Colchester City Council is committed to protecting your privacy rights as a resident or visitor and when you use our services. As per the requirements of Data Protection legislation, the Council is registered as a Data Controller with the Information Commissioners Office (ICO).
Colchester City Council, together with its wholly-owned subsidiary Colchester Commercial (Holdings) Ltd*, collects, holds and processes a considerable amount of information, including personal information, to provide services effectively.
You can also view our service-specific privacy notices for more information about how we process your data, who we may share your data with and why.
What is personal data?
Personal data means any information relating to a person who could be directly or indirectly identified by that information. The legislation reflects changes in technology and the way organisations collect information about people.
This definition provides for a wide range of ways that a person may be identified by their data. This includes their name, identification number, location data or an online identifier.
Some information is considered to be ‘Special Category’ information and needs more protection because of its sensitivity. This includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data and data relating to sex life or sexual orientation.
What level of personal data is used?
We collect, hold and use personal data to allow us to provide services on behalf of the citizens of Colchester. These services include planning, recycling and waste, Council Tax and benefits, elections and voting, parking and travel, housing, business rates, licensing and environmental health & leisure activities.
Why we use personal information
We will use your personal data for a limited number of purposes, and at all times within the requirements of data protection legislation.
Examples of where we process your personal data include:
- To allow us to communicate with you and provide services appropriate to your needs.
- To ensure that we meet our legal requirements, including obligations imposed under the Race Relations Act and Health and Safety Acts.
- Where necessary for our law enforcement functions where we are legally obliged to do so, such as licensing, planning enforcement, trading standards, food safety.
- Where the processing is necessary to comply with our legal obligations, for example, the prevention and detection of crime.
- To process financial transactions including grants, payments and benefits involving Colchester City Council, or where we are acting on behalf of other government bodies, for example. the Department for Works and Pensions.
- Where you have consented to the processing.
- Where necessary to protect individuals from harm or injury.
- After it has been anonymised, to allow the statistical analysis of data to help us analyse and improve our services.
- To deliver services and support to you, to manage those services, to monitor the quality of services provided and to plan new and updated services.
- To train staff.
- Where we need to investigate any worries or complaints you have about our services.
- To maintain our accounts and records.
How data protection legislation allows us to use your personal information
We collect and use personal information where:
- it is necessary to perform our statutory duties
- you have entered into a contract with us
- you, or your legal representative, have given consent
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
In some situations, you will have provided us with consent to use your personal information. In these circumstances you have the right to amend or withdraw your consent at any time. If you want to remove your consent, contact DPO@colchester.gov.uk and tell us which service you are using so we can respond to you.
What personal information do we process?
We process information which may include:
- personal details
- family details
- lifestyle and social circumstances
- goods and services
- financial details
- employment and education details
- details of complaints, incidents and grievances
- visual images, personal appearance and behaviour
- responses to surveys
We also process special category personal information that may include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
- political opinions, sexual life
- trade union membership
- offences (including alleged offences)
- criminal and legal proceedings, outcomes and sentences
How do we keep information secure?
We will take appropriate steps to make sure we hold records about you (on paper and electronically) securely.
Our security controls include:
- access controls on systems
- security training for all staff
See our data protection and information security policies:
Securing your information
We take the confidentiality of personal information very seriously and use recognised security and access controls to protect your information from unauthorised access, loss, misuse, alteration or corruption. We have procedures and processes in place to ensure that your personal information is managed appropriately.
Your information may be held outside of the UK. Where this is the case, we ensure that additional measures are in place to protect your data and to ensure that we continue to comply with data protection legislation.
We use cloud providers and online application providers to help us deliver services. Therefore, the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK or where we have put in place additional safeguards to protect your data.
How long we keep your personal information
We will only store your personal information for as long as is necessary.
Records will be kept in line with our retention policy.
Who will we share your personal information with?
We use several commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements, we ensure that there is a contract or data sharing agreement in place to ensure that the requirements of data protection legislation are met.
Privacy Impact Assessments (PIAs) will be conducted before personal information is shared in order to assess and mitigate privacy risks.
We do not sell personal information to any other organisation for direct marketing.
Sometimes we have a legal duty to give information about people. This is often because we must give that information to courts.
We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality.
We may share your information:
- for the detection and prevention of crime and fraudulent activity
- if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk
When we are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation. We may still share your information if we believe the risk to others or yourself is serious enough to do so.
Data matching may be used to help us respond to emergencies or major accidents. In conjunction with the emergency services, we may identify individuals who need additional support during the event, for example, an emergency evacuation.
Specific services might share your personal information with 3rd parties, please see our service specific privacy notices for more information.
Privacy notices for our services
- Accident records
- Animal services
- Anti Social Behaviour Case Reviews
- Aqua Springs Beauty Therapy
- Building Control
- Business Rates
- Book a slot at Colchester Waste Centre
- Cemetery and Crematorium
- City Centre Wardens
- Colchester + Ipswich Museums
- Colchester eCargo Bike Library Hire Scheme
- Colchester Events Company
- Colchester Market Traders
- Colchester Museums Development Foundation
- Colchester Sports Park
- Council Tax
- Electoral Services
- Energy Bills Support Scheme (EBSS) Alternative Funding
- Energy Efficiency Home Improvement Grants
- Environmental Protection
- Fishing Permits
- Freedom of information
- Garden waste subscription service
- Healthy Homes
- Health and Housing Referral Scheme
- Help us get it right
- Homes for Ukraine privacy notice
- Housing Benefit and Local Council Tax Support
- Job applicants
- Land Charges
- Leisure World sites
- Licensing, Food and Safety
- Local Development Plan
- National Fraud Initiative
- Neighbourhood Services
- Payment Processing
- Planning Inspectorate Privacy Notice Amendment for Local Plan Examinations
- Planning Enforcement and the use of Council Tax data privacy notice
- Private Sector Housing
- Social Housing Decarbonisation Fund
- Street Naming and Numbering
- Sustainability Team
If you call our Contact and Support team, our staff can search various systems to find out about some of the previous contact you have had with us. Access to this is restricted and staff are required to operate within the guidelines set out in our Data Protection Policy.
Calls made direct to, or from, our Contact and Support team are recorded and kept for 6 months from the date of the call. If the call is transferred to a member of staff outside the Contact and Support team, the recording stops. Calls may be recorded if telephoning directly to other service teams on alternative numbers.
If you subscribe to a newsletter on our websites or at any events run by us, we will not pass your details onto any third parties. They will be stored confidentially in line with data protection legislation. To provide this service to you, we will need to collect and store your email address. You can unsubscribe at any time by clicking on the Unsubscribe link at the bottom of any of our newsletters.
In some circumstances we use cameras to capture static or moving imagery via CCTV or surveillance system such as Body Worn Cameras (BWCs).
We are committed to protecting your personal information, as well as your safety and security as you access services and visit public buildings across the City. See the surveillance privacy notice for more information.
The law gives you several rights to control which personal information is used by us and how it is used by us.
How can you access the information we hold about you?
You are legally entitled to ask to see any records we hold about you. However, we will not let you see any parts of your record which contain:
- confidential information about other people; or
- information a care professional thinks will cause serious harm to your or someone else's physical or mental wellbeing; or
- if we think that a crime may be prevented or found out by disclosing information to you.
This applies to paper and electronic records. If you ask us, we will also let others see your care record (except if one of the points above applies). To request to see the information we hold about you, please email firstname.lastname@example.org.
How can you request correction of inaccurate information?
Whilst we try to ensure that any personal data we hold about you is correct, there may be situations where the information we hold is no longer accurate. If this is the case, please contact the department holding the information so that any errors can be investigated and corrected. You should let us know if you disagree with something written on your file. You may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example, in instances where:
- your personal information is no longer needed for the reason why it was collected in the first place
- you have removed your consent for us to use your information (where there is no other legal reason for us to use it)
- deleting the information is a legal requirement
- if your personal information has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that there are situations where the right to be forgotten does not apply. Often this will be where we are required by law to hold certain information about you.
You can ask to limit what we use your data for
In some circumstances, you have the right to restrict what an organisation carries out or ask that they stop processing your personal data.
When processing is restricted, the organisation may continue to store your data but not process it further. However, this right cannot overrule any legal obligation placed on the organisation to continue processing your personal information.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
For example, data portability could be used to upload your information to a third-party price comparison website to compare and identify best value for something like utilities or mobile phone use. It is unlikely that data portability will apply to most of the services you receive from the Council.
You can object
You have the right to object to processing of your personal data at any time.
This means that you can stop or prevent an organisation from using your data.
However it only applies in certain circumstances.
Automated decision making and profiling
You have a right to request that decisions based solely on automated processing, including profiling, which may produce a legal effect or affect them significantly, to have some form of human input so they are not automatically generated by a computer.
This right is in place to ensure that potentially damaging decisions are not taken without some form of human intervention.
Right to complain
You have the right to complain about how we use your personal data. In the first instance, please contact our Data Protection Officer by e-mailing DPO@colchester.gov.uk.
Where can I get advice?
If you would like further information or if you have any concerns about how we handle your data, these can be raised with our Data Protection Officer.
Colchester City Council
33 Sheepen Road
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit www.ico.org.uk or email email@example.com.
We will review and update this privacy notice to reflect changes in our service, as well as to comply with changes in the law.
When such changes occur, we will revise the "last updated" date at the bottom of this notice.
We encourage you to periodically review this notice to be informed about how we protect your information.
Page last reviewed: 30 October 2023