Privacy notices and cookies

COVID-19 Supermarket Referrals

Data Controllers
Somerset County Council – ICO Registration Z5957592

Data Protection Officer contacts
informationgovernance@somerset.gov.uk

Purpose for processing
Somerset County Council will collect data from individuals in order that they can be referred for a priority home delivery slot with a participating supermarket.  Referrals will be available for people who are not shielding, are able to order online and pay for food but cannot access food due to the current COVID-19 pandemic.  The processing of data is necessary to facilitate provision of a delivery slot by the participating supermarket of the customer’s choice.

Categories of personal data
The following data will be collected where a customer qualifies for a referral and wishes to apply for one:

• First and surname
• Full address and postcode
• Email address
• Phone number
• Unique property identifier if available.

Additionally, customers will share information necessary to determine their eligibility for referral – this may include circumstances relating to health and disability. 

Legal basis for processing
General personal data:
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Special category data:
Article 9(2)(g) – processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Data sharing
Data collected from individuals wanting a referral will be shared by the Council with the Department for Environment, Food and Rural Affairs (DEFRA) via a secure portal.  Participating supermarkets will be able to access information from that portal for individuals that have requested a referral according to the specific supermarket choice made by the individual, in order that they can make contact and offer a delivery slot.  Details of the individuals shopping and payment methods will not be processed by Somerset County Council as the shopping will take place in the usual manner through the chosen supermarket’s online store.

Transfers abroad 
Your data will not be transferred abroad.

Data retention
Recorded telephone calls will be retained for a period of 3 years.  Data may be used during this period for training, quality control and analytics.

The current retention period for the data input in to the DEFRA portal is 18 months from the date of first transfer.  However, as this initiative is designed to meet needs arising from an emergency, a definite retention period cannot currently be designed.  All parties undertake not to retain data longer than is necessary for the defined purpose.

Your rights
You have a number of rights in relation your personal data, including the right to ask for a copy of your data. More information
You also have the right to complain to the regulator.

Introduction

We provide a wide range of services to the people of Somerset. To provide those services, we process large amounts of your personal data.

We are registered as a data controller for the data we collect, process, and hold, and our Data Protection Notification (registration number Z5957592) includes generic information about the types of personal data we process, what we use it for, and who we share it with.

Contact details

Somerset County Council
County Hall
Taunton
TA1 4DY

Phone: 0300 123 2224
Email: generalenquiries@somerset.gov.uk

Data protection officer (DPO)
Lucy Wilkins

You can contact the DPO by email on informationgovernance@somerset.gov.uk

For information about the data we collect and how we use it in relation to specific services, please see the links to service specific privacy notices under Service specific privacy notices.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

If you wish to remove your consent at any time, please clear your local storage.

Google Analytics
Collects anonymous information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect anonymous information, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Forms
Our online forms use cookies to store and send information. They only use the information you choose to provide to us, which we will process in accordance with our data policies.

Most web browsers allow some control of most cookies through the browser settings.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

You can learn more about how we manage your data and your rights on our Privacy Notice.

Security
Our security software tracks IP addresses and host information to prevent attacks from malicious sources. We do not collect any personal information using this software.

Cookie names: jJdLTSncPpxvqy, lgaLzEVJsXnDQ

Cookie type: Expires after 1 day

Domain: somerset.gov.uk

Siteimprove

Cookie name: nmstat

Cookie type: Persistent – expires after 1000 days

Domain: somerset.gov.uk

About: This cookie is used to help record the visitor’s use of the website.
It is used to collect statistics about site usage such as when the visitor last visited the site.
This information is then used to improve the user experience on the website. This Siteimprove Analytics cookie contains a randomly generated ID used to recognize the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics.

Cookie name: siteimproveses

Cookie type: Session cookie

Domain: 2734886.global.siteimproveanalytics.io

About: This cookie is used purely to track the sequence of pages a visitor looks at during a visit to the site. This information can be used to reduce user journeys, and enable visitors to find relevant information quicker.

Cookie name: szcib

Cookie type: Persistent – expires after 400 days

Domain: somerset.gov.uk

About: This cookie is used to determine if the user has accepted or declined cookies. This is only set if you use the Siteimprove Cookie Info Banner solution

Cookie name: sz-feedback-should-hide

Cookie type: Session cookie

Domain: somerset.gov.uk

About: This cookie is used to hide/close a feedback widget for specific sessions (visits) on the Analytics Feedback feature. It is set when a user clicks a button in the feedback widget which indicates they don’t wish to see the widget again. The cookie contains no personal information and is used only for web analytics. It simply contains the text ‘true’ when it is set.

Cookie name: _cfduid

Cookie type: Persistent cookie

Domain: .siteimproveanalytics.com

About: The “__cfduid” cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. See: What does the CloudFlare cfduid cookie do?

Adult and health services

Directorate – Adult’s Services 

Privacy Notice 

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

• Safeguarding policy: Chair Safeguarding Adults Board
• Champion of standards and excellence of service provision for older people and adults with learning disabilities
• Community safety
• Drugs and alcohol partnership
• Personalisation
• Adult safeguarding
• Adult care management
• Long term care and support
• Integrated care with the NHS – SIDeR

Legal basis for processing

By law – Adult’s Services is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the services detailed above, the relevant legislation is listed in the service privacy notices listed on this web-page. In some cases, Adult’s Services may ask for your explicit consent to process your personal data, see below for more details.

Legitimate interests – Adult’s Services uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Data sharing – the personal data provided to Adult’s Services will be shared with a range of partners when providing services. When Adult’s Services is required to share your personal data, you will be informed of specific data sharing organisations at the point your data is collected.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Explicit consent 

If the legal basis for processing is explicit consent we will need to ensure you are provided with a:

a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) A clear option to withdraw your consent later by use of an “opt-out”

Privacy of Electronic Communications Regulations (PECR)

To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.

If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.

Children and Families (Children’s Social Care)

Privacy Notice

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing – We will process personal information about you and your family in order to provide you with appropriate services and to protect children and young people.

Business area – Contact and Referral
Purpose for processing – To assess and identify appropriate services for children and young people.

Business area – Early Support (Children with Disabilities)
Purpose for processing – To assess and identify appropriate support services for children and young people with Disabilities.

Business area – CIN (Children in Need)
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for Children in Need.

Business area – Child Protection
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to protect children at risk of harm and to support improved outcomes for Children in Need.

Business area – CLA (Children Looked After)
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for children who cannot live at home.

Business area – Leaving Care
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for young people who have been Looked After.

Business area – Adoption
Purpose for processing – To assess and identify appropriate services, and to undertake direct work to support improved outcomes for children who are being adopted.

Legal basis for processing – by law

The relevant laws and regulations that provide the legal basis for processing personal data for the purposes defined above.

Contact and Referral

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

Early Support (Children with Disabilities)

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

CIN

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

Child Protection

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

CLA

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

Leaving Care

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

Adoption

• The Children’s Act 1989
• The Children & Young People’s Act 2008
• The Chronically Sick and Disabled Persons Act 1970

Legitimate interests – Somerset County Council will also use your data for the purposes of monitoring quality, audit, and for dealing with any enquiries or complaints.

Data sharing – the personal data provided will be shared with Somerset County Council colleagues and professionals from partner organisations, including Children’s Social Care, Education, Adults Social Care, Health, Housing and Police, in order to provide you with appropriate services and to protect children. This may include: your GP, schools and school nurses, mental health professionals, health visitors and midwives, probation officers, youth justice workers, educational psychologists, psychiatrists, psychologists, housing providers, Department of Work and Pensions, drug and alcohol workers and early years.

Where appropriate, this will be done under the Child Health Information Service procedures or as part of the Education, Health & Care Plan.

Transfers abroad – Your personal information will normally remain within the UK / European Union. If your information needs to be sent abroad you will be informed prior to any transfer.

Data retention – Somerset County Council will retain your information while it is providing you with a service and in accordance with Somerset County Council retention policies and associated statutory guidance, taking into account any legal injunction preventing the destruction of records. Statutory retention periods are based on the level of service provided: should we need to share your information for safeguarding purposes, the investigation of crimes, or because a child is looked after or adopted, the highest tariff will apply to all information held by Somerset County Council.

Please note that due to the current independent inquiry into child sexual abuse (IICSA) all records will be retained until further notice. Once the Inquiry is complete and the legal hold lifted the retention will return to the retention listed below.

Business area – Contact and Referral
Retention category – 3 years

Business area – early Support (Children with Disabilities)
Retention category – 3 years

Business area – CIN
Retention category – up to 21 years

Business area – Section 47 (no outcome of Child Protection)
Retention category – 35 years

Business area – Child Protection
Retention category – 75 years

Business area – CLA
Retention category – 75 years from 18th birthday

Business area – Leaving Care
Retention category – 75 years from 18th birthday

Business area – Adoption
Retention category – 100 years

Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/

Children's Services

Directorate – Children’s Services 

Privacy Notice 

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purposes for processing

• Provision of education and associated services
• Safeguarding children
• Providing services to vulnerable families, troubled families, children in need and children with disabilities
• Commissioning Sufficiency of Early Years and School places
• Proving business support for children’s services
• Providing Looked after placements; residential, fostering and adoption services
• Provision of Youth Offending and Targeted Youth Services
• Compact
• Personalisation

Legal basis for processing

By law– Children’s Services is required by a number of UK laws and European Regulations and Directives to ensure the delivery of a number of statutory services.

Public task – Children’s Services deliver a number of services in the exercise of official authority or perform specific tasks in the public interest.

Legitimate interests – Children’s Services uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Consent – Where no other lawful basis applies, the Council will ask for your consent to process your personal data.

Data sharing – the personal data held/provided to Children’s Services will be shared with a range of partners in order that we can meet our statutory obligations and provide services.  Data sharing will only take place when it is lawful to do so and will be done in compliance current data protection legislation.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared as necessary in order to protect from individuals from harm.

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for: a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator – ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Corporate Affairs

Privacy Notice 

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

• Customer and community insight – business intelligence
• Customer contact
• Customer experience and information governance
• Internal and external communications
• Performance

Legal basis for processing

Public task – Corporate Affairs is required to act in the public interest to perform public duties to ensure the delivery of the services detailed above. In some cases, Corporate Affairs may ask for your explicit consent to process your personal data, see below for more details.

Legitimate interests – Corporate Affairs uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Data sharing – the personal data provided to Corporate Affairs will be shared with a range of partners when providing services including National Government Departments, the NHS, the Police and other Local Authorities. When Corporate Affairs is required to share your personal data, you will be informed at the point your data is collected.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing.

However, these rights are only applicable if the Council has no other legal obligation concerning that data.  For more information about your rights and details of how to exercise them see https://www.somerset.gov.uk/our-information/your-rights-on-the-information-we-hold-about-you/

You also have the right to complain to the regulator, ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Explicit consent 

If the legal basis for processing is explicit consent we will need to ensure you are provided with a:

a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”

Privacy of Electronic Communications Regulations (PECR)

To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.

If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.

Economic and community infrastructure

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

• The Commissioning, development, and improvement of Economic and Community infrastructure (ECI) including the Local Enterprise Partnership (LEP), Connecting Devon and Somerset (CDS), Hinkley Point, and the Rivers Authority.
• Delivery of ECI services, including highways, traffic management, transport, libraries, registration services, parking, rights of way, scientific services, and infrastructure delivery and ECI business support.
• Commissioning of ECI services, both internal and external, including development of policies. Services commissioned include highways, traffic management, transport, libraries, registration services, rights of way, leisure, heritage, AONB, waste, scientific services, economic development and planning, civil contingencies unit and project management unit.
• Delivery of the Somerset Waste Partnership.

Legal basis for processing

By law – ECI is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the services detailed above, the specific legislation is listed in the service privacy notices listed on this web-page. In some cases ECI may ask for your explicit consent to process your personal data, see below for more details.

Legitimate interests – ECI uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Data sharing – the personal data provided to ECI will be shared with a range of partners when providing services. When ECI is required to share your personal data, you will be informed at the point your data is collected.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Explicit consent 

If the legal basis for processing is explicit consent we will need to ensure you are provided with a:

a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) A clear option to withdraw your consent later by use of an “opt-out”

Privacy of Electronic Communications Regulations (PECR)

To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.

If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.

Finance, legal and governance

Directorate – Finance, Legal and Governance

Privacy Notice 

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

• Financial Services
• Legal Services
• Governance, including Member Support
• S151 Role

Legal basis for processing

By law – Finance, Legal and Governance is required to in response to a number of laws and statutory instruments to ensure the delivery of the services detailed above. In some cases, Finance, Legal and Governance may ask for your explicit consent to process your personal data, see below for more details.

Legitimate interests – Finance, Legal and Governance uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Data sharing – the personal data provided to Finance, Legal and Governance will be shared with a range of partners when providing services including National Government Departments, the NHS, the Police and other Local Authorities. When Finance, Legal and Governance is required to share your personal data, you will be informed at the point your data is collected.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared.

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Explicit consent 

If the legal basis for processing is explicit consent we will need to ensure you are provided with a:

a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”

Privacy of Electronic Communications Regulations (PECR)

To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.

If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.

Fostering

Privacy Notice

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

• Assessing suitability to become a foster carer / stepping stones advisor
• Providing support to approved foster carers /stepping stones advisors in order to protect and care for looked after children and care leavers.

Legal basis for processing – by law

Business area – Application to be a Foster Carer / Stepping Stones provider

• 1989 Children Act, Volume 4 Fostering Services and vol 2 Care Planning
• 2000 Care Standards Act
• Adoption and Children Act 2004
• Children and Young Persons Act 2008
• Fostering Services Regulations 2011, as amended in 2013 by the Care Planning, Placement and Case Review Regulations 2013

Approved Foster Carer / Stepping Stones provider

• 1989 Children Act, Volume 4 Fostering Services and vol 2 Care Planning
• 2000 Care Standards Act
• Adoption and Children Act 2004
• Children and Young Persons Act 2008
• Fostering Services Regulations 2011, as amended in 2013 by the Care Planning, Placement and Case Review Regulations 2013

Legitimate interests – for monitoring quality, audit, and for dealing with any enquiries or complaints.

Data sharing – personal data provided will be shared with professionals from partner organisations, including Health and Police, and some private individuals in order to assess suitability to protect and care for looked after children / care leavers.
Where appropriate, this will be done under the Child Health Information Service procedures.

Transfers abroad – this data will not be transferred abroad.

Data retention – personal data relating to the assessment and support of foster carers will be retained in accordance with the Somerset County Council retention policies and associated statutory guidance, taking into account any legal injunction preventing the destruction of records. Some of your personal information will also be retained on the case records of individual looked after children / care leavers, and in some cases shared with them, even after you have ceased to be a foster carer / stepping stones provider.

Please note that due to the current independent inquiry into child sexual abuse (IICSA) all records will be retained until further notice. Once the Inquiry is complete and the legal hold lifted the retention will return to the retention listed below.

Business area – Application to be a Foster Carer / Stepping Stones provider
Legal basis for processing – 10 years

Business area – Approved Foster Carer / Stepping Stones provider
Legal basis for processing – 75 years

Business area – Approved Foster Carers  / Stepping Stones provider information on individual case records of looked after children / care leavers
Legal basis for processing – 75 years from child’s 18th birthday

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/

Insurance

Notification regarding the processing of any personal data supplied on this form

Somerset County Council will act as the ‘data controller’ for any personal data that you provide to us. As such, we will ensure that the data you give to us is processed in line with our organisation’s Data Protection Policies and in line with your rights under the EU General Data Protection Regulation and associated data protection laws currently applicable in the UK.

You can contact the Council’s Data Protection Officer (DPO) at the following email address informationgovernance@somerset.gov.uk

Purpose for processing – To enable the Insurance Team to investigate thoroughly your allegation against the Council.

Legal basis for processing – The processing is required for compliance with a legal obligation which is in the exercise or defence of legal claims (GDPR Article 6 (c) and Article 9(f))

By law – Claims are processed inline with the current Ministry of Justice Civil Procedure Rules: www.justice.gov.uk/courts/procedure-rules

Legitimate interests – Somerset CC may also process your data for the purposes of audit, quality control, training and in order to deal with enquiries and complaints.

Data sharing – The information which you provide on this form will be held by Somerset County Council and may be shared with but is not limited to the Council’s contractors, solicitors, insurers Claims Underwriting Exchange (CUE) run by Insurance Database Ltd (I.D.S L) if necessary. This information will be used for the purpose of investigating your claim. This information may also be disclosed to parties mentioned above for the purpose of investigating and making a decision on your claim.

Transfers abroad – this data will not be transferred abroad

Data retention – For data received on or after 1 April 2018; we intend to keep the information you provide for a period of 6 years in line with the Limitation Act 1980 after the closure of the claim.

Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data, and the right to object to processing.

However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator, ico.org.uk/

Consequences: If you do not supply this information to us, we will not be able to process your claim.

Equalities statement

Whilst we try to make our documents as accessible as possible, we understand that this may not always be the case.

Please confirm by return if you need this form to be translated into a different language and/or the form amended, changed to a braille, audio descriptive format based on your level of vision, and we will try to accommodate this as best as possible.

National Apprenticeship Scheme Privacy Notice

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing
To enable the Council to encouraging learners aged 16 to 18 and, 19 to 25 with a learning difficulty, to participate in education and training in accordance with the Council’s statutory duty.

Legal basis for processing
The data is processed in accordance with the General Data Protection Regulation (GDPR):

Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Article 9(2)(g) – for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Data sharing – the personal data relating to this function is supplied to the Council by the Department for Education under a data sharing agreement.  The Council will only share this data with external organisations where there is a legitimate business reason and lawful basis for doing so.  Organisations will include (but are not limited to) the Department for Education, Careers South West and providers of further or higher education.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected and received.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Public health

Directorate – Public Health

Privacy Notice 

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing

Reducing health inequalities, increasing life expectancy. The priorities are to:

• Provide expert public health advice and intelligence to the Health & Wellbeing system;
• Improve outcomes and narrow inequalities through influencing public policy and commissioning;
• Commission high quality, effective and efficient public health services; and
• Protect the population’s health

For more information about the work of Public Health please see:

www.nhs.uk/smokefree

www.nhs.uk/oneyou/how-are-you-quiz/

www.healthysomerset.co.uk/smokefree/

www.healthysomerset.co.uk

www.healthysomerset.co.uk/weight/

www.somersethealthchecks.co.uk/

Legal basis for processing

By law – Public Health is required by a number of UK laws and European Regulations and Directives to ensure the delivery of the priorities detailed above (details of specific legislation are shown below). In some cases, Public Health may ask for your explicit consent to process your personal data, see below for more details.

• Public Health (Control of Disease) Act 1984, amended by the Health and Social Care Act 2008
• Health and Social Care Act 2012
• Local Authorities Regulations 2013; regulations 3,4,5,6,7,8
• NHS Bodies and Local Authorities Regulations 2012
• Regulations under Section 6C of the NHS Act 2006
• Social Value Act 2012
• Civil Contingencies Act 2004

Legitimate interests – Public Health uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.

Data sharing – the personal data provided to Public Health will be shared with a range of partners when providing services including the NHS. When Public Health is required to share your personal data, you will be informed at the point your data is collected.

Safeguarding – In cases where you or another member of the public may be at risk your personal information will be shared

Other statutory obligations – In cases where the Council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.

Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.

Your rights – You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Consequences: In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Explicit consent 

If the legal basis for processing is explicit consent we will need to ensure you are provided with a:

a) Clear explanation of exactly what is being consented to
b) Clear “opt-in”
c) Clear option to withdraw your consent later by use of an “opt-out”

Privacy of Electronic Communications Regulations (PECR)

To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.

If we are using your contact details to distribute further information, we will provide you with OPT-IN options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.

Recruitment Data Privacy Statement

Data Controller – Somerset County Council

Data Protection Officer contact – informationgovernance@somerset.gov.uk

Purpose for processing – to run recruitment processes

Legal bases for processing – right to work, safer recruitment.

By law – Immigration, Asylum and Nationality Act 2006, Safeguarding Vulnerable Groups Act 2006 as amended by the Protection of Freedoms Act 2012.

Data sharing – the personal data provided will be shared internally to Somerset County Council and with partner organisations who are involved in our recruitment process. This information may be disclosed to Government Departments where there is a legal obligation to do so. If you are applying for an Apprenticeship the personal data provided will be shared with the Learning Provider attached to the employment.

Transfers abroad – Personal data in our e-recruitment system is kept within the EEA by Lumesse.

Data retention – If you become an employee the data will be kept for the duration of the employment plus 6 years. If you do not become an employee the data will be kept for 12 months, right to work information of unsuccessful candidates is destroyed after interview.

Your rights – You have the right to ask Somerset County Council to a copy of your data, the right to rectify or erase your personal data and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. You also have the right to complain to the regulator ico.org.uk/

Consequences – If you do not supply the information requested on this application form we will not be able to process your application.

For more information see http://extranet.somerset.gov.uk/hr/employment-information/data-protection/

Registration services

This summary policy explains how the information this service collects about you for registration purposes is used, and your rights in relation to that information. This service falls within the Economic and Community Infrastructure group.

Personal information collected from you to register an event is required by law. The main legislation which governs the collection of registration information is the Births and Deaths Registration Act 1953, the Marriage Act 1949 and the Civil Partnership Act 2004. You may be legally obliged by these acts, and other pieces of legislation, to provide certain pieces of information. If you fail to provide information you are required to give us you may, among other things, be liable to a fine.

Personal information may also be collected from you if you make an application to this office, for example for a certificate or to correct information contained in a register entry.

The information you provide will be held and processed by registration officers for this registration district. Registration information is retained indefinitely as required by law.

The superintendent registrar is a data controller for birth, marriage and death registrations and can be contacted at somersetregistrations@somerset.gov.uk. The local authority is a data controller for civil partnership registrations and you can email informationgovernance@somerset.gov.uk or phone 01823 359359 for more information.

The Registrar General for England and Wales is a joint data controller for birth, marriage, death and civil partnership registrations and can be contacted at – The General Register Office, Trafalgar Road, Southport, PR8 2HH.

A certified copy of any register entry will be provided by this office in accordance with the law to any applicant, providing they supply enough information to identify the entry concerned and pay the appropriate fee. An application for a certificate may also be made to the General Register Office.

Indexes for events registered at this office are publicly available to help members of the public identify the registration record they might need. Indexes are available to view by appointment only. Appointments can be made by contacting – Somerset Register Office, The Old Municipal Buildings, Corporation Street, Taunton TA1 4AQ – phone 01823 282251 or email somersetregistrations@somerset.gov.uk in the first instance.

A copy of the information collected by a registration officer will also be sent to the Registrar General for England and Wales so that a central record of all registrations can be maintained.  Registration information held at this office may be shared with other organisations in the course of carrying out our functions, or to enable others to perform theirs.

You have the right to request access to the personal information we hold about you, to be informed about the collection and use of your personal information, for incorrect information to be corrected (where the law permits) and to request us to restrict the processing of your personal information. In certain circumstances you have the right to object to the processing of your personal information. Your information will not be subjected to automated decision-making.

You have the right to complain to the Information Commissioner’s Office about the way we are handling your personal information. Details on how you can do this can be found at ico.org.uk.

Special Educational Needs and Disabilities (SEND)

Data Controller – Somerset County Council – ICO Registration Z5957592

Data Protection Officer Contact – informationgovernance@somerset.gov.uk

The Special Educational Needs and Disabilities (SEND) service is responsible for carrying out duties under the Children and Families Act 2014 in relation to all aspects of SEND including early identification and assessment; statutory assessment processes, and the ongoing monitoring of children and young people who have Education, Health and Care (EHC) Plans. We work in a coordinated way with other children and young people’s services in Somerset County Council and with partner organisations to ensure we deliver the best possible outcomes for children and young people with SEND in Somerset. In order to do this, it is necessary for the Council to process personal data relating to children and young people with special educational needs and disabilities and their parents.  The information we collect will usually include:

• Personal information (such as name, address, contact details, date of birth, parent/carer name(s) and contact details, gender, unique identification number, for example NHS Number)
• Details of Special Educational Needs and Disabilities
• Ethnicity
• Information about physical or mental health
• Information about family circumstances

Purposes for processing
We use your personal information to:

• Identify and/or clarify your child’s SEND needs.
• Identify the support your child needs to help them to achieve their outcomes.
• Make decisions about whether to conduct a statutory needs assessment or issue an Education, Health and Care (EHC) Plan.
• Make decisions about the content of an EHC Plan including outcomes, provision and placement.
• Support the ongoing monitoring of the provision specified in an EHC Plan where one is issued.
• Inform EHC Plan annual review and monitor your child’s progress.
• Support disagreement resolution or mediation processes and processes relating to appeals to the Special Educational Need and Disability Tribunal (SENDT).
• Enable coordinated partnership working with other teams and organisations who can support your child.
• Evaluate and quality assure the services we provide and analyse provision and outcomes to support future service improvement and commissioning.

Legal basis for processing
We rely on the following provisions of the General Data Protection Regulation (GDPR) as the lawful bases for processing your personal data:

• Article 6 1(c) – Legal obligation
  Somerset County Council has a legal obligation to provide a number of functions and services and it is necessary to process your personal data in order to comply with these obligations.
• Article 6 1(e) – Public task
  Somerset County Council carries out a number of tasks in the public interest or in the exercise of official authority vested in us and it is necessary to process your personal data in order to undertake such tasks.

We rely on the following provision of the General Data Protection Regulation (GDPR) as the lawful basis for processing your special category data:

• Article 9 2(g) – substantial public interest
  In order to deliver some services it may be necessary to process data which is classed as special category. This is information about you which, due to the nature of it, is afforded additional protections under data protection law. This information may include details regarding health and disability.

Legislation to which our legal obligations and public tasks are related include:

• Data Sharing Code of Practice (ICO 2012)
• Children & Families Act 2014 (Part3)
• Children’s Act 2004 (Part 2, Section 10)
• Health and Social Care Act 2014 (Part 1, Section 3)
• Care Act 2014 (Part 1, Section 7)
• SEND Code of Practice (2014)

Data Sharing
In order to meet the needs of children and young people with Special Educational Needs and Disabilities, Somerset County Council works with a number of internal teams and external partners.  In order to ensure that needs can be met, and positive outcomes achieved, it is sometimes necessary to share your personal data with our partners.  Organisations we may share data with include:

• Other SCC teams involved in improving outcomes for children and young people.
• Commissioned providers of local authority services (such as education, care or health services).
• Schools, colleges and early years providers as well as wider education or training providers.
• Partner organisations signed up to the Somerset Overarching Information Sharing Protocol (and related Tier 2 agreements), which include NHS organisations, Somerset Clinical Commissioning Group, district councils, and the Police.
• Other local authorities and social care or health providers outside of the Local Authority area.
• Department of Education.
• Providers of independent advice, guidance, mediation and advocacy.

When working to identify the setting to be named in a child or young person’s EHC Plan we will share information that we have gathered as part of a statutory needs assessment with providers who we feel may be suitable to meet the identified needs or for whom parents/carers have expressed a preference for.

Safeguarding – In cases where you or another member of the public may be at risk, your personal information will be shared as necessary in order to protect individuals from harm.

Other statutory obligations – The Council will share your personal information where we are legally obliged to do so – for example, for the prevention or detection of crime or fraud.

Data Security
We have appropriate security measures in place to prevent personal information from being accidentally lost or misused. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.

Your data will not be transferred abroad unless you are specifically informed at the point your data is collected.

Data Retention
Somerset County Council will retain SEND pupil data for 34 years after the date of birth of the data subject. However, where information pertains to Children’s Social Care data, the retention may vary depending on the classification of the specific information (in some cases, DOB + 100 years).

Your Rights
Under the General Data Protection Regulation (GDPR) you have a number of rights in relation to the data we hold about you.  These include the right to ask for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.  Further information about your rights and how to exercise them can be found on our website – https://www.somerset.gov.uk/our-information/your-rights-on-the-information-we-hold-about-you/

You also have the right to complain to the regulator (The Information Commissioner) and details can be found at https://ico.org.uk/make-a-complaint/

In some case if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.

Volunteer

Data Controller: Somerset County Council – ICO Registration Z5957592

Data Protection Officer Contact: informationgovernance@somerset.gov.uk

Purpose for processing:

• Administration of volunteer agreements and arrangements;
• Administer and manage your volunteer placement
• Safeguarding of Somerset County Council clients and customers;
• Support the delivery of services
• Payment of expenses.

Legal basis for processing

By law

• Safeguarding Vulnerable Groups Act 2006 as amended by the Protection of Freedoms Act 2012.
• Safeguarding of vulnerable adults and children (The Care Act 2014, The Children and Families Act 2014, and The Children’s Act 2004)
• Proof that volunteer is legally able to fulfil the volunteer role (e.g. Volunteer drivers must have current drivers’ licence, with no more than 6 points)
• Volunteer Safety and Security (protected as non-employees, under the Health and Safety at Work Act 1974, whilst undertaking duties under their control, SCC Public Liability Insurance)
• We may be required to give information to legal authorities if requested or if they have the proper authorisation such as a search warrant or court order.

Under 16

If you are under 16 and become a volunteer we must have the consent of your parents or guardian to become a volunteer.

Legitimate interest:

Where your information is not processed in accordance with the law we will use your personal data in order to deliver a service to you, including your profile, provide you with recommendations of volunteering opportunities, and recruitment process and training, depending on the volunteer role you apply for. We will use your email address (where provided) to contact you about changes to our service and important information about your role.

When you enquire about our volunteer services we will process your enquiry, and provide you with the information that you have asked for.

When you apply to become a volunteer for Somerset County Council, you willingly enter a voluntary agreement, formed between you and Somerset County Council. In order to carry out our obligations under that agreement we must process the information you give us, as set out in the purpose for processing.

Explicit consent

Where you have given us your explicit consent, we will use your information in the way that you have asked us to such as provision of a newsletter or sharing your information with partner organisations to provide you with information about further volunteering opportunities.

Data sharing

Your personal data will be shared with relevant Somerset County Council Services and partner organisations who you may be supporting.

Transfers abroad

This data will not be transferred abroad

Data retention

This data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided.

This data will be retained on file for the duration of the volunteer’s involvement with the Council as a volunteer, and for a further 6 years in order to support any follow up enquiries, unless your role is supporting children and it will then be held to meet any  requirements resulting from the IICSA Enquiry. Information held about unsuccessful applicants is destroyed after 12 months.

Your rights

You have the right to ask Somerset County Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data.

You also have the right to complain to the regulator, ico.org.uk/

Consequences

If you do not supply this information to us, we will not be able to place you into a volunteer role.

Downloads

Insurance