- Council and democracy
This privacy notice is here to tell you what information we collect about you, what we do with that information and why we do it, who we share it with, and how we protect your privacy.
This notice covers all personal data collected by the council and where we tell other organisations to collect information for us. This is the same whether the information is collected by letter, email, face to face, telephone or online.
Personal information is information that identifies a living person. That can be obvious information like name and address, or it may be something like an IP address or an identifier like an NHS number.
This includes information you tell us about yourself, information we are given by other people or organisations, or what we learn by having you as a resident or client.
Some information is considered more sensitive or special:
- sexuality and sexual health
- religious or philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic/biometric data
- criminal history
We must take extra care when collecting and using these types of information.
Why we need your personal information
We use personal information in many ways, either because the law says we must, or because the law allows us to, so that we can deliver council services. We use personal information:
- to provide services and support to you. For example, you give us information on a benefit claim form so that we can handle your benefit claim.
- to protect and support people living and working in our borough (safeguarding).
- manage our services to see how we can best deliver services and support to you, and make sure we’re spending public money in the best way.
- to monitor how well we dealt with your request, for admin purposes and to handle any complaints.
- so that we can tell you about and provide services that suit your needs. For example, providing assistance to new parents, or telling you about any free services or additional help available to you.
- because the law says we must. For example, the council must monitor how well it meets the requirements of laws on equalities and health and safety.
- where we need to for legal duties. The council has responsibilities for areas like licensing of premises (such as pubs), planning enforcement, trading standards and council tax where we legally must process personal information. Sometimes this is information provided by the individual and sometimes other people or organisations have provided information about individuals, for example if someone makes a complaint to us.
- where we must process personal information so that we comply with legal obligations for the prevention and detection of crime. For example, investigating fraud against the council or working with the police.
- so that we can make financial transactions for things like grants, payments and benefits involving the council, or where the council is acting for another government body like the Department for Work and Pensions (DWP).
- for statistical and research purposes.
Why we can use your personal information
We can only collect and use (process) personal information if we have a proper reason or 'legal basis' to do so. In most cases, our legal basis is because there is a law or laws that require us to deliver a service. We call this a statutory duty.
The legal reasons for using personal information are:
- it is necessary to undertake our statutory duties
- it is required by law
- you have entered into a contract with us
- it is necessary to deliver health or social care services
- you, or your legal representative, have given consent
- you have made your information publicly available
- it is necessary for legal cases
- it is necessary for employment purposes
- it is necessary to protect someone in an emergency
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
Who we share information with
We do not sell your personal information to anyone. We don't share your personal information with any people or organisations unless they are providing services to us under contract or where providing that information is allowed by, or required by, law.
Personal information we collect is routinely shared between council services as well as with other organisations such as government bodies, the police, health & social care organisations and educational establishments like schools. We do this where have a legal basis to do so.
We consider Barnet to be a ‘commissioning council’, where we work with partners like the health service, or private companies to deliver the best service that is also value for money.
Our partners include Barnet Homes for housing services and Your Choice Barnet for specialist social care and support to adults. Companies that we ask to work on our behalf include Capita for the Customer Support Group (CSG) contract, who provide services such as HR and Revenues and Benefits, or the joint venture company Re Limited, for services such as planning and environmental health.
We only share information with these organisations where the law says we must, or where the law says that we can. We require these organiations to follow the law, including data protection laws, and we make routine checks before information is shared, to make sure that these organisations have adequate systems and procedures in place to protect your information.
What we do with your information
There are some things we do across the whole council that use your personal information. and those are listed below. We also use different information for delivery of different services and to make this information easy to use, on the left-hand side you will see categories of the services that we deliver. This is so that you can easily identify which processes affect you.
Reviewing and improving our services
We regularly use personal information to look at how people are using our services and whether we are performing well. This may be assessments that we do within our services, or we might contact you to ask you for feedback on our services.
This helps us to improve the way we deliver services to you, and to plan the best way to deliver services to people.
Calls made to our customer services are recorded for monitoring purposes, to make sure we are always giving a quality service. We keep recordings for 6 months and use them to work with our staff to maintain and improve service standards.
We don’t usually use recordings for a specific customer complaint, but if a recording is relevant to consider as part of a customer complaint, the recording will be kept for as long as necessary during the complaint process.
Statutory Returns and Public Registers
A statutory return is when the law says that we must provide specific information about you to another organisation. An example of this would be the pupil census data that the council must provide to the Department of Education.
We are also required to publish some information or make it available on a public register.
Data Matching (comparing information from different sources)
We routinely check information we hold about you across different areas of the council. We also sometimes collect information about you from other organisations (such as another council). We do this so that we can:
- check that the information we hold about you is accurate
- prevent or detect crime
- protect public funds from fraud
- meet our legal obligations
We may provide information about you to other organisations (such as another council) so that they can do these things too.
Anti-Fraud and Crime Prevention
We use personal information across all our services to help to prevent and detect crime and fraud and to protect the public funds that we manage. The law allows us to use and share personal information so that we can do that. Our anti-fraud team does much of this work and we also share information with organisations like the police or the DWP, or professional bodies like those that regulate a particular type of job, such as social workers or solicitors.
National Fraud Initiative
We provide information to the Cabinet Office for the National Fraud Initiative. This is a data matching exercise to assist in the prevention and detection of fraud and the use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. We are required to take part and provide personal data to the Cabinet Officer for data matching.
All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so they can detect instances of fraud, over- or under-payments and other errors, to take remedial action and update their records accordingly.
From 1 April 2015 the National Fraud Initiative has been conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA). Previous exercises were conducted by the Audit Commission under Part IIA of the Audit Commission Act 1998.
Data matching by the Cabinet Office is subject to a code of practice.
For further information on the Cabinet Office's legal powers and the reasons why it matches particular information please visit the Gov.uk website.
There are laws that give the council specific responsibilities for safeguarding (protecting people). These include our responsibilities for caring for children and vulnerable adults. We also have a broad duty of care to our residents and clients. Together, these responsibilities require, or allow us, to use personal information and share it with relevant organisations like the police, health and social care services. All our services use personal information for safeguarding purposes.
The council must respond to requests made under laws that allow access to information. The Freedom of Information Act 2000 and Environmental Information Regulations 2004 require us to answer requests for information that we hold. Data protection legislation also requires us to respond to requests for information about individuals, which we tell you more about in the Your Rights section of this notice.
All council services use personal data so that we can comply with these laws.
We use personal information to handle any complaints you or another person makes to us. Sometimes we manage complaints for specific legal reasons, such as for enforcing planning law or for environmental health reasons.
Sometimes we collect equalities-type information from you because it is necessary for us to deliver a service to you or support you. For example, many of our social care teams need information about disabilities so that they can assess you for the right support.
We also often collect equalities information on our forms or as part of working with you, because the Equality Act 2010 requires the council to show that it has given ‘due regard’ to equalities as we plan and deliver our services and how we involve our residents and service users. We aim to consider the needs of everyone who lives in the borough, including the protected characteristics listed in the Equality Act, and other people who may experience disadvantage. We collect equalities information such as your age, gender, ethnicity and race, religion, sexual orientation and disability status and sometimes, where relevant, gender reassignment, pregnancy, maternity and marriage/ civil partnership, and make it anonymous, so that we can use the information to better plan and deliver our services and ensure that no one is unfairly disadvantaged.
The council sometimes also asks extra questions where relevant, for example, about particular disabilities, including learning disabilities, and mental health issues, carers (including young carers), people on low income, people from areas of deprivation and the unemployed.
The disclosure of equalities information is voluntary (unless we need it assess your support needs) and we always include an option if you prefer not to say.
Insight and profiling
We use personal information to analyse patterns and trends of service use. We call this insight, and we use the information to plan and improve the services we deliver, to better plan where and how we spend public money, and to help us make decisions and create policy. For example, we analyse information to place children’s centres in areas where they are most needed.
For our insight work we use personal information we hold about individuals and information that we get from other organisations, like credit reference agencies. Usually the results of the analysis are anonymised, which means that it doesn’t identify an individual. Sometimes we have to identify individuals, for example where we need to identify those that qualify for a service.
By bringing together and analysing customer information that the council holds (creating insight) it helps us to deliver high quality services where they are most needed.
My Account (council website)
MyAccount is the way to register with the council’s website to access information, such as your library account, and sign up to be sent notifications about different services.
Individuals like you (data subjects) have rights under data protection laws to control what information you provide to us and what we can do with it.
Asking for your own information is called a Subject Access Request (SAR)
More details on your full rights under data protection law can be found on ICO website [link www.ico.org.uk].
You can ask for access to the information we hold on you
We usually expect to share what information we hold about you with you whenever we assess your needs or deliver services to you.
You also have the right to ask for information we hold about you and the services you receive from us. When we receive a request from you in writing, also called a Subject Access Request, we must give you access to everything we’ve recorded about you.
The law tells us that we can withhold information from you where it:
- also contains confidential information about other people
- will cause serious harm to your mental or physical health and wellbeing
- may stop us from preventing or detecting crime or collecting tax
Requests are free and we must respond with 30 days, unless your request is large or complicated, when we are allowed to take longer to respond to you.
If you can’t ask for your records in writing, we’ll help you to make your request.
Making a Subject Access Request
You can ask to change information you think is inaccurate
If you believe that information we hold about you is wrong, you can ask us to change it. This might be if we have spelled your name wrong or have an incorrect address.
You should speak to the council department who is delivering the service to you to let them know you think something is wrong.
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Where we have shared your personal information with others, we’ll do what we can to tell them to correct the information.
You can ask us to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason it was collected in the first place
- Where you have removed your consent for us to use your information (where there is no other legal reason for us to use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
We cannot always delete your information, for example, if there is a legal reason we need to keep it or where you still expect us to deliver a service to you. But we should tell you why we can’t delete what you are asking us to.
Where we have shared your personal information with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
There are other rights that you have under data protection law, but they don’t often apply to information we are holding about you. This is because we are a local authority and usually have a legal reason to collect and use your information.
The ICO website has full details on your rights
If you have questions
Data Controller: London Borough of Barnet
The London Borough of Barnet is required to appoint a Data Protection Officer (DPO), who is responsible for monitoring our compliance with data protection legislation and advising on our data protection obligations.
If you have any questions or worries about how the council collects or uses your personal information you can contact the Data Protection Officer:
For independent advice about data protection and privacy, you can contact the Information Commissioner’s Office (ICO). The ICO oversees how organisations comply with data protection legislation in the UK.
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Visitors to our websites
When someone visits our website we collect routine internet log information, which allows us to see visitor behaviour patterns. We do this to determine which pages are being viewed as this assists us in improving our website.
Internet log information is collected in a way which doesn’t allow us to identify you and we do not make any attempts to find out the identities of individuals visiting our site.
Cookies are small text files, placed on your computer or mobile device by the websites you visit. They are widely used to make websites work, or work more efficiently.
- recognising your computer so you don't have to give the same information several times
- recognising that you may already have given a username and password
- measuring how many people are using our websites, so we can make improvements.
If you do not want to accept cookies, your browser can be set to automatically reject them or to inform you every time a website asks to store a cookie. You can also delete previously stored cookies.
You can find out more about cookies and how to manage them on the GOV.UK website.
The cookies we use
|_ga||.barnet.gov.uk||Google Analytics Cookie|
|_gat_UA-60148629-1||.barnet.gov.uk||Google Analytics Cookie|
|_gid||.barnet.gov.uk||Google Analytics Cookie|
|IDE||.doubleclick.net||Google Advertising Cookie|
|act||.facebook.com||Facebook Tracking Cookie|
|c_user||.facebook.com||Facebook Tracking Cookie|
|datr||.facebook.com||Facebook Tracking Cookie|
|dpr||.facebook.com||Facebook Tracking Cookie|
|fr||.facebook.com||Facebook Tracking Cookie|
|m_pixel_ratio||.facebook.com||Facebook Tracking Cookie|
|pl||.facebook.com||Facebook Tracking Cookie|
|presence||.facebook.com||Facebook Tracking Cookie|
|sb||.facebook.com||Facebook Tracking Cookie|
|wd||.facebook.com||Facebook Tracking Cookie|
|1P_JAR||.google.co.uk||Google Tracking Cookie|
|APISID||.google.co.uk||Google Tracking Cookie|
|CONSENT||.google.co.uk||Google Tracking Cookie|
|HSID||.google.co.uk||Google Tracking Cookie|
|NID||.google.co.uk||Google Tracking Cookie|
|OGPC||.google.co.uk||Google Tracking Cookie|
|SAPISID||.google.co.uk||Google Tracking Cookie|
|SID||.google.co.uk||Google Tracking Cookie|
|SSID||.google.co.uk||Google Tracking Cookie|
|1P_JAR||.google.com||Google Tracking Cookie|
|AID||.google.com||Google Tracking Cookie|
|APISID||.google.com||Google Tracking Cookie|
|CONSENT||.google.com||Google Tracking Cookie|
|HSID||.google.com||Google Tracking Cookie|
|NID||.google.com||Google Tracking Cookie|
|S||.google.com||Google Tracking Cookie|
|SAPISID||.google.com||Google Tracking Cookie|
|SID||.google.com||Google Tracking Cookie|
|SIDCC||.google.com||Google Tracking Cookie|
|SSID||.google.com||Google Tracking Cookie|
|_ga||.govmetric.com||Gov Metric Tracker|
|qos_token||.openstreetmap.org||Open street map|
|AWSELB||hitcounter.govmetric.com||Govmetric Hit Counter|
|ASP.NET_SessionId||barnet.moderngov.co.uk||Barnet commitee papers website cookie|
|JSESSIONID||account.barnet.gov.uk||Session IDs for Myaccount users|
We make every effort to ensure all information is virus checked before it is uploaded and made available on our website. The council cannot accept responsibility for any loss or damage which may occur from use of downloaded documents, it is the responsibility of users to re-check all downloaded documents with their own virus check software.
Updating this privacy notice
We will update this privacy notice when how we collect and use your information changes. We encourage you to check this privacy notice before providing us with any personal information.
- Data protection
- North London Business Park (NLBP),
Oakleigh Road South, London N11 1NP
- Tel: 020 8359 2000
- FAX: 020 8359 3000
- Email: firstname.lastname@example.org