General privacy notice

Overview

This privacy notice is designed to tell people about how Hull Virtual Schools/Hull City Council processes personal information. This is a key requirement of the Data Protection Act and the General Data Protection Regulations.

This is our general privacy notice. Specific privacy notices with more details about specific services are available upon request.

Our data protection policy can be accessed under the download section.

Data Controller

A Data Controller is an organisation or an individual who determines the purposes and the manner in which personal data is processed. Processing can be taken to mean ‘doing something’ with data.

Hull City Council is registered as a data controller with the Information Commissioner's Office. Registration number - Z6005621.

As a public authority we are required to have a Data Protection Officer. You may contact them for more information or with any concerns about how your personal information is being used -

Hull City Council
Data Protection Officer
Room 11
The Guildhall
Hull
HU1 2AA

Telephone - 01482 300 300
Email - information@hullcc.gov.uk

Purpose of processing personal information

We deliver services to the public as a public authority. To do this, we often need to collect and use personal information about you. We must always have a lawful condition for processing your personal data and be fair and transparent with you about how we do so.

We need to collect and hold information about you to -

  • contact you, by various methods to provide services
  • deliver public functions, including law enforcement functions such as -
    • licensing
    • collection of council tax and business rates
    • planning enforcement
    • trading standards
  • process financial transactions including -
    • grants
    • payments and benefits involving us
  • manage contractual relationships as an employer, a landlord or where we buy or provide services
  • protect individuals from the risk of harm or injury
  • help us monitor our services and plan improvements and efficiencies
  • prevent and detect fraud, corruption and inappropriate use of public funds
  • make sure we meet our statutory obligations including those related to -
    • equality
    • diversity
    • health and safety
  • allow statistical analysis of data that you cannot be personally identified from so we can target and plan the provision of services

Wherever possible we will be open and transparent with you about how we use your personal data and who it is shared with.

Service or project specific privacy notices

When you use a specific council service, we will usually let you know how that service will use your personal data through a separate privacy notice. These notices will explain in more detail how a service uses your data.

Categories of personal data

We process personal information to deliver functions including but not limited to -

  • adult and children's social care
  • Human Resources
  • planning
  • legal and democratic
  • revenues and benefits
  • customer services
  • housing
  • highways
  • public protection
  • public health
  • research

This includes special categories of information relating to -

  • racial or ethnic origin
  • political opinions
  • religious beliefs
  • philosophical beliefs
  • trade-union membership
  • data concerning health or sex life

Information sharing

To ensure that we provide you with an efficient service, we will sometimes need to share your information between council departments as well as with our partner organisations that support the delivery of the service you may receive. For example -

  • other councils
  • NHS and their contracted providers
  • police
  • fire service
  • HMRC
  • DWP
  • voluntary organisations
  • government departments

We will also need to supply your information to people and organisations we have contracted to provide a service to you.

We will only ever share your information if we are satisfied that our partners or suppliers have sufficient technical and organisational measures in place to protect your information and we have contracts in place.

Before sharing information, we ensure that -

  • Data Protection Impact Assessments are completed as necessary to assess any risks or potential negative effects
  • privacy notices are available to inform you about sharing information, where necessary
  • technical safeguards such as encryption and access controls are in place to keep information secure
  • Information Sharing Agreements are completed, detailing the procedure and expectations of the people involved in the sharing

Details of transfers to third country and safeguards

Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA). We will only transfer your personal information overseas where there is a specific requirement or law to do so, and we will ensure all processing complies with the requirements of the Data Protection Act and the GDPR.

National Fraud Initiative (NFI)

We are also required to participate in the National Fraud Initiative (NFI). This is a data matching exercise organised by the government. Every council in England is required to provide sets of data to the Minister for the Cabinet Office. Data matching exercises are carried out by the government with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. This does not require the consent of the individuals concerned under the General Data Protection Regulation.

Access here to learn more about the government's legal powers and why they data match particular information.

Your rights and retention periods

Your rights

You have certain rights under the General Data Protection Regulations (GDPR), these are the right -

  • to be informed about how we use your personal data via privacy notices like this one
  • to withdraw your consent at any point where we are relying solely on your consent as the legal basis to process your data
  • of access to any personal information, we hold about you. To request a copy of this information you must make a subject access request in writing
  • of rectification - we must correct inaccurate or incomplete data within one month
  • to erasure - you have the right to have your personal data erased and prevent processing unless we have an overriding legal basis or legal requirement
  • object - you can object to your personal data being used for profiling, direct marketing, or research purposes
  • data portability - where you have provided information to us online through a web portal or automated process and we are processing it with your consent or to provide you with a service, you may ask us for a copy of your personal data in a structured, commonly used format

If you want to exercise any of these rights, contact us at -

Information Governance Team
Hull City Council
Alfred Gelder Street
Hull
HU1 2AA

Email - information@hullcc.gov.uk

It may not always be possible to fulfil your request where it is necessary to hold or process information to comply with a legal requirement or we have a legitimate legal basis.

Retention periods

We will only keep your information for as long as necessary. The retention period is either dictated by law or our legitimate requirements. Once your information is no longer needed it will be securely and confidentially destroyed. Service and project specific retention periods can be found in our service and project specific privacy notices.

If you email us, we may store all or part of the details from the email on our computer systems. We do not routinely retain all emails we receive, for storage emails are moved onto specific service area data systems or folders on our IT network.

All calls to our contact centre are recorded. Audio recordings are only used for the purposes stated on our privacy notices and in accordance with the principles of the Data Protection Act. This includes employee training.

CCTV systems are installed in public areas across the city for public safety and the prevention and detection of crime. Signs notifying you that CCTV is in operation are displayed at the boundary and across the city.

Breaches, complaints, comments and compliments

Information security breaches

Should you wish to report an information security breach, contact us either by -

If you are unhappy with how we have handled your complaint about your personal data, you may contact the Information Commissioner's Office.

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone - 08456 30 60 60

Visit The Information Commissioner's Office website