Colchester Borough Council, together with its wholly-owned subsidiary Colchester Commercial (Holdings) Ltd*, collects, holds and processes a considerable amount of information, including personal information, to provide services effectively. We do this in our capacity as a data controller.
*Colchester Commercial (Holdings) Ltd is the holding company for three separate subsidiaries with related but distinct products, services, markets and opportunities.
- Colchester Amphora Trading delivers high quality products and services to public and private sector clients in the property, leisure and health care industries.
- Colchester Amphora Energy designs and implements low carbon energy systems and provides energy services in Colchester.
- Colchester Amphora Homes delivers high quality affordable and private homes for sale in Colchester and the surrounding area.
You can also view additional privacy notices for the services we provide, with more information about who we may share your data with and why.
Additional privacy notices for our services
- COVID-19 privacy notice
- Self-isolation payments
- COVID-19 business grants privacy notice
- Air Quality Behaviour Change Project
- Aqua Springs
- Building Control
- Business Rates
- Cemetery and Crematorium
- Colchester and Ipswich Museums
- Colchester Events Company
- Colchester Market Traders
- Council Tax
- Electoral Registration
- Environmental Protection
- Fishing permits
- Freedom of information
- Healthy Homes
- Help us get it right
- Housing Benefit and Local Council Tax Support
- Leisure World
- Licensing, Food and Safety
- Neighbourhood Services
- Private Sector Housing
- Street Naming and Numbering
We recognise that this information is important to citizens and that we are responsible for the information we hold about you. We take our responsibilities under data protection legislation seriously to ensure that any personal information we collect and use is done so proportionately, correctly and safely.
What is personal data?
Personal data means any information relating to a person who could be directly or indirectly identified by that information. The legislation reflects changes in technology and the way organisations collect information about people.
This definition provides for a wide range of ways that a person may be identified by their data. This includes their name, identification number, location data or an online identifier.
What level of personal data is used?
We collect, hold and use personal data to allow us to provide services on behalf of the citizens of Colchester. These services include, amongst others, planning, recycling and waste, Council Tax and benefits, elections and voting, parking and travel, housing, business rates, licensing, environmental health and leisure activities.
Why we use personal information?
We will use your personal data for a limited number of purposes, and at all times within the rules set out in data protection legislation.
We will process personal data for the following purposes.
- For the reason you provided the information to us. For example, by processing information given on a benefit claim form to process your benefit claim, and to monitor our performance in responding to your request.
- To allow us to communicate with you and provide services appropriate to your needs.
- To ensure that we meet our legal requirements, including obligations imposed under the Race Relations Act and Health and Safety Acts.
- Where necessary for our law enforcement functions where we are legally obliged to do so, such as licensing, planning enforcement, trading standards, food safety.
- Where the processing is necessary to comply with our legal obligations, for example, the prevention and detection of crime.
- To process financial transactions including grants, payments and benefits involving Colchester Borough Council, or where we are acting on behalf of other government bodies, for example. the Department for Works and Pensions.
- Where you have consented to the processing.
- Where necessary to protect individuals from harm or injury.
- After it has been anonymised, to allow the statistical analysis of data to help us improve our services.
- To deliver services and support to you, to manage those services, to monitor the quality of services provided and to plan new and updated services.
- To train staff.
- Where we need to investigate any worries or complaints you have about your services.
How the law allows us to use your personal information
There are several legal reasons why we need to collect and use your personal information. Generally, we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
You have the right to remove your consent for us to use your personal information at any time. If you want to remove your consent, please contact DPO@colchester.gov.uk and tell us which service you are using so we can deal with your request.
We are working on improving the way we provide services to the citizens of Colchester. We hold a customer record, which includes your name and address. For some services, we might also ask for your email address and telephone number.
The customer record allows us to respond faster to any queries about our services. By linking into other systems with the council, any query or issue can be investigated more efficiently. However, we will only access this information to respond to any query or instruction received by you, and only where such access is necessary to answer or respond to the query or issue you have raised.
If you call our Contact and Support team, our staff can see a summary record of previous contact you have had with us. Access to this is restricted and staff are required to operate within the guidelines set out in our Data Protection Policy.
You can register for a customer account with us to get extra services such as faster online forms. This allows you to perform certain tasks without giving your details every time, and to track the progress of your requests. If you register, we may contact you about your requests.
We will never contact you to ask for your account password or other login information. Please exercise caution if you receive any emails or calls from people asking for this information and claiming to be from Colchester Borough Council.
Calls made direct to, or from, our Contact and Support team are recorded and kept for 12 months from the date of the call. If the call is transferred to a member of staff outside the Contact and Support team, the recording stops. Calls may be recorded if telephoning directly to other service teams on alternative numbers.
If you subscribe to a newsletter on our websites or at any events run by us, we will not pass your details onto any third parties. They will be stored confidentially in line with data protection legislation. To provide this service to you, we will need to collect and store an email address. You can unsubscribe at any time by going to public.govdelivery.com/ accounts/UKCOLCHESTER/ subscriber/topics?qsp=UKCOLCHESTER_2
This privacy notice tells you what to expect when we collect personal information about you, in this case, static or moving imagery via CCTV or surveillance systems.
We are committed to protecting your personal information, as well as your safety and security as you access services and visit public buildings across the borough. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal data. This includes the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Please see the surveillance privacy notice for more information.
The law gives you several rights to control which personal information is used by us and how it is used by us.
How can you access the information we hold about you?
You are legally entitled to ask to see any records we hold about you. When we receive a request from you in writing, we must normally give you access to everything we have recorded about you. However, we will not let you see any parts of your record which contain:
- confidential information about other people; or
- information a care professional thinks will cause serious harm to your or someone else's physical or mental wellbeing; or
- if we think that a crime may be prevented or found out by disclosing information to you.
This applies to paper and electronic records. If you ask us, we will also let others see your care record (except if one of the points above applies). To request to see the information we hold about you, please visit www.colchester.gov.uk/info or email firstname.lastname@example.org
How can you request correction of inaccurate information?
Whilst we try to ensure that any personal data it holds about you is correct, there may be situations where the information we hold is no longer accurate. If this is the case, please contact the department holding the information so that any errors can be investigated and corrected. You should let us know if you disagree with something written on your file. You may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example, in instances where:
- your personal information is no longer needed for the reason why it was collected in the first place
- you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- there is no legal reason for the use of your information
- deleting the information is a legal requirement
- your personal information has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can't delete your information where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for scientific or historical research or statistical purposes where it would make information unusable
- it is necessary for a legal claim
You can ask to limit what we use your data for
You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it
- we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When information is restricted, it cannot be used other than to:
- securely store the data
- with your consent, to handle legal claims and protect others; or
- where it is for important public interests of the UK
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us from delivering that service to you.
Where possible, we'll seek to comply with your request, but we may need to hold or use information because we are required to by law.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However, this only applies if we are using your personal information with consent (not if we are required to by law) and if decisions were made by a computer and not a human being.
Right to complain
You have the right to complain about any matter relating to our service, including how we use your data. In the first instance, please contact our Data Protection Officer by e-mailing DPO@colchester.gov.uk
How do we keep information secure?
We will take appropriate steps to make sure we hold records about you (on paper and electronically) securely. We will only make them available to those who have a right to see them. Our security includes:
- access controls on systems
- security training for all staff
Our Data Protection and Information Security policies can be found below:
Where in the world is your information?
The majority of personal information is stored on systems in the UK. There are some occasions where your information may leave the UK, either to get to another organisation or if it is stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK. These range from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We will take all practical steps to make sure your personal information is not sent to a country that is not seen as 'safe' either by the UK or EU governments.
How long do we keep your personal information?
We will only store your personal information for as long as is necessary. Records will be kept in line with our retention policy.
Who will we share your personal information with?
We use several commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements, there is always a contract or information sharing protocol in place to ensure that the organisation complies with data protection law. Arrangements involving sensitive personal data will have been formally assessed in more detail for their compliance with the law.
We do not sell personal information to any other organisation for direct marketing.
Sometimes we have a legal duty to give information about people. This is often because we must give that information to courts.
We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:
- for the detection and prevention of crime and fraudulent activity
- if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk, for example, if they are frail, confused or cannot understand what is happening to them
The law does not allow us to share your information without your permission unless there is proof that someone is at risk. This risk must be identified as being serious before we can go against your right to confidentiality.
When we are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation. We may still share your information if we believe the risk to others is serious enough to do so. There may also be rare occasions when the risk to others is so great that we need to share the information straight away. If this is the case, we will make sure that we record the information we share and our reasons for doing so.
Wherever possible, we will only use anonymised, pseudonymised or de-personalised information.
Data matching may be used to help us respond to emergencies or major accidents. In conjunction with the emergency services, we may identify individuals who need additional support during the event, for example, an emergency evacuation.
Where can I get advice?
If you would like further information or if you have any concerns about how we handle your data, these can be raised with our Data Protection Officer.
Colchester Borough Council
33 Sheepen Road
For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner's Office (ICO) at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit www.ico.org.uk or email email@example.com.
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the "last updated" date at the top of this notice. We encourage you to periodically review this notice to be informed about how we protect your information.
The privacy notice was last updated on 09/07/2019.
Page last reviewed: 7 February 2020