In accordance with government order we will be sharing personal data with the NHS, public health and other relevant responsible public and third sector bodies to help our response to Covid-19. The council remains committed to maintain high standards in its use of personal data. The council also recognises that sharing personal data in a timely way is critical to protecting those deemed vulnerable, by ensuring it can work with its partners and individuals across the public, voluntary and private sectors.
Data protection legislation does not prevent the council from utilizing information it already holds, as well as collecting new information to share with agencies in its response to the emergency. The council will assess the risks and the potential harm that may arise if it does not share information. The information we agree to share will take into account proportionality and necessity. The council will be accountable in its sharing by ensuring that our decisions are recorded and where necessary signed off at a senior level. The council will continue to share information using the most appropriate and secure methods.
As a Local Authority Westminster City Council collects, holds and processes a considerable amount of information, including personal information about residents, people it provides services to, and other people. It does this to provide its services in the most effective and efficient way that it can.
The council recognises that it has a duty to people whose information it holds to treat that information responsibly, keep it safe and secure, and process it correctly and proportionately. This Fair Processing Notice broadly explains what information we collect, the purpose for processing, categories of personal information and who we may share it with.
To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the council has provided or contact the department directly to ask about your personal circumstances.
Westminster City Council are registered as a Data Controller under the General Data Protection Regulation and Data Protection Act 2018. Our contact details are:
Data Protection Officer
Bi-Borough Legal Services
The Town Hall
London W8 7NX
In order to fulfil our functions as a Local Authority, as well as pursue other lawful/ legitimate interests on behalf of our residents and service users we collect information about individuals in a number of ways, for example, by letter, email, face-to-face, telephone, online forms, social media and through referrals made by third parties, and other key stakeholders acting jointly or on behalf of the council.
The general data protection regulation (GDPR) states that the council should not hold personal data longer than is absolutely necessary. Our corporate retention schedule tells you how long we keep the records we work with, what we do with them at the end of that time, and the reasons why we do those things.
We may collect personal data about you which covers basic details such as name, address, telephone number, and date of birth. We also collect some sensitive information also known as special category data, such as health data, ethnicity or religious beliefs - but only where it is needed to provide a service, fulfil a legal obligation and/ or for monitoring equality of both for customers and employees. We will always explain to you why and how this information will be used. We will always demonstrate to you what our lawful basis is for processing this type of information and where appropriate seek your consent.
As described above we collect and process information about you, so that we can carry out our public task functions as a Local Authority and to deliver public services. This includes but is not limited to:
We collect and process the following categories of personal information:
This type of personal data covers criminal allegations, proceedings or convictions and security measures. For the council this is likely to be collected where the focus is on: specific employment requirements; fraud investigations; safeguarding issues; equality initiatives; or the vital interests of the data subject and/or other individuals.
Collecting your personal information will always be for a specified purpose or set of related purposes. However if we intend to use it for any other new purposes we will normally ask you first. For instance in some cases, the council may wish to use your information for improving and developing its services, or to prevent and/or detect fraud. Where practicable and reasonable we will always seek to inform you of any significant proposed changes to how we process or intend to process your personal data, in order to ensure full transparency over how we handle your information. This can be achieved either at the corporate or service level, ie whichever is relevant for notifying you of significant changes or where it necessitates obtaining your consent to the processing.
Westminster's commitment will be to ensure that the data is:
The council will demonstrate its compliance with these principles.
The council will ensure that it meets the conditions necessary for processing personal data lawfully and will ensure this is adequately recorded. There are a number of ways that processing can be lawful. Consent is one method, but it is important to know that consent is not always required and the council can lawfully process personal data as long as a condition is met. For example, the council would be unlikely to collect council tax arrears if residents could withdraw their consent for processing their data for this. You can find out more about the conditions on the ICO website.
We will sometimes need to share information between council departments, services and elected Members, as well as other organisations such as our partners, third party contractors, government bodies, the police, health and social care organisations, housing associations, landlords and educational establishments.
We will only share information where it is appropriate and legal to do so. We may also share information, for example, if there is a risk of serious harm or threat to life, for the prevention and detection of fraud or crime, assessment of any tax or duty or if we are required to do so by any court or law. Where this is necessary, we are required to comply with all aspects of the data protection laws.
It may sometimes be necessary to transfer personal information overseas. When this is needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the UK Data Protection Act 2018
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We may also anonymise some personal data you provide to us to ensure that you cannot be identified and use this data to allow the council to effectively target and plan the provision of services.
You have the right to request a copy of the information that we hold about you.
The new UK Data Protection Act 2018 also gives you additional rights that refer to how the council holds and uses your information.
Consequently, under certain circumstances, by law you have the right to:
Any automated decision making carried out by the council will be described in the relevant departmental privacy notice.
There are various ways in which the council may be contacted: by letter, face to face, email, telephone, online forms, voicemail, social media, such as Facebook, Twitter etc. In all cases the council is committed to protecting the personal data you provide. When contacting the council by phone, in line with council policy, calls into our contact centers are recorded. The recording is needed to quality manage the performance of council agents, to ensure the quality of service information provided and to measure and improve the quality of the customer experience. Recordings are retained for a specified timeframe and then deleted in line with council policies.
Our policy is to respect and protect the privacy of anyone who visits our website. Where we ask you for personal information via an online form, this information will only be used for the purpose indicated and will be held in a secure manner. It will not be used for any other purpose without your permission and will not be kept for longer than necessary. If you are concerned about providing your personal information online please contact us and we will arrange alternative means for you to provide this information.
Cookies enhance your experience using our website. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the site.
We collect IP addresses (a unique string of numbers that identifies each computer) only for the purposes of system administration and to audit the use of our site. We do not link IP addresses to anything personally identifiable, which means that while your user session will be logged you will remain anonymous to us.
You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.
You have a right to complain to us if you think we have not complied with our obligation for handling your personal information.
If you are not satisfied with the council’s response you have a right to complain to the Information Commissioner’s Office (ICO). You can report a concern by visiting the ICO website.
As the council creates new services, this may generate need to amend the Notice. Any changes with regard to how the council processes personal data will be posted on this page.