London Borough of Croydon

Coronavirus Pandemic (COVID-19) Response Privacy Notice

This privacy notice explains how Croydon Council (as a Data Controller) will collect, use and protect personal data specifically with regard to the coronavirus pandemic.

 

During the Coronavirus Pandemic, the Council’s priority is to provide essential services and protect our most vulnerable residents.

The Council has had to review how some services are provided and also revise how it uses resident’s personal data to provide additional support to those residents who are particularly vulnerable. This has required additional information to be shared with the Council by the National Health Service (NHS) and it is likely to require additional sharing of information by the Council with the NHS and other organisations.

The Council may already hold data about you, and normally we would seek to inform you that the data that you had provided would be used for a different purpose.

Unfortunately as a result of current situation this may not always prove possible.  Additionally, the Council may ask you for more information, where it is necessary to ensure your safety and well-being.  We will, however, ensure that this is limited to what is proportionate and necessary to safeguard those most vulnerable.

The use of this information is subject to national guidance issued by the Department for Health and Social Care and the Ministry of Housing, Communities and Local Government.

During this time the Council will continue to balance the right of an individual to privacy against necessary use of the information to be used to provide vital services and protect residents and businesses.
 

Who the Council will share data with:

Where the Council has identified a need to provide support, internally or externally, with local health organisations such as:

  • NHS;
  • Croydon Clinical Commissioning Group (CCG);
  • Public Health England;
  • Local General Practitioners; and

Other local services such as food banks or local support groups including (but not exclusively):

  • Age UK Croydon;
  • Croydon Voluntary Action;
  • Croydon General Practitioner Collaborative;
  • Croydon Health Services NHS Trust; and
  • South London and Maudsley Mental Health NHS Foundation Trust.

Within the Council the Data will be shared internally, for example with the following services:

  • Gateway Services,
  • Adult Social Care;
  • Children’s services
  • Housing Assessments and Solutions; and
  • Libraries
  • Commissioning and Procurement
  • Public Health

The data that is shared is managed by the Council, and will include some or all of the following information (proportionate to the reason for use, e.g. provision of an emergency food box and welfare checks):

  • Name and contact information;
  • Address;
  • DoB/Age;
  • Category (shielded etc);
  • Health / welfare concerns (i.e. summary of their possible or confirmed needs, illnesses and/or disabilities);
  • Details of Services they have been offered and/or provided; and
  • NHS number.

 

This information will be used to identify and support vulnerable residents, and those individuals who are identified from this dataset, could be offered a range of services which would include but not exclusively:

  • provision of emergency essentials packages and welfare checks;
  • referral to  Age UK and/or Croydon Voluntary Service for support and  signposting of other services;
  • referral to other Council services
  • referral to services provided by the NHS and/or CCG.

The Lawful Basis for Processing Personal Data

The Council will process this information in line with pre-existing guidelines by Information Commissioner, the Government and other regulatory organisations.  The Government and NHS have also issued guidelines to take into account the processing of data in as a results of the Pandemic.

The General Data Protection Regulations require specific conditions to be met to ensure that the processing of personal data is lawful, these are:

  • processing is necessary for compliance with a legal obligation (Article 6(1) (c));
     
  • processing is necessary in order to protect the vital interests of the data subject or another natural person (Article 6(1) (d));
     
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Article 6(1) (e))

There are also additional conditions controlling the use of Special Category which includes data concerning health and related information:

  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (Article 9 (2) (b) );
     
  • processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent (Article 9 (2) (c));
     
  • processing is necessary for reasons of substantial public interest (Article 9 (2) (g) );
     
  • processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care treatment or the management of health and social care systems and service (Article 9 (2) (h));
  • processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health (Article 9(2) (i) )

The legislation, policies and guidance that relate to this service include, but are not limited to:

Coronavirus Act 2020 which is emergency legislation in response to the exceptional circumstances that have arisen. This Act provides the Government and Local Authorities with new powers whilst also modifying other duties to ensure the public sector can respond to the current crisis.

The Civil Contingencies Act 2004 and (contingency planning) Regulations 2005 Allows the local authorities continue to exercise its functions in the event of an emergency.

The Local Government Act 2000 - give powers to local authorities to promote economic, social and environmental well-being.

Care Act 2014 - legal framework for local authorities support an individual’s ‘wellbeing’.


How we store your information

We will only keep your information for as long as it necessary. We will consider Government guidance and the on-going risk presented by the Pandemic.

The Council will retain the information detailed within this Privacy Notice will be kept for the duration Pandemic. It is also possible that data will be kept for longer to ensure the continuity of service provision.

The Council will also retain anonymised data for reporting and research, you will not be able to be identified from this information.

When the information is no longer needed for this purpose it will be securely disposed of. Your personal data will only be kept for as long as necessary.

 

Changes to this Privacy Notice

We will keep this privacy notice under regular review and if we make any changes, we will publish the updated version on our website.

 

How to Contact Us

We can be contacted at Croydon Council, Bernard Weatherhill House, 8 Mint Walk, Croydon, CR0 1EA. Telephone 020 8726 6000

The Council’s Information Management Team can assist you with any questions you may have regarding the processing of your information and the rights you have to access that information.

If you have any concerns please telephone 020 8726 6000 and ask to speak to a member of the Information Management Team or exercise your rights by contacting information.management@croydon.gov.uk

 

You can ask to access the information we hold about you

This applies to your personal information that is in both paper and electronic records. You can ask for your records by contacting the Information Management team at the Council at SAR@croydon.gov.uk

 

Data Protection Officer

We have a Data Protection Officer (DPO) who is responsible for informing and advising the Council on its data protection obligations and monitoring the Council’s internal compliance together with acting as a single point of contact for you and the ICO.

If you wish to contact the Data Protection Officer, Sandra Herbert, please email DPO@croydon.gov.uk or telephone on 0208 726 6000 and ask to speak with the Data Protection Officer.

Where can I get independent advice?

For independent advice about data protection you can contact the Information Commissioner’s Office at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5A

 

 

 

Date of issue - 7 May 2020