We collect and handle lots of personal data so that we can deliver services to people and businesses in Hackney.
This privacy notice applies to any personal data collected by us or on our behalf, by any format - phone, letter, email, online, or face to face.
We collect and handle data to:
- provide the service you've asked for - eg if you apply for a parking permit we will use your data to process this application
- confirm your identity and eligibility when you apply for services
- stay in contact with you eg if you sign up to one of our newsletters to get information about services
- fulfill legal obligations such as licensing, trading standards and planning enforcement
- provide information to government, when the law says we need to
- assess our performance, ensure value for money, and to set targets for departments
- to detect and prevent fraud and crime
There are 6 options available to us to legally ‘process’ your personal data. For each service we make it clear to you what option(s) we have chosen in our lower level privacy notices.
The most common for us will be ‘legal obligation’ or ‘public task’ because our focus is delivering services to you that are required, or permitted, by other existing laws.
Other options that we make use of are ‘contract’ - for example we have employment contracts for our staff; and in emergencies we may use ‘vital interests’ where it is a matter of life and death to use or share data.
We avoid, but may sometimes need to use ‘legitimate interest’ and will always explain what this legitimate interest is in the relevant lower level privacy notice.
We avoid asking for your consent where possible because we know that most of the services we provide aren’t available from elsewhere, so the consent can’t be freely-given. For services that are more optional we may use this method.
If you give us your consent to process your data, you have a right to withdraw your consent whenever you want to.
Within the Council
We share data internally across departments. In some cases, two or more departments are jointly responsible for delivering a service, so they all need to access data. In these cases we make sure that the sharing is reasonable, is in line with data protection law, and respects your rights.
We hold a central basic contact record for you in our Citizen’s Index, so that we can provide a better service to you, use public funds as efficiently as possible, and have the most up to date contact details for you across services to support your right to accurate data.
We want to avoid taking the same data from you many times, as storing it once is more secure and more accurate. One Account is an example of a place that you can tell us something once and it will update records across several departments.
Citizen’s Index is also used to share your data across services to prove your identity (with your consent). For example when you apply for a parking permit for a particular address, we can use your core contact record to link back to your council tax information to check that you live at the address.
We will ask for you consent to do this lookup, as it is optional - to save you bringing in the physical evidence that you live there.
Outside of the Council
We ask a number of companies to collect, store or handle your information on our behalf to help us to deliver our services - for example our ICT system providers. We remain responsible for your information and ensure that the right safeguards are in place through measures such as contract clauses.
In some services, we share data with other agencies such as the NHS or charities. In some of these cases we remain responsible for your data, and in other cases the responsibility is shared.
We ensure that the right safeguards are in place to keep your information safe and will always tell you more about this when the data is collected. More detail is provided in the privacy notice for each service.
We are obliged by law to share some data with central government, and other agencies. Where possible we make this anonymous and only share statistics.
If this data is at an individual level, we will let you know when we collect it. Where your consent is required to transfer information, this will be made clear to you.
Where it is necessary to share data with third parties for research purposes, we make this data anonymous to ensure that individuals cannot be identified.
There are times where we legally need to share your data with other parties, for example if a court order asks for it.
There may be exceptional cases where we feel compelled to share your data for a reason that outweighs your right to privacy:
- to protect a child
- to protect an adult who is vulnerable or at risk
- to detect and prevent fraud and crime
This list is not exhaustive, but we will never share your information if it is not legal to do so and will always consider your rights, and whether there is another way of achieving our aim, before doing so.
Some of the things we consider when deciding how long to keep data for are:
- how long we need it to deliver the service to you
- how long other laws tell us to keep it for
This means that different services, and sometimes different activities within the same service, will need to keep data for different lengths of time.
Our most commons length of time is 7 years because of a law called the Limitation Act which sets how long someone can take legal action.
This 7 year period is usually applied from the date that you stop receiving the service, instead of the date that you gave us the data - for example we will keep anything to do with a tenancy for 7 years from the date that the person stops being a tenant which in practice may be a long time after their data was first received.
We have over 200 different ICT systems that help us to deliver services to you. Currently we make decisions about deletion at key times, like when we replace an ICT system, but over the next year we will be working to:
- turn the Local Government Association guidance (that we currently follow for data deletion) into a Hackney policy
- make sure that any new systems we buy or build can delete data in line with the above
- review older systems and make decisions based on their expected life and what the system is capable of doing - for example for newer systems we will try to add in the ability to schedule deletion of data
A range of systems are used to store and process data on residents. We have a mixture of:
- on-site servers, held in secure buildings that meet the highest standards for security. These undergo regular audits to ensure compliance with national and international standards
- off-site arrangements with companies where we have audited their security to ensure that it meets our standards
- database products that require secure log-in. Access to which is restricted by our IT teams
- network access that requires either a user name and password, or a combination of this and a code generated from a mobile device
- buildings that have access only through staff passes, and secure files stored in areas that are further restricted by passes and keys
- off-site storage for archive files which are monitored by closed circuit television (CCTV), with access through secure passes
Systems are only available through strictly controlled security processes. We ensure that only the right people have access to systems, through centrally controlled management of systems.
Data protection law gives you different rights relating to the way that we use your data, and the way that you access it. These won’t all apply all of the time, we have explained this below.
The right to know what happens with your data
You have the right to be informed about what data we process about you, for what reasons, who we share it with, how long we will do this for, your rights, and how to complain. This notice is part of us informing you, but we will try to do this in a number of ways.
The right to access your data
You have a right to access information we hold about you, through a subject access request.
The right to correct inaccurate data
You have the right to have information corrected or completed if it is incomplete. We aim to have complete data on residents, so please make us aware as soon as possible if something is wrong or missing. It is best to contact the specific department.
The right to have your data deleted
You have the right to ask us to erase your data. This is only applicable in certain circumstances - for example if we asked for your consent to process the data. We will make this clear in the privacy notice for each service.
The right to ask us to limit the way we use your data, or to stop entirely
You have right to ask us to restrict the processing of your data. This may apply if:
- data about you is not accurate
- there is no legal reason for us to process the data about you, but you choose not to ask for erasure
When it is restricted it means we can continue to securely store it, but use of it is restricted (with some specific exceptions).
You have the right to object to us processing your data at all, but often if we do this you will no longer be able to receive the related service.
The right to data portability
You have a right to ask for data that you provide us with to be transferred to another service provider. This won’t apply to most council services.
Rights relating to automated decision making and profiling
Sometimes we will need to use automated decision making due to the volume of data we are handling. This is often used to filter out cases that don’t need to be handled by an officer. This means that any decision that will affect you is made by a human.
We will always consider privacy and our residents' rights when we introduce new systems that involve profiling or automated decision making, and we will make our residents aware of projects like this. You have the right to ask for a human to reconsider an automated decision.
Hackney Council is a data controller, registered with the Information Commissioner’s Office.
You can email our Data Protection Officer if you have any queries about your data - email@example.com.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
We use Google Analytics to collect information about how you use this site. We do this to make sure it’s meeting your needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (eg your name or address) so this data cannot be used to identify who you are.
Cookies are small anonymous text files that are placed on your computer by websites that you visit. The Council is committed to only using cookies that are either essential (ie they are required to make something work) or that help us to make your experience of using the web site better.
The following cookies are used on this website:
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Cookies set by third party websites
We sometimes embed video, images or other content from websites such as Vimeo, YouTube, Flickr and Twitter. We may also allow you to share links to content on our site with other websites by the use of 'Share' buttons.
As we have no control over the cookies set by these websites, please look at the relevant third party websites for more information.
Change cookie settings for this website
Most web browsers allow some control of cookies through the browser settings. Find out more about cookies, including how to see what cookies have been set and how to manage and delete them.
- opt out of being tracked by Google Analytics across all websites