retention – For data received on or after 1 April 2018; we intend to keep the information you provide for a period of 6 years in line with the Limitation Act 1980 after the closure of the claim.
Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data, and the right to object to processing.
However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/
Consequences: If you do not supply this information to us, we will not be able to process your claim.
Equalities statement
Whilst we try to make our documents as accessible as possible, we understand that this may not always be the case.
Please confirm by return if you need this form to be translated into a different language and/or the form amended, changed to a braille, audio descriptive format based on your level of vision, and we will try to accommodate this as best as possible.
National Apprenticeship Scheme Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
To enable the Council to encouraging learners aged 16 to 18 and, 19 to 25 with a learning difficulty, to participate in education and training in accordance with the Council’s statutory duty.
Legal basis for processing
The data is processed in accordance with the General Data Protection Regulation (GDPR):
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 9(2)(g) – for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Data sharing – the personal data relating to this function is supplied to the Council by the Department for Education under a data sharing agreement. The Council will only share this data with external organisations where there is a legitimate business reason and lawful basis for doing so. Organisations will include (but are not limited to) the Department for Education, Careers South West and providers of further or higher education.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected and received.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Public health
Directorate – Public Health
Privacy Notice
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing
Reducing health inequalities, increasing life expectancy. The priorities are to:
- Provide expert public health advice and intelligence to the Health & Wellbeing system;
- Improve outcomes and narrow inequalities through influencing public policy and commissioning;
- Commission high quality, effective and efficient public health services; and
- Protect the population’s health
For more information about the work of Public Health please see:
www.nhs.uk/oneyou/how-are-you-quiz/
www.healthysomerset.co.uk/smokefree/
www.healthysomerset.co.uk/weight/
www.somersethealthchecks.co.uk/
Legal basis for processing
By law – Public Health is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the priorities detailed above (details of specific legislation are shown below). In some cases, Public Health may ask for your explicit consent to process your personal data, see below for more details.
- Public Health (Control of Disease) Act 1984, amended by the Health and Social Care Act 2008
- Health and Social Care Act 2012
- Local Authorities Regulations 2013; regulations 3,4,5,6,7,8
- NHS Bodies and Local Authorities Regulations 2012
- Regulations under Section 6C of the NHS Act 2006
- Social Value Act 2012
- Civil Contingencies Act 2004
Legitimate interests – Public Health uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Public Health will be shared with a range of partners when providing services including the NHS. When Public Health is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared
Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
Explicit consent
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.
Recruitment Data Privacy Statement
Data Controller – Somerset County Council
Data Protection Officer contact – informationgovernance@somerset.gov.uk
Purpose for processing – to run recruitment processes
Legal bases for processing – right to work, safer recruitment.
By law – Immigration, Asylum and Nationality Act 2006, Safeguarding Vulnerable Groups Act 2006 as amended by the Protection of Freedoms Act 2012.
Data sharing – the personal data provided will be shared internally to Somerset County Council. This information may be disclosed to Government Departments where there is a legal obligation to do so. If you are applying for an Apprenticeship the personal data provided will be shared with the Learning Provider attached to the employment.
Transfers abroad – Personal data in our e-recruitment system is kept within the EEA by Lumesse.
Data retention – If you become an employee the data will be kept for the duration of the employment plus 6 years. If you do not become an employee the data will be kept for 12 months, right to work information of unsuccessful candidates is destroyed after interview.
Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator ico.org.uk/
Consequences – If you do not supply the information requested on this application form we will not be able to process your application.
For more information see http://extranet.somerset.gov.uk/hr/employment-information/data-protection/
Registration services
This summary policy explains how the information this service collects about you for registration purposes is used, and your rights in relation to that information. This service falls within the Economic and Community Infrastructure group.
Personal information collected from you to register an event is required by law. The main legislation which governs the collection of registration information is the Births and Deaths Registration Act 1953, the Marriage Act 1949 and the Civil Partnership Act 2004. You may be legally obliged by these acts, and other pieces of legislation, to provide certain pieces of information. If you fail to provide information you are required to give us you may, among other things, be liable to a fine.
Personal information may also be collected from you if you make an application to this office, for example for a certificate or to correct information contained in a register entry.
The information you provide will be held and processed by registration officers for this registration district. Registration information is retained indefinitely as required by law.
The superintendent registrar is a data controller for birth, marriage and death registrations and can be contacted at somersetregistrations@somerset.gov.uk. The local authority is a data controller for civil partnership registrations and you can email informationgovernance@somerset.gov.uk or phone 01823 359359 for more information.
The Registrar General for England and Wales is a joint data controller for birth, marriage, death and civil partnership registrations and can be contacted at – The General Register Office, Trafalgar Road, Southport, PR8 2HH.
A certified copy of any register entry will be provided by this office in accordance with the law to any applicant, providing they supply enough information to identify the entry concerned and pay the appropriate fee. An application for a certificate may also be made to the General Register Office.
Indexes for events registered at this office are publicly available to help members of the public identify the registration record they might need. Indexes are available to view by appointment only. Appointments can be made by contacting – Somerset Register Office, The Old Municipal Buildings, Corporation Street, Taunton TA1 4AQ – phone 01823 282251 or email somersetregistrations@somerset.gov.uk in the first instance.
A copy of the information collected by a registration officer will also be sent to the Registrar General for England and Wales so that a central record of all registrations can be maintained. Registration information held at this office may be shared with other organisations in the course of carrying out our functions, or to enable others to perform theirs.
You have the right to request access to the personal information we hold about you, to be informed about the collection and use of your personal information, for incorrect information to be corrected (where the law permits) and to request us to restrict the processing of your personal information. In certain circumstances you have the right to object to the processing of your personal information. Your information will not be subjected to automated decision-making.
You have the right to complain to the Information Commissioner’s Office about the way we are handling your personal information. Details on how you can do this can be found at ico.org.uk.
Volunteer
Data Controller: Somerset County Council – ICO Registration Z5957592
Data Protection Officer Contact: informationgovernance@somerset.gov.uk
Purpose for processing:
- Administration of volunteer agreements and arrangements;
- Administer and manage your volunteer placement
- Safeguarding of Somerset County Council clients and customers;
- Support the delivery of services
- Payment of expenses.
Legal basis for processing
By law
- Safeguarding Vulnerable Groups Act 2006 as amended by the Protection of Freedoms Act 2012.
- Safeguarding of vulnerable adults and children (The Care Act 2014, The Children and Families Act 2014, and The Children’s Act 2004)
- Proof that volunteer is legally able to fulfil the volunteer role (e.g. Volunteer drivers must have current drivers’ licence, with no more than 6 points)
- Volunteer Safety and Security (protected as non-employees, under the Health and Safety at Work Act 1974, whilst undertaking duties under their control, SCC Public Liability Insurance)
- We may be required to give information to legal authorities if requested or if they have the proper authorisation such as a search warrant or court order.
Under 16
If you are under 16 and become a volunteer we must have the consent of your parents or guardian to become a volunteer.
Legitimate interest:
Where your information is not processed in accordance with the law we will use your personal data in order to deliver a service to you, including your profile, provide you with recommendations of volunteering opportunities, and recruitment process and training, depending on the volunteer role you apply for. We will use your email address (where provided) to contact you about changes to our service and important information about your role.
When you enquire about our volunteer services we will process your enquiry, and provide you with the information that you have asked for.
When you apply to become a volunteer for Somerset County Council, you willingly enter a voluntary agreement, formed between you and Somerset County Council. In order to carry out our obligations under that agreement we must process the information you give us, as set out in the purpose for processing.
Explicit consent
Where you have given us your explicit consent, we will use your information in the way that you have asked us to such as provision of a newsletter or sharing your information with partner organisations to provide you with information about further volunteering opportunities.
Data sharing
Your personal data will be shared with relevant Somerset County Council Services and partner organisations who you may be supporting.
Transfers abroad
This data will not be transferred abroad
Data retention
This data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided.
This data will be retained on file for the duration of the volunteer’s involvement with the Council as a volunteer, and for a further 6 years in order to support any follow up enquiries, unless your role is supporting children and it will then be held to meet any requirements resulting from the IICSA Enquiry. Information held about unsuccessful applicants is destroyed after 12 months.
Your rights
You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.
You also have the right to complain to the regulator, ico.org.uk/
Consequences
If you do not supply this information to us, we will not be able to place you into a volunteer role.