Privacy notices

Contact Centre privacy notice

Croydon council’s Contact Centre is committed to protecting your privacy when you use council services. This privacy notice below explains how Croydon council (as a data controller) collects, uses and protects personal data that we hold.

The council collects and processes your personal data, (including special categories of personal data) in accordance with our obligations under the Data Protection Act 2018 and the GDPR.

We respect your right to privacy and are committed to maintaining it. We only collect information which is necessary to enable us to deliver our services and we store and process your personal information in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679.

Information we collect

We collect a range of information including some or all of the following:

• name (surname, first name and title)
• date of birth
• address (including postcode)
• contact details (telephone number and/or email address)
• correspondence, emails, letters and notes of telephone conversations
• why you are calling the council
• bank account details
• any additional accessibility needs
• information you provide when you voluntarily complete customer surveys and provide feedback, including complaints
• recordings of your telephone calls to us, as calls to our contact centre are recorded for training and monitoring purposes so we can ensure we are delivering a good service

Generally, the information we hold about you will have been provided by you during phone calls, emails via our application or enquiry forms, webchat, twitter or when we communicate with you. We may also hold information provided by other council departments through relevant systems where this is relevant to your enquiry (for example from social workers and health professionals, doctors and occupational therapists).

Who we share information with

We may share information about you to third parties where permitted or required by law to do so for all lawful purposes as specified in this notice:

• other Croydon council teams so they can carry out their statutory roles and support our service (for example Social Services, Complaints, Business Intelligence, Corporate Finance, Legal Services, IT Services, Quality Assurance)
• third party / service delivery partners who deliver these services on our behalf
• Croydon’s multi-agency safeguarding hub (MASH)
• Croydon’s multi-agency risk assessment conference (MARAC) that carries out safety planning for high-risk victims of domestic abuse; it brings together the police, independent domestic violence advisers, children’s social services, health, social landlords and other relevant agencies
• police and fraud prevention agencies
• government departments, for example Department for Work and Pensions, HM Revenue and Customs, Home Office
• your lawyer or representative (if you have instructed one)

Staff in each area will only access the personal information that is essential to carry out their work and statutory functions, but may share data between the respective teams where this is necessary to provide you with services.

All organisations we pass your information to will have an information-sharing agreement with us to ensure they meet the standards of the GDPR and the Data Protection Act 2018, and will be covered by a legal basis allowing them to collect, use and share your personal information.

Call recording

Some calls made to the council may be recorded. Recording contact centre calls allows us to assess customer satisfaction, train and develop staff, review call quality, and have access to a verbal record of what is said in the event of a subsequent complaint. These records are held in line with our corporate retention policy before being erased.

Quality monitoring

Written records only provide partial information. A call recording provides a more rounded view and allows us to better understand the customer experience and assess the processes applied. This can help us identify any improvement areas.

Training and development

Listening to a sample number of calls, allows managers to identify training needs. Sample scenarios are based on the recordings.

Customers who ring the Contact Centre hear the following message:

"Welcome to Croydon council's contact centre, your call may be recorded for training or business purposes. During your call today, the agent may ask for your email address or mobile phone number, this will help us to keep you inform of council services and we may use this information to contact you about new council services. If you wish to opt out of this, please inform the agent you are speaking to."

The lawful basis on which we use this information

The legal bases for processing your personal information are:

• compliance with our legal obligations (Article 6(1)(c) GDPR)
• to perform a function or provide a service required by statute (Article 6(1)(e) GDPR)
• contract for the supply of services (Article 1(b) GDPR)
• with your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR)
• service future planning and improvement
• prevention and detection of crime/fraud

How we process your personal data will determine the legal basis for processing.

Your rights are:

• to be informed - our privacy notice is one of the ways we try and let you know how data is handled
• of accessing your personal information (exceptions apply in certain circumstances
• to update inaccurate data
• to restrict processing of any inaccurate data
• to object to certain processing, such as direct marketing
• to data portability in cases where consent is given or processed by automated means
• to erase data if Croydon council no longer has a lawful basis or legitimate grounds for processing it
• to withdraw your consent when it has previously been given where required
• to complain about data handling

Under GDPR and the Data Protection Act 2018, you have the right to request access to information that we hold about you. To make a request for your personal information, contact the Council’s Information Management Team at SAR@croydon.gov.uk.

How the council protects data

The council takes the security of your data seriously, the council has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties.

Croydon council is your data controller:

If you want any further information please email DPO@croydon.gov.uk or telephone on 020 8726 6000 and ask to speak with the data protection officer or view our corporate privacy statement.