Primary Privacy Notice
Trafford Council is committed to ensuring that we are transparent about the ways in which we use your personal information and that we have the right controls in place to ensure it is used responsibly and is kept safe from inappropriate access, theft or misuse.
We provide a broad range of services as well undertaking regulatory and administrative activities. These include the provision of education, child protection and care services (supporting early years, vulnerable adults and the elderly), the collection of taxes, administration of local welfare benefits and grants as well as our regulatory, enforcement and licensing activities.
This notice explains how we use your personal information and tells you about your privacy rights and how the law protects you.
What is personal information?Back to top
Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example, this could be your name and contact details.
The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This information consists of:
- Racial or ethnic origin
- Sexuality and sexual life
- Religious or philosophical beliefs
- Trade union membership
- Political opinions
- Genetic and bio-metric data
- Physical or mental health
- Criminal convictions and offences
PurposesBack to top
Your personal information may be collected and used for one or more of the Council’s services, regulatory functions and/or administrative activities depending on your relationship with the Council and nature of your contact with us.
Generally, we may need to use some information about you:
- in delivering services and support by ensuring other statutory or voluntary agencies with whom the council is working, are able to deliver ‘joined up’ services to you
- in planning future services;
- collecting taxes, administering grants and welfare benefits
- for managing and checking the quality of our services;
- keeping track of spending on services;
- if you apply for a job or become employed by us;
- for ensuring the health and safety of our staff
- to help investigate any concerns or complaints you have about our services and for answering enquiries under access legislation;
- in carrying out our regulatory activities, such as enforcement, planning, safeguarding, licencing etc.;
- to improve the general experience of our customers and of visitors to our websites
- for managing any one line transactions you may elect to make and/or marketing choices or preferences you may have expressed
- in the event of civil disasters and/or emergencies
- for archiving, research, or statistical purposes (including research and evaluation undertaken by the Council or in combination with neighbouring authorities to inform future service planning where the use of fully anonymised information would frustrate the purpose of the research)
Legal basis for processingBack to top
Generally we collect personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is required by law (such as where this is mandated by statute or under a court order)
- it is necessary to perform statutory functions (including law enforcement functions)
- it is necessary for employment related purposes
- it is necessary to deliver health or social care services
- it is necessary to protect you or others from harm (e.g.in an emergency or civil disaster)
- it is necessary to protect public health
- it is necessary for exercising or defending legal rights
- you have made your information publicly available
- it is necessary for archiving, research, or statistical purposes
- it is necessary in the substantial public interest for wider societal benefits and is authorised by law
- it is necessary for fraud prevention and the protection of public funds
- when it is in our legitimate interests (or those of a third party) provided your interests and fundamental rights do not override those interests
Your personal information may also be shared with other organisations, such as those who assist us in providing services and those who perform technical operations such as data storage and hosting on our behalf.
These practical arrangements and the laws governing the sharing and disclosure of personal information often differ from one service to another.
For this reason, each of our key service areas provide additional information about how we collect and use your information. These notices explain:
- why we need your information
- who else we obtain or receive it from
- the legal basis for collection and the choices you have
- who we share it with and why
- whether decisions which legally affect you are made solely using machine based technologies
- how long we keep your information
- how to exercise your rights
View service specific privacy notices.
Data transfers beyond EEABack to top
We will only send your data outside the European Economic Area (‘EEA’):
- with your consent, or
- to comply with a lawful and legitimate request, or
- if we use service providers or contractors in non EEA countries.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
- Transfer it to a non EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. More information is available on the European Commission Justice website.
- Transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about the Privacy Shield on the European Commission Justice website.
If we propose to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.
Automated decisionsBack to top
If we make a decision which legally affects you by using a computerised system or programme that does not involve a human being, our service specific privacy notices will explain this. Our Guide to exercising your rights outlines the procedure to ask us for an automated decision to be reviewed by an appropriate officer.
Data retention/criteria Back to top
We will only keep your personal information for as long as the law specifies or where the law does not specify this, for the length of time determined by our business requirements.
Our retention schedule outlines how long we retain certain types of information and this is detailed in our service specific privacy notices.
How we keep your information safeBack to top
We are committed to ensuring your personal information is safe and protected from accidental loss or alteration, inappropriate access, misuse or theft.
As well as technical, physical and organisational controls, we recognise that a well-trained, informed and security alert workforce minimises privacy risks from human error and/or threats from malicious actors.
We require our service providers to implement appropriate industry standard security measures and only permit them to process your personal information for specified purposes in accordance with our contractual instructions.
Rights of individualsBack to top
You may exercise the rights listed below in relation to the council’s use of your personal information.
Some rights are absolute and others are not.
To find out more about how these rights apply in particular circumstances, please refer to our Guide to exercising your rights or alternatively visit the Information Commissioner’s website.
To exercise these rights, please contact the Council’s Data Protection Officer (DPO).
You may request a copy of the personal information we hold about you.
Rectification and erasure
You may request that we rectify or delete any of your personal information if you consider it is incomplete, factually incorrect, processed unlawfully or, is unnecessary or no longer needed.
Review of automated decision making
Where we use only an automated system or programme that does not involve a human being, you have the right to request that a decision which legally affects you is reviewed by an appropriate officer.
You may object, at any time, to your personal information being processed.
This applies to processing:
- carried out in performance of our statutory functions or in the public interest, including ‘profiling’ [whether or not profiling is partly or fully automated];
- for direct marketing purposes
Restriction of processing
You may request restriction of processing (quarantining) of your personal information for certain reasons, such as, for example:
- if you have objected to the processing or asked us for erasure and we need time to consider your request and let you know our decision
- you require us to retain your information for the establishment, exercise or defence of your own legal rights
In defined circumstances [either where the processing relies on your consent or arises out of a legal contract], you may request we supply a copy of personal information that you have provided to us in a portable and machine readable format.
Right to withdraw consent
Where the legal reason for processing your personal information is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of our processing prior to the withdrawal of your consent.
If you wish to exercise your rights (as outlined above) or to raise a concern about the handling of your personal information by the council, please contact our Data Protection Officer (DPO).
Whether you are exercising your rights or raising a concern, you will normally need to include documents that prove your identity as well as a clear and precise description of your request/concern.
We will process requests in accordance within the legislative framework and the statutory time scales and inform you should an extension of time be necessary.
More information about how to exercise your rights is available on our Data Protection page.
Complaints (ICO)Back to top
If you are not satisfied with the way we have answered a request from you or handled your personal information, you have the right to make a complaint to the Information Commissioner at the ICO.
This right is not dependant on you raising a complaint with us first but we would encourage you to contact our DPO so we can consider your concerns as quickly as possible.
CookiesBack to top
Trafford Council use something called cookies. ‘Cookies’ are pieces of information that are created when you visit any website, and they are stored on your computer. Cookies enhance your experience of our website and enable you to personalise the service you receive.
Cookies do not contain any personal information about you, and they cannot be used to identify an individual user.
Service Level Privacy NoticesBack to top
Level 2 National Fraud Initiative Privacy NoticeBack to top
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
National Data Opt-outBack to top
The National Data Opt-out is a service that enables the public to register to opt out of their confidential NHS patient information being used for purposes beyond their individual care and treatment. It was introduced for the health and social care system in England on 25 May 2018. The public can change their national data opt-out choice at any time.
It is to give the public a choice about whether their confidential NHS patient information is shared for research and planning.
Who needs to comply with national data opt-out policy
The national data opt-out applies to data for patients/clients where their care is provided in England by a publicly funded organisation or the care has been arranged by a public body such as the NHS or a Local Authority, it does not apply to data related to private patients/clients at private providers.
In summary the national data opt-out applies to:
• all NHS organisations (including private patients treated within such organisations)
• all Local Authorities providing publicly funded care
• adult social care providers where the care provided is funded or arranged by a public body
• private or charitable healthcare providers providing NHS funded treatment or arranged care
Trafford Council have procedures in place to assess future uses or disclosures against the national data opt-out operational policy guidance and are ready to implement it if needed for future data uses or disclosures.