Personal Data

This page explains what personal data is and how it identifies individuals in different ways. It also outlines the types of information covered, including sensitive data, and how such data is recognised under current data protection laws.

What is personal data?

Personal data means any information relating to a person who could be directly or indirectly identified by that information. The legislation reflects changes in technology and the way organisations collect information about people.

This definition provides for a wide range of ways that a person may be identified by their data. This includes their name, identification number, location data or an online identifier. 

Some information is considered to be ‘Special Category’ information and needs more protection because of its sensitivity. This includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data and data relating to sex life or sexual orientation.

What level of personal data is used?

We collect, hold and use personal data to allow us to provide services on behalf of the citizens of Colchester. These services include planning, recycling and waste, Council Tax and benefits, elections and voting, parking and travel, housing, business rates, licensing and environmental health & leisure activities.

Why we use personal information

We will use your personal data for a limited number of purposes, and at all times within the requirements of data protection legislation.

Examples of where we process your personal data include:

  • To allow us to communicate with you and provide services appropriate to your needs.
  • To ensure that we meet our legal requirements, including obligations imposed under the Race Relations Act and Health and Safety Acts.
  • Where necessary for our law enforcement functions where we are legally obliged to do so, such as licensing, planning enforcement, trading standards, food safety.
  • Where the processing is necessary to comply with our legal obligations, for example, the prevention and detection of crime.
  • To process financial transactions including grants, payments and benefits involving Colchester City Council, or where we are acting on behalf of other government bodies, for example. the Department for Works and Pensions.
  • Where you have consented to the processing.
  • Where necessary to protect individuals from harm or injury.
  • After it has been anonymised, to allow the statistical analysis of data to help us analyse and improve our services.
  • To deliver services and support to you, to manage those services, to monitor the quality of services provided and to plan new and updated services.
  • To train staff.
  • Where we need to investigate any worries or complaints you have about our services.
  • To maintain our accounts and records.
How data protection legislation allows us to use your personal information

We collect and use personal information where:

  • it is necessary to perform our statutory duties
  • you have entered into a contract with us
  • you, or your legal representative, have given consent
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for employment purposes
  • you have made your information publicly available
  • it is necessary for legal cases
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes

In some situations, you will have provided us with consent to use your personal information. In these circumstances you have the right to amend or withdraw your consent at any time. If you want to remove your consent, contact DPO@colchester.gov.uk and tell us which service you are using so we can respond to you.

What personal information do we process?

We process information which may include:

  • personal details
  • family details
  • lifestyle and social circumstances
  • goods and services
  • financial details
  • employment and education details
  • details of complaints, incidents and grievances
  • visual images, personal appearance and behaviour
  • responses to surveys

We also process special category personal information that may include:

  • physical or mental health details
  • racial or ethnic origin
  • religious or other beliefs
  • political opinions, sexual life
  • trade union membership
  • offences (including alleged offences)
  • criminal and legal proceedings, outcomes and sentences
How do we keep information secure?

We will take appropriate steps to make sure we hold records about you (on paper and electronically) securely.

Our security controls include:

  • encryption
  • access controls on systems
  • security training for all staff

See our data protection and information security policies:

Data Protection Policy
Information Security Policy

Securing your information

We take the confidentiality of personal information very seriously and use recognised security and access controls to protect your information from unauthorised access, loss, misuse, alteration or corruption. We have procedures and processes in place to ensure that your personal information is managed appropriately.

Your information may be held outside of the UK. Where this is the case, we ensure that additional measures are in place to protect your data and to ensure that we continue to comply with data protection legislation.

We use cloud providers and online application providers to help us deliver services. Therefore, the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK or where we have put in place additional safeguards to protect your data.

How long we keep your personal information

We will only store your personal information for as long as is necessary.

Records will be kept in line with our retention policy.

Who will we share your personal information with?

We use several commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements, we ensure that there is a contract or data sharing agreement in place to ensure that the requirements of data protection legislation are met.

Privacy Impact Assessments (PIAs) will be conducted before personal information is shared in order to assess and mitigate privacy risks.

We do not sell personal information to any other organisation for direct marketing.

Sometimes we have a legal duty to give information about people. This is often because we must give that information to courts.

We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality.

We may share your information:

  • for the detection and prevention of crime and fraudulent activity
  • if there are serious risks to the public, our staff or to other professionals
  • to protect a child
  • to protect adults who are thought to be at risk

When we are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation. We may still share your information if we believe the risk to others or yourself is serious enough to do so.

Data matching may be used to help us respond to emergencies or major accidents. In conjunction with the emergency services, we may identify individuals who need additional support during the event, for example, an emergency evacuation.

Specific services might share your personal information with 3rd parties, please see our service specific privacy notices for more information.


Customer record

If you call our Contact and Support team, our staff can search various systems to find out about some of the previous contact you have had with us. Access to this is restricted and staff are required to operate within the guidelines set out in our Data Protection Policy.

Telephone calls

Calls made direct to, or from, our Contact and Support team are recorded and kept for 6 months from the date of the call. If the call is transferred to a member of staff outside the Contact and Support team, the recording stops. Calls may be recorded if telephoning directly to other service teams on alternative numbers.

Newsletter subscriptions

If you subscribe to a newsletter on our websites or at any events run by us, we will not pass your details onto any third parties. They will be stored confidentially in line with data protection legislation. To provide this service to you, we will need to collect and store your email address. You can unsubscribe at any time by clicking on the Unsubscribe link at the bottom of any of our newsletters.

Surveillance

In some circumstances we use cameras to capture static or moving imagery via CCTV or surveillance system such as Body Worn Cameras (BWCs).

We are committed to protecting your personal information, as well as your safety and security as you access services and visit public buildings across the City. See the surveillance privacy notice for more information.