London Borough of Croydon

The council collects and processes your personal data, (including special categories of personal data) in accordance with our obligations under the Data Protection Act 2018 and the GDPR.

We respect your right to privacy and are committed to maintaining it. We only collect information which is necessary to enable us to deliver our services and we store and process your personal information in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679.

Information collected for Access Croydon

  • name (surname, first name and title)
  • date of birth
  • address (including postcode)
  • contact details (telephone number)
  • why you are visiting the council
  • any additional needs
  • CCTV images

In exceptional circumstances we may be required to share the information with

  • other council departments
  • Department of Work and Pensions (DWP)
  • police
  • National Health Service (NHS)

Purpose and lawful basis for processing

  • service delivery
  • service future planning and improvement
  • prevention and detection of crime/fraud

Depending on how we are processing your personal data will determine the legal basis for processing.

  1. 1. to perform a function or provide a service required by statute (Article 6(1)(e) GDPR)
  2. to comply with a legal obligation (Article 6(1)(c) GDPR)
  3. where the processing is necessary for the performance of a contract (Article 1(b) GDPR)
  4. with your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR)

Your rights are:

  • to be informed; our privacy notice is one of the ways we try and let you know how data is handled
  • of accessing your personal information (exceptions apply in certain circumstances
  • to update inaccurate data
  • to restrict processing of any inaccurate data
  • to object to certain processing such as direct marketing
  • to data portability in cases where consent is given or processed by automated means
  • to erase data if Croydon council no longer has a lawful basis or legitimate grounds for processing it
  • to withdraw your consent when it has previously been given where required
  • to complain about data handling

How the council protects data

The council takes the security of your data seriously, the council has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties.

Croydon council is your data controller: If you want any further information, email DPO@croydon.gov.uk or telephone 020 8726 6000 and ask to speak with the Data Protection Officer or view our corporate privacy statement.