Privacy notice

Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can identify you.

We may collect the following types of personal information about you depending on which services you receive from us:

Contact:
Name, address, email, telephone number
General:
Date of birth, gender, marital status, national insurance number, driving license, vehicle identification, passport, languages spoken, immigration status, ethnicity, sexuality, religion
Family relationships:
Details of family relationships, marital status, family breakdown and relationships, next of kin, emergency contact details, child in local authority care
Employment and education:
Occupation, education history, qualifications, references, contact with other educational professionals/services, school exclusion history, special educational needs, school, teacher assessment judgements, attendance and attainment information, application history, CV, Interview notes/scores, proof of right to work documentation, proof of address, proof of identity, references, education and professional qualifications, disciplinary data, DBS number, DBS expiry, HCPC number (Social Work), trade union membership, trade union membership
Financial information:
Income, pensions, benefits and allowances, bank accounts, savings, investments, unique tax reference, property ownership, council tax, debt history, rent history, business activities, landlord details
Criminal history:
Criminal convictions, cautions and restorative justice
Health information:
Dentist and GP contact details, medical conditions including mental health, mental capacity assessments, history of substance abuse, smoking status, disability data, pregnancy data, blue badge number, NHS number, sexual health

Some of the personal information we might collect is more sensitive than others and is known as special category information. This may be information about your:

• criminal history
• ethnicity
• genetic or biometric data
• physical or mental health
• political opinion
• religious or philosophical beliefs
• sexuality
• sexual health
• trade union membership

It’s often information you would not want widely known and is very personal to you. We will ensure this information is well protected and that we only use and share it if we have to.

We may need to use some information about you to:

• deliver services and provide support to you
• manage the services we provide to you
• train and manage the workers who deliver those services
• help investigate any complaints you have
• keep track of spending on services
• check the quality of our services
• help with research and planning of new services
• to collect debts owed to the council where the law allows
• detect and prevent fraud

For example we will process information about you when you make a claim or apply for:

• personal budget / social care
• taxi license
• market trader license
• personal alcohol license
• social housing - this includes tenants and those on the housing waiting list
• right to buy applicants
• transport pass and permits
• council tax reduction schemes
• universal credit
• housing benefit
• insurance claim against the council
• policy in practice low income family tracker (LIFT)

This list is not exhaustive. When you use a council service we will normally collect data about you in order to provide that service to you.

There are a number of legal reasons why we need to collect and use your personal information.

Personal data

Consent:
You have given clear consent for us to process your personal data for a specific purpose.
Contract:
The processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.
Legal obligation:
The processing is necessary for us to comply with the law
Vital interests:
The processing is necessary to protect your life
Public task:
The processing is necessary for us to perform a task in the public interest or for our official functions as a public authority.

Special category data

Consent:
You have given clear consent for us to process your personal data for a specific purpose.
Employment, social security / social protection: Your data is necessary for employment or social security purposes
Vital interests: The processing is necessary to protect your life
Not for profit: Your data is processed by a not-for-profit body that you belong to
Public domain: You have already made your information publicly available
Legal defence claims: It is necessary for legal cases or by the courts
Substantial public interest: It is for the benefit of society as a whole
Adult social care: It is necessary to deliver health or social care services
Public interest in public health: It is necessary to protect public health
Scientific/historical research, statistics or public archiving: It is necessary for archiving, research, or statistical purposes

If you want to see more information about the why our services collect data about you please refer to our service privacy notices.

We will only collect and use personal information if we need it to deliver a service or meet a specific requirement.

If we don’t need your personal information we will either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.

If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.

We will never sell your personal information to anyone else. Electoral registration information is accessible to the public and to specified organisations.

The law gives you a number of rights to control what personal information is used by us and how it is used by us. You are not required to pay any charge for exercising your rights. We have one month to respond to you.

The UK GDPR refers to these as “data subject rights”.

Where your request cannot be actioned, we will always provide a written response explaining our decision.

Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
For example: we will not share confidential information about other people (third party data), information that a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing or information that may stop us from preventing or detecting a crime
If you are able to tell us about a specific team or officer that you think will have the information this will help us to find the information more efficiently.

Right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Please note, Luton Council must only change facts that are wrong, for example your date of birth. Luton Council does not have to amend written opinions, for example a social worker’s professional opinion. However, you can ask Luton Council to add a statement to the record to reflect your view in these cases.

Right to erasure
You have the right to ask us to erase your personal information where one of the following applies:

• the data is no longer necessary
• Luton Council’s data processing was unlawful
• it was processed with consent which has been withdrawn and there are no other legal grounds to keep it
• the data was processed online with parental consent
• you have made a successful objection to the processing (see the right to object)
• Luton Council has a lawful obligation to erase it

However, the right to erasure is not an absolute right. This means that Luton Council does not have to erase your information where one of the following exemptions applies:

• Luton Council needs to use it to comply with a legal obligation or for the performance of a public interest task or exercise of official authority. For example, we must keep adoption records for a specific period, and there are statutory duties on the council such as safeguarding and council tax that require us to process personal data. This list is not exhaustive.
• Where Luton Council needs to use the information for public health purposes in the public interest such as dealing with a pandemic
• Where Luton Council needs to use the information in legal proceedings
• Where Luton Council is exercising the right of freedom of expression and information
• Where erasure would undermine archiving in the public interest or scientific or historical research

Right to restriction of processing
You have the right to ask us to restrict the processing of your information when you make an objection. This will stop us from processing it whilst we consider your objections.
You can ask for processing to be restricted in these cases:

• you are disputing the accuracy (see right to rectification)
• Luton Council’s processing is unlawful, but you don’t want it erased as you wish to complain to the ICO
• Luton Council is processing your data for public interest or legitimate interest reasons and you’ve objected to this (see the ICO’s guidance on right to object)

Luton Council does not have to restrict the processing of your information where one of the following exemptions applies:

• where there is public interest for example we need to comply with planning laws or the law relating to children’s welfare
• for the protection of others’ rights
• where Luton Council needs to process the data for legal cases or to seek legal advice etc

Right to object to processing
You have the right to object to Luton Council processing your information.
If Luton Council are processing your personal data:

• based on consent
• for direct marketing, including profiling

you can withdraw your consent and ask us to stop processing at any time.

Please be aware that Luton Council does very little processing based on consent. Most of our processing is done because the law requires us to undertake functions for example: council tax recovery, social services functions, planning etc.

You also have the right to object if the processing is for:

• a task carried out in the public interest;
• the exercise of official authority vested in Luton Council; or
• Luton Council’s legitimate interests (or those of a third party)
• for purposes of scientific/historical research and statistics

However, the right to object is not an absolute right and you must give specific reasons why you are objecting to the processing of your data.

Please note, Luton Council do not have to stop the processing of your information where one of the following exemptions applies:

• Luton Council can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual e.g. safeguarding work, enforcement activities in public safety; or;
• the processing is for the establishment, exercise or defence of legal claims

Right to data portability
The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This enables you to obtain and reuse your personal data across different services.
You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
You may request that this is given to you in a ‘structured commonly used and machine-readable format’ to enable you to take it to another controller.

The right to data portability only applies:

• to personal data that you have personally provided to Luton Council
• where we are processing information based on your consent or under, or in talks about entering into a contract
• where the processing is automated (i.e excluding paper files)

Automated decision making and profiling:
If we make a decision which legally affects you by using a computerised system or programme that does not involve human intervention, our service specific privacy notices will explain this.
You can ask to have any computer made decisions explained to you, and details of how we may have ‘profiled’ you. You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, for example, your health conditions. If we are carrying out any of these activities we will:

• tell you about the processing
• introduce simple ways for you to request human intervention or challenge a decision
• carry out regular checks to make sure that our systems are working as intended

If we are processing your information for criminal law enforcement purposes, your rights are slightly different.

If you would like to access your records or want to use any of the rights outlined above please use this online request form, apply to access, amend, delete or restrict personal records.

Most of your data is obtained from you when you apply for our services. In addition we might receive information about you from other organisations that work with us to provide services for you. Examples of these organisations are:

• police authorities
• other local authorities
• fire and rescue authorities
• ambulance services
• pension authorities
• residential and nursing care homes and supported living providers
• voluntary sector organisations
• The Care Quality Commission
• Health and Care Professions Council
• Primary Health sector such as GPs
• the courts
• Traffic Penalty Tribunal
• Traffic Enforcement Centre
• appointed enforcement agents
• immigration services
• OFSTED
• Office of National Statistics
• the council’s insurance provider
• NHS trusts and strategic health authorities
• clinical commissioning groups
• passenger transport authorities
• waste authorities
• Greater London Authority and its functional bodies
• Home Office
• Cabinet Office
• housing associations
• probation authorities
• insurance fraud bureau
• other government departments
• domiciliary care agencies
• department for work and pensions
• Vehicle and Operator Services Agency
• Gambling Commission
• National Fraud initiative
• Environment Agency

As well as providing services to our citizens we are required by law to:

• prevent and detect potential fraud and crime
• protect the public purse and minimise waste
• make adequate provisions for safeguarding vulnerable residents
• make adequate provision for auditing
• carryout emergency response planning

To help we may share and process the information provided to us in different ways. Including information held about:

• antisocial behaviour
• blue badges
• council employee payroll
• council employee pensions
• council tax
• electoral register
• enforcement trading standards, environmental health and waste
• housing
• housing benefit and council tax reduction scheme
• insurance investigations
• leisure
• libraries
• licensing merchants, dealers, market traders, taxi drivers/operators, personal/alcohol licences and HMO licences
• property: planning, building regulation, business rates
• schools
• contact Centre
• provision of council-funded services
• information provided to the council to assist us with our legal obligations
• other local authority records held in respect of one or more of the above
• information provided by external bodies

We may also share information to ensure the safeguarding a child or adult, or for public health purposes.

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law and our own privacy standards. This is usually through a contract or an information sharing agreement.

We might provide information to other organisations including:

• police authorities
• other local authorities
• fire and rescue authorities
• ambulance services
• pension authorities
• residential and nursing care homes and supported living providers
• voluntary sector organisations
• The Care Quality Commission
• Health and Care Professions Council
• Primary Health sector such as GPs
• the courts
• Traffic Penalty Tribunal
• Traffic Enforcement Centre
• appointed enforcement agents
• immigration services
• OFSTED
• Office of National Statistics
• the council’s insurance provider
• NHS trusts and strategic health authorities
• clinical commissioning groups
• passenger transport authorities
• waste authorities
• Greater London Authority and its functional bodies
• Home Office
• Cabinet Office
• housing associations
• probation authorities
• insurance fraud bureau
• other government departments
• domiciliary care agencies
• department for work and pensions
• Vehicle and Operator Services Agency
• Gambling Commission
• National Fraud initiative
• Environment Agency
• other internal council teams

In order to comply with our legal obligations to:

• prevent and detect potential fraud and crime
• protect the public purse and minimise waste
• make adequate provisions for safeguarding vulnerable residents
• make adequate provision for auditing
• carryout emergency response planning

The council may carry out data matching and data mining exercises. To do this we share information internally but we may also share information with other parties as set out in (please see 'Who do we share you information with' above)

When data matching or data mining exercises identify records which do not match further investigations are carried out to establish the facts.

Only once an investigation is completed is a decision made as to whether a crime or fraud has taken place. In the majority of cases records simply need correcting and thus these exercises help us to keep our records accurate and up to date.

In addition to the data matching and data mining that we carry out, the government also conducts its own data matching exercises, utilising its statutory powers. This is commonly known as the National Fraud Initiative (NFI).

We are required by law to participate in the NFI.

If you have any concerns about the data we hold about you or how we use it please contact:

Data Protection Officer
E: [email protected] 
T: 01582 546398

Data sharing can bring important benefits to both the council and its citizens, making your lives easier and helping us to deliver efficient services. It is important, however, that we have high data protection standards, sharing data in ways that are fair, transparent and accountable.

We will make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:

• Encryption: meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
• Pseudonymisation: meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours. Read our anonymisation and pseudonymisation policy.
• Controlling access to systems and networks: allows us to stop people who are not allowed to view your personal information from getting access to it
• Training for our staff: allows us to make them aware of how to handle information and how and when to report when something goes wrong
• Regular testing of our technology and ways of working:  including keeping up to date on the latest security updates (commonly called patches).

The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.

We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with any third party who may transfer it out of the EU.

If we need to send your information to an ‘unsafe’ location we’ll always seek advice from the Information Commissioner first.

There’s often a legal reason for keeping your personal information for a set period of time.

If you have a questions or concern about how we are collecting or using your personal information, we would appreciate an opportunity to deal with your concerns before you contact the Information Commissioner’s Office (ICO).

You can raise your concerns by contacting our Data Protection Officer.

Data Protection Officer
E: [email protected]

Or write to:

Data Protection Officer
Business Intelligence team
Luton Council
Town Hall
Luton
Beds
LU1 2BQ

If you are not happy with our response or you would like independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
T: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Alternatively, visit ico.org.uk or email [email protected].

To make this website work better for you and us we sometimes put small files or ‘cookies’ onto your device (for example your computer or mobile phone). Some of our cookies are essential, and parts of our site won’t work without them.

We use this information to:

• understand how you use our websites so that we can keep them updated and improve them based on your needs
• remember your preferences or information you have given so you don't have to give the same information more than once

We don’t use cookies on this website that collect information:

• which would identify you personally
• about other websites you have visited

Find out more about how to manage cookies.

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the website work better.

Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.

We do not collect or store any other personal information (for example your name or address) so this data cannot be used to identify who you are.