Monday 25th March 2019
Welcome to
A-Z of services
Text size

Privacy notice

Sub heading

​We are committed to protecting your privacy when you use our services. This privacy notice explains how we use your information you and how we protect your privacy.
A list of services we provide will be available at the bottom of the page soon. Under each service we'll include more information about what we do with your data within that service, where it is different to the main policy below. We'll also provide information about who we may share your information with and why. 
Our Interim Chief Executive, Laura Church, is the data controller for Luton Council. We have a data protection officer who makes sure we respect your rights and follow the law in the way we use your data.

If you have any concerns or questions about how we look after your personal information, please contact:

Yvonne Salvin
Data Protection Officer
Email: [email protected]
Telephone: 01582 546398

Subject access request (SAR)

You have a right to access any personal data we hold on you and can also ask for it to be amended, deleted or restricted.
Click the button below to make a subject access request.

Apply to access, amend, delete or restrict personal records

Service privacy notices

Variations by service to our main privacy notice can be found using the orange button below.

View service privacy notices ​​​

Do you know what personal information is?

Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can identify you. For example, this could be your name and contact details, together with your Council Tax reference number.

Some personal information is more sensitive than others and is known as special category information. This may be information about your medical needs; your religious or political views; your ethnicity or your sexuality. We will ensure this information is well protected and that we only use and share it if we have to.

Why do we need your personal information?

We may need to use some information about you to:

  • deliver services and provide support to you
  • manage the services we provide to you
  • train and manage the workers who deliver those services
  • help investigate any complaints you have
  • keep track of spending on services
  • check the quality of our services
  • help with research and planning of new services
  • to collect debts owed to the council where the law allows
  • detect and prevent fraud

How the law allows us to use your personal information

There are a number of legal reasons why we need to collect and use your personal information.

Separate privacy notices explain the legal reasons for each service’s use of your data. Use the orange button below to read individual notices.

Generally we collect and use personal information where:

  • you have entered into a contract with us
  • it is necessary to perform our statutory duties
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for employment purposes
  • it is necessary to deliver health or social care services
  • you have made your information publicly available
  • it is necessary for legal cases
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes
  • you or someone acting on your behalf has given consent

View service privacy notices

We only use what we need!

Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement.

If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.

If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.

We don’t sell your personal information to anyone else. Electoral registration information is accessible to the public and to specified organisations.

What you can do with your information

The law gives you a number of rights to control what personal information is used by us and how it is used by us.

  • You can ask for access to the information we hold on you.
  • You can ask to change information you think is inaccurate.
  • You can ask to delete information (right to be forgotten).
  • You can ask to limit what we use your personal data for.
  • You can ask to have your information moved to another provider (data portability).

We may not always be able to change or remove information that we hold about you because in some cases we are required in law to retain it.

However, where we can’t delete your data we will correct factual inaccuracies and might, in certain circumstances, include your comments in our record to show that you disagree with it.

We cannot delete your information where:

  • we’re required to have it by law
  • it is used for freedom of expression
  • it is used for public health purposes
  • it is for, scientific or historical research, or statistical purposes where it would make information unusable
  • it is necessary for legal claims

If you would like to access your records or want to amend, delete or restrict the processing of your data please click the button below to use this online request form.

Apply to access, amend, delete or restrict personal records

Who do we share your information with?

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law and our own privacy standard. This is usually through a contract or an information sharing agreement.

Sometimes we have a legal duty to provide personal information to other organisations. This may be for the prevention and detection of crime or the safeguarding a child or adult. It is often because we need to give that data to courts, including:

  • if a child becomes looked after
  • if the court orders that we provide the information
  • if someone is admitted into care under mental health law

For all of these reasons the risk must be serious before we can override your right to privacy.

If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.

We may still share your information if we believe the risk to others is serious enough to do so.

There may also be rare occasions when the risk to others is so great that we need to share information straight away.

If this is the case, we’ll make sure that we record what information we share, who we shared it with and why we needed to share it. We will let you know what we’ve shared and why if we think it is safe to do so.

Data matching, mining and analysis

While providing services to our citizens, we are also required by law to:
  • prevent and/or detect potential fraud and crime
  • protect the public purse and/or minimise waste
  • make adequate provisions for safeguarding
  • make adequate provision for auditing
  • carry out emergency response planning

To help us to do this, we may share and process the information provided to us in different ways. This information includes that which is held in respect of:

  • antisocial behaviour
  • Blue Badges
  • council employee payroll
  • council employee pensions
  • council tax
  • electoral register
  • enforcement: trading standards, environmental health and waste
  • housing
  • housing benefit and council tax reduction
  • insurance
  • investigations
  • leisure
  • libraries
  • licensing: merchants, dealers, market traders, taxi drivers/operators, personal/alcohol licences and HMO licensing
  • property: planning, building regulation, business rates
  • schools
  • contact centre (Customer Relation Records (CRM)
  • provision of council-funded services
  • information provided to the council to assist us in our legal obligations
  • other local authority records held in respect one or more of the above
  • information provided by external organisations:
    • credit reference agencies
    • social housing providers (including registered social landlords)
    • Bedfordshire Police and Bedfordshire Fire Service

Information sharing

We share information internally, but we may also share information with other parties in order to fulfil our obligations or if it is required by law.

Other parties include:

  • Cabinet Office
  • Department for Work and Pensions
  • Department for Education
  • other local authorities
  • HM Revenues and Customs
  • police
  • fire services
  • credit reference agencies
  • service providers/contractors and/or partner bodies

Subject to our controls, security requirements and governance via the audit function, much of the information we share to prevent and detect crime, protect public funds and support the safeguarding function is done through data warehousing.

This is a very efficient and secure way of sharing information. The process of accessing information through a data warehouse is sometimes referred to as data mining.

Data matching

Applying the same controls as we do for data mining, we also carry out data matching. This is a more sophisticated way of processing large volumes of information.

While it's also an efficient way to identify crime for example, it also enables us to identify information that is inaccurate or out of date. This helps us comply with the Data Protection Act 2018. In certain circumstances, data matching also improves service provision through better use of data.


When the data matching or data mining processes identify records which contain contradictory or conflicting information, further investigation is undertaken to establish the facts (if not obvious). No assumption is made as to which record is correct or incorrect.

Similarly, it is only at the end of an investigation when all the facts have been established that we make a decision as to whether a fraud or crime has taken place for example. Where this is the case, the matter is dealt with in accordance with the relevant prosecution policy. In the majority of instances, records simply need correcting, although this sometimes results in changes in service provision.

Other data matching

In addition to the data matching and data mining that we carry out, the government also conducts its own data matching exercises, utilising its statutory powers. This is commonly known as the National Fraud Initiative (NFI).

We're required by law to participate in the NFI. More information can be found on GOV.UK.

If you have any concerns about what we hold on you and how we handle it, please contact us using the details below.

Information Governance team

Business Intelligence
Luton Council
Town Hall
George Street
Luton LU1 2BQ

Email: [email protected]
Telephone: 01582 546398

How do we protect your information?

We will make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:

Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.

Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.

Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.

Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.

Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

Where in the world is your information?

The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.

We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with any third party who may transfer it out of the EU.

If we need to send your information to an ‘unsafe’ location we’ll always seek advice from the Information Commissioner first.

How long do we keep your personal information?

There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention-schedule.

For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.

How do I make a complaint?

If you have a concern about the way we're collecting or using your personal data, we would appreciate the chance to deal with your concerns before making a complaint to the Information Commissioner’s Office.

You can raise your concern by contacting our Data Protection Officer:

Email: [email protected]
Phone: 01582 546398
Letter to:
Data Protection Officer
Luton Council
4th Floor, Luton Town Hall
Luton, LU1 2BQ

You also have the right to raise a concern or make complaint to the Information Commissioner at any time:

Email: [email protected]
Phone: 0303 123 1113 (local rate) or 01625 545 745
Letter to:
Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Cookies and how you use this website

To make this website work better for you and us we sometimes put small files or ‘cookies’ onto your device (for example your computer or mobile phone).

Some of our cookies are essential, and parts of our site won’t work without them.

We use this information to:

  • understand how you use our websites so that we can keep them updated and improve them based on your needs
  • remember your preferences or information you have given so you don't have to give the same information more than once

We don’t use cookies on this website that collect information:

  • which would identify you personally
  • about other websites you have visited

By using our website, you agree that we can place these types of cookies on your device.

Find out how we use cookies on our websites here.

How you use this website

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the website work better.

Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.

We do not collect or store any other personal information (for example your name or address) so this data cannot be used to identify who you are.

Contact us