Colchester Borough Council is committed to protecting your privacy rights as a resident or visitor and when you use our services. As per the requirements of Data Protection legislation, the Council is registered as a Data Controller with the Information Commissioners Office (ICO).
Colchester Borough Council, together with its wholly-owned subsidiary Colchester Commercial (Holdings) Ltd*, collects, holds and processes a considerable amount of information, including personal information, to provide services effectively.
*Colchester Commercial (Holdings) Ltd is the holding company for three separate subsidiaries with related but distinct products, services, markets and opportunities.
- Colchester Amphora Trading
- Colchester Amphora Energy
- Colchester Amphora Homes
You can also view our service-specific privacy notices for more information about how we process your data, who we may share your data with and why.
For information on how Colchester Borough Council processes your data during the current COVID-19 pandemic, please see our COVID-19 specific privacy notice.
What is personal data?
Personal data means any information relating to a person who could be directly or indirectly identified by that information. The legislation reflects changes in technology and the way organisations collect information about people.
This definition provides for a wide range of ways that a person may be identified by their data. This includes their name, identification number, location data or an online identifier.
Some information is considered to be ‘Special Category’ information and needs more protection because of its sensitivity. This includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data and data relating to sex life or sexual orientation.
What level of personal data is used?
We collect, hold and use personal data to allow us to provide services on behalf of the citizens of Colchester. These services include planning, recycling and waste, Council Tax and benefits, elections and voting, parking and travel, housing, business rates, licensing and environmental health & leisure activities.
Why we use personal information
We will use your personal data for a limited number of purposes, and at all times within the requirements of data protection legislation.
Examples of where we process your personal data include:
- To allow us to communicate with you and provide services appropriate to your needs.
- To ensure that we meet our legal requirements, including obligations imposed under the Race Relations Act and Health and Safety Acts.
- Where necessary for our law enforcement functions where we are legally obliged to do so, such as licensing, planning enforcement, trading standards, food safety.
- Where the processing is necessary to comply with our legal obligations, for example, the prevention and detection of crime.
- To process financial transactions including grants, payments and benefits involving Colchester Borough Council, or where we are acting on behalf of other government bodies, for example. the Department for Works and Pensions.
- Where you have consented to the processing.
- Where necessary to protect individuals from harm or injury.
- After it has been anonymised, to allow the statistical analysis of data to help us analyse and improve our services.
- To deliver services and support to you, to manage those services, to monitor the quality of services provided and to plan new and updated services.
- To train staff.
- Where we need to investigate any worries or complaints you have about our services.
- To maintain our accounts and records.
How data protection legislation allows us to use your personal information
We collect and use personal information where:
- it is necessary to perform our statutory duties
- you have entered into a contract with us
- you, or your legal representative, have given consent
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
In some situations, you will have provided us with consent to use your personal information. In these circumstances you have the right to amend or withdraw your consent at any time. If you want to remove your consent, contact DPO@colchester.gov.uk and tell us which service you are using so we can respond to you.
How do we keep information secure?
We will take appropriate steps to make sure we hold records about you (on paper and electronically) securely. We will only make them available to those who have a right to see them.
Our security controls include:
- access controls on systems
- security training for all staff
See our data protection and information security policies:
Data Protection Policy
Information Security Policy
Securing your information
We take the confidentiality of personal information very seriously and use recognised security and access controls to protect your information from unauthorised access, loss, misuse, alteration or corruption. We have procedures and processes in place to ensure that your personal information is managed appropriately.
Your information may be held outside of the UK. Where this is the case, we ensure that additional measures are in place to protect your data and to ensure that we continue to comply with data protection requirements.
We use cloud providers and online application providers to help us run our business. Therefore, the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.
How long we keep your personal information
We will only store your personal information for as long as is necessary.
Records will be kept in line with our retention policy.
Who will we share your personal information with?
We use several commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements, we ensure that there is a contract or information sharing protocol in place to ensure that the organisation complies with data protection law.
Privacy Impact Assessments (PIAs) will be conducted before personal information is shared in order to assess and mitigate privacy risks.
We do not sell personal information to any other organisation for direct marketing.
Sometimes we have a legal duty to give information about people. This is often because we must give that information to courts.
We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality.
We may share your information:
- for the detection and prevention of crime and fraudulent activity
- if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk
When we are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation. We may still share your information if we believe the risk to others or yourself is serious enough to do so.
Data matching may be used to help us respond to emergencies or major accidents. In conjunction with the emergency services, we may identify individuals who need additional support during the event, for example, an emergency evacuation.
Privacy notices for our services
If you call our Contact and Support team, our staff can search various sustems to find out about some of the previous contact you have had with us. Access to this is restricted and staff are required to operate within the guidelines set out in our Data Protection Policy.
You can register for a customer account with us to get extra services such as faster online forms. This allows you to perform certain tasks without giving your details every time, and to track the progress of your requests. If you register, we may contact you about your requests.
We will never contact you to ask for your account password or other login information. Please exercise caution if you receive any emails or calls from people asking for this information and claiming to be from Colchester Borough Council.
Calls made direct to, or from, our Contact and Support team are recorded and kept for 6 months from the date of the call. If the call is transferred to a member of staff outside the Contact and Support team, the recording stops. Calls may be recorded if telephoning directly to other service teams on alternative numbers.
If you subscribe to a newsletter on our websites or at any events run by us, we will not pass your details onto any third parties. They will be stored confidentially in line with data protection legislation. To provide this service to you, we will need to collect and store an email address. You can unsubscribe at any time.
Unsubscribe from newsletters
In some circumstances we use cameras to capture static or moving imagery via CCTV or surveillance systems. Please see our surveillance privacy notice for more details.
We are committed to protecting your personal information, as well as your safety and security as you access services and visit public buildings across the borough. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal data. This includes the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. See the surveillance privacy notice for more information.
The law gives you several rights to control which personal information is used by us and how it is used by us.
How can you access the information we hold about you?
You are legally entitled to ask to see any records we hold about you. When we receive a request from you in writing, we must normally give you access to everything we have recorded about you. However, we will not let you see any parts of your record which contain:
- confidential information about other people; or
- information a care professional thinks will cause serious harm to your or someone else's physical or mental wellbeing; or
- if we think that a crime may be prevented or found out by disclosing information to you.
This applies to paper and electronic records. If you ask us, we will also let others see your care record (except if one of the points above applies). To request to see the information we hold about you, please email firstname.lastname@example.org.
How can you request correction of inaccurate information?
Whilst we try to ensure that any personal data we hold about you is correct, there may be situations where the information we hold is no longer accurate. If this is the case, please contact the department holding the information so that any errors can be investigated and corrected. You should let us know if you disagree with something written on your file. You may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example, in instances where:
- your personal information is no longer needed for the reason why it was collected in the first place
- you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- deleting the information is a legal requirement
- if your personal information has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that the are situations where the right to be forgotten does not apply. Often this will be where we are required by law to hold certain information about you.
You can ask to limit what we use your data for
In some circumstances, you have the right to restrict what an organisation carries out or ask that they stop processing your personal data.
When processing is restricted, the organisation may continue to store your data but not process it further. However, this right cannot overrule any legal obligation placed on the organisation to continue processing your personal information.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
For example, data portability could be used to upload your information to a third-party price comparison website to compare and identify best value for something like utilities or mobile phone use. It is unlikely that data portability will apply to most of the services you receive from the Council.
You can object
You have the right to object to processing of your personal data at any time.
This means that you can stop or prevent an organisation from using your data.
However it only applies in certain circumstances.
Automated decision making and profiling
You have a right to request that decisions based solely on automated processing, including profiling, which may produce a legal effect or affect them significantly, to have some form of human input so they are not automatically generated by a computer.
This right is in place to ensure that potentially damaging decisions are not taken without some form of human intervention.
Right to complain
You have the right to complain about how we use your personal data. In the first instance, please contact our Data Protection Officer by e-mailing DPO@colchester.gov.uk.
Where can I get advice?
If you would like further information or if you have any concerns about how we handle your data, these can be raised with our Data Protection Officer.
Colchester Borough Council
33 Sheepen Road
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit www.ico.org.uk or email email@example.com.
We will review and update this privacy notice to reflect changes in our service, as well as to comply with changes in the law.
When such changes occur, we will revise the "last updated" date at the bottom of this notice.
We encourage you to periodically review this notice to be informed about how we protect your information.