- London Borough of Croydon (LBC) is a data controller registered with the Information Commissioner’s Office. We ensure strict compliance with the Data Protection Act 1998.
- As part of our compliance with the DPA, LBC ensures all data are securely stored within the EU / EEA. However where there will be transfer of data outside of the EU / EEA, LBC will adhere to strict security protocols and regulations to protect data to ensure compliance with the 8th data protection principle and in line with relevant guidance from the ICO.
- LBC will require the customer’s consent in order for the customer to use MyAccount. Confirmation of the customer’s consent will be provided by email as part of the account registration process. Consent, once confirmed (explicitly) is applicable for the current financial year and will be reapplied on an annual basis. Customers will have the option to withdraw consent and opt out. There will be annual email requesting confirmation from the user that they are still a borough resident, that the data held is correct and that their account is still required.
- In line with the data protection principles, data will only be retained and used for as long as is necessary. Where data is no longer required, they will be destroyed in line with relevant destruction policies and processes.
- LBC will take all reasonable measures to ensure that any data provided will be protected against loss, misuse or hijack.
- By agreeing to register and request a service using My Account, this is considered as consent and forms a legally binding agreement between the customer and LBC.
- Customers agree that LBC will be able to use electronic channels as the primary means of communicating with customers and in this case will fulfil any statutory obligations for communication.
- Customers agree to LBC periodically contacting them to update about services being provided and to also verify information provided and to ensure that this information remains up to date.
Data Protection Act
What is Personal Data?
Under the Data Protection Act 1998, Personal Data is defined as data that relates to a living individual who can be identified:
- from those data, or
- from those data and other information which is in the possession of, or likely to come into the possession of, the data controller.
This includes any expression of opinion about the individual, and any indication of the intentions of the data controller or any other person in respect of the individual. (Section 1(1)).
Personal data will therefore cover basic details such as name, address, telephone number, and date of birth.
Sensitive Personal Data
Certain data are classified under the Act as 'sensitive personal data', for example:
- racial or ethnic origin
- religious or other beliefs of a similar nature
- physical or mental health or condition
- sexual life
- offences (including alleged offences).
Consent may be required to process your personal data but must be provided before your sensitive personal data can be processed.
The 8 Principles
Personal data MUST be:
- fairly and lawfully processed;
- held and processed for limited and specifically registered purposes;
- adequate, relevant and not excessive;
- kept accurate and up to date;
- kept for no longer than is necessary;
- processed in line with data subject’s access rights;
- kept secure against unauthorised access, loss, disclosure or destruction; and
- made available only to countries with adequate data protection measures.
Why does the Council need to collect and store personal data?
For some of our services, we need to collect personal data so we can get in touch, or provide the service, for example, we can't collect your rubbish if we don't know your address. We always try to make sure the information we collect is correct and isn't an invasion of your privacy.
We may pass your personal data onto the people who provide the service. These providers are obliged to keep your details securely, and use them only to fulfil your request. Once your request has been dealt with or the case has been closed, we will ensure your data is securely disposed of. If we wish to pass your sensitive personal data onto a third party, we will only do so once we have obtained your consent, unless we are legally required to do so.
How the Council uses your information
The Council will process (that means collect, store and use) the information you provide in a manner that is compliant with the Data Protection Act. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept, but in most cases the Council will use its discretion to ensure that we do not keep records outside of our normal business requirements - i.e. providing a service to you.
Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it. Our privacy statement sets out our commitment to you when you access our services via the Internet.
Croydon City Council will endeavor to safeguard the privacy of its website visitors. The following information explains the website data processing practice.
What information do we collect?
We will collect personal details appropriate to the service you require. In some areas, this may simply mean registering your name, address and email details. Other on-line forms will require more information.
What do we use personal information for?
There are various reasons that we need to collect personal data. For example, we may need your contact details for correspondence purposes. Similarly, we may need information because of legal requirements. Subject to your agreement, we may contact you to let you know about new online services, or get your feedback on how we're performing. In any event, we will only ever ask for information that is absolutely necessary and does not constitute an invasion of privacy.
We're in the process of transforming our services in line with the Council's vision. This is part of our commitment to improve the quality of people's experience when they contact us.
We all get frustrated on occasion when we have to repeat the same basic information over and over again. Because of this, we're focusing on making it easy for people to do business with us, whenever and however they choose, all through a single contact record, which should remember the relevant information.
Please note that in agreeing to share these details you have not forfeited your rights as prescribed under the Data Protection Act 1998 and the LBC will continue to apply the same level of care to safeguard your privacy as we always have done.
We are keen to ensure that we are providing our citizens with services that they need. Consequently customers have the opportunity to opt-in to receiving occasional e-mail messages from LBC on matters that we consider may be of interest to you relating to services we provide.
Information to improve our site
We collect web statistics automatically about your visit to our site based on cookies and your IP address. This information is used to help us track what people are doing on the site so that we can improve it. We don't use this information to identify you as an individual and you will remain anonymous, unless you're asked to identify yourself by completing a form or an online transaction.
Cookies - further information
Some independent information about cookies is available here:
Access to Information - Data Protection and you
Under the Data Protection Act 1998, you can make a formal request for the following information
- clarification that your personal data is being processed by the Council
- a description and copy of such personal data
- the reasons why such data is being processed
- details of to whom they are or may be disclosed.
Personal data to be collected
The personal data that will be collected will be the core data (define what this is, i.e. the minimum required to open a MyAccount), and additionally the information required to provide the service that is being requested.
The definition of ‘Sensitive Personal Data’
Some services, in the event that they are requested from the council, may request sensitive personal data. In the event that a service is requested that requires this information, the following defines, under the Data Protection Act 1998, what information is Sensitive Personal Data:
- racial or ethnic origin
- political opinions or persuasion
- religious beliefs or other beliefs of a similar nature
- trade union membership or affiliation
- physical or mental health or condition
- sexual life
- commissioned or alleged commission of offences
- Any proceedings for any offence, committed or alleged, including any sentencing decisions made by the Court.
As a Council, we have a duty of care to our citizens. This includes ensuring that we are delivering the services which meet both individual and community needs. In order to monitor our performance, we may ask questions that include information which the law defines as sensitive.
When processing your information we will always take into consideration the level of sensitivity attached to it and process it legally and fairly, whilst taking every precaution to protect your privacy. Whatever the circumstances, you will always have an opportunity to seek clarification, rectify inaccuracies, and if necessary withdraw consent.