We are registered as a data controller with the Information Commissioner’s Office (ICO). This page includes general information about the types of personal data we process, what we use it for, and who we share it with.
Privacy and data protection
Your personal data – what it is
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual.
Your rights
You have the right to see the personal data we process about you, as well as the right to request erasure of your records, objection to processing, rectification of records and restriction of processing or destruction.
If you have any questions or concerns about the way we process your personal data, contact our Data Protection Officer at DPO@n-somerset.gov.uk
If you wish to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance, but you are not obliged to do this. You can make your complaint directly to the Information Commissioner’s Office.
The Law
The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (GDPR”, the Data Protection Act 2018, and other legislation relating to personal data and rights such as the Human Rights Act.
Under GDPR, we are required to inform people about how we will use people’s personal data and for what purposes. We do this using privacy notices.
However, there are exceptions to the applicable data protection laws which require us to share personal data wherever necessary to the purposes of safeguarding, law enforcement and prevention of fraud.
Our privacy notice
This corporate privacy notice provides general information about the council’s personal data processing activities overall. As the range of services the council provides is so varied, we have also produced individual privacy notices to explain specifically how your data will be used within each service area. You can find links to these on the left of this page.
Personal data
The personal data processed by the council in order to perform its official tasks includes:
- names, titles, aliases, photographs
- contact details such as telephone numbers, addresses and email addresses
- gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition and dependants
- social care records for adults and children in our care
- financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers and claim numbers
Consent and GDPR
When you are asked to consent to a data controller’s use of your personal data this implies the controller is relying on “consent” as the legal basis for such use.
Consent may not be used as the legal basis for processing your personal data if:
- you do not have a free choice
- you have not been provided relevant privacy information (what personal data may be used, how, and why)
- refusing consent may have a negative impact on you (this is the case where consent is a condition of receiving the service you want)
- there is an imbalance of power between the person and the organisation requesting the consent. This is likely when the organisation is a public authority
- GDPR provides a more appropriate basis for processing (such as for processing by public authorities in the exercise of their tasks)
The council does not generally request consent for using your personal data as, in accordance with the rules above, it is not a valid legal basis for processing involved in carrying out our official functions and tasks.
We will, however, request your consent for us to provide the actual support service we are offering you. This choice should also be informed by relevant privacy information. Therefore, we will always tell you about how and why we will use your information to provide the service before you decide whether you agree to receive it.