Dorset County Council Privacy Notice
We are committed to keeping the personal information we hold on you accurate and up to date.
This privacy notice explains how we use your personal information and how we protect your privacy.
We will not keep your information longer than we need to.
This notice applies to all personal data collected for or on behalf of the county council whether it is collected from letters, emails, face to face meetings, telephone conversations, pre-printed forms or online via our website.
In addition to this, there are other detailed privacy notices which are specific to services you may be receiving. These provide more information about why we may have to share your information and who we might need to share it with.
Our Data Protection Officer (DPO) makes sure we protect your information; that we respect your rights and follow the law. If you have any concerns or questions about how we take care of your personal information please contact the DPO by email at firstname.lastname@example.org phone 01305 225175.
Your Personal Information
What is Personal Information?
Personal information can be anything that identifies and relates to a living person. This can include information which, when put together with other information, can then identify an individual. For example, this could be your name and contact details.
‘Special Category’ Personal Information
Some information is regarded as ‘special’ and requires additional protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- sexuality and sexual health
- religious or philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic / biometric data
Why do we need your personal information?
We may need to use some information about you to:
- provide services and support for you;
- help with research and planning of new services.
- manage the services we provide for you;
- make sure our staff have sufficient knowledge and skills to provide services appropriate to your needs;
- help investigate any concerns or issues you may have about your services;
- help us keep track of how much we spend on services overall;
- maintain and improve the quality of services; and to
How we use your personal information
We collect and process your personal information so we can provide the services we are legally obliged to, and other services that you may need.
When we collect your information, we will let you know why we need it.
We have additional privacy notices for specific services that explain the legal basis upon which your personal information is collected, stored and used. The additional privacy notices also explain your rights in relation to how we may process your information.
In general, we will collect and use your information in cases where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- it is necessary to provide health or social care services
- you have made your information publicly available
- it is necessary for legal cases
- it is for the benefit of society as a whole
- it is necessary to safeguard public health
- it is necessary for archiving, research, or statistical purposes
We may use your personal information as part of our effort to identify people who may require additional help or support during emergencies or major incidents e.g. emergency evacuation.
For some services such as education, social care, the protection of vulnerable children and adults, public health and wellbeing we may need to collect, use and share sensitive ‘special category’ personal data.
Each service has specific privacy notices about the information they are required to collect. You may not want us to collect or share your personal information and you may have the right to set conditions on how we can use what we collect. However, you do need to be aware that if this is the case then we may not be able to provide you with a service you may need or may only be able to provide it in a limited way.
There are occasions when we have a statutory or legal obligation to collect or use personal information. In those cases, we may not be able to agree to your request to limit the collection, sharing or the use of your information.
We may use ethnic, gender, sexual orientation and age information (known as ‘equalities’ data) to compile statistics to comply with equality legislation and assist in planning and service provision. Such data will not identify individuals (it will be anonymised) nor will it affect your entitlement to services.
If we have asked for and received your explicit consent to use your personal information, you have the right to withdraw this consent at any time. If you want to withdraw your consent, please contact email@example.com and let us know which service you are using so we can handle your request.
Collecting only what we need
Wherever possible, we will only collect the information we need to provide a specific service or meet a specific requirement. If your information is needed for statistical purposes we will protect your identity and remove all information of a personal or sensitive nature.
We will not sell your information to a third party.
Who do we share your information with?
We work with a number of organisations to help provide services for you and for the wider community. We have agreements in place such as the Dorset Information Sharing Charter (DISC) to make sure these organisations comply with Data Protection legislation. Where we introduce new services or service partners we will perform a Privacy Impact Assessment (PIA) to make sure we protect your information and comply with the law.
On some occasions, we have a legal duty to provide personal information to other organisations. This may be because we need to give that data to the courts, including:
- if we take a child into care;
- if a court orders us to provide the information; and
- if someone is taken into care under mental health legislation
On rare occasions we may also share your personal information where we believe there is an overriding reason to do so. For example, we may share your information:
- to help identify and prevent criminal or fraudulent activity
- if we believe there are serious risks to the public, our staff or other professionals;
- to protect a vulnerable adult or a child;
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
In each of these situations the risk must be deemed serious before we can override your right to privacy.
If we are concerned about your physical safety, or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation first.
We may still share your information if we believe the risk is serious enough to do so.
There may also be rare occasions when the risk is so great that we need to share information immediately. If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why, if we believe it is appropriate and safe to do so.
We do not disclose or share personal data without your explicit consent except in a small number of situations where disclosure is allowed by law, or where we have good reason to believe that failing to do so would put you or someone else at risk.
Sharing Information with Third Parties
The information we collect may be shared with other council providers of services. This includes other health and social care organisations involved with your care and other organisations as appropriate, such as central government departments. We may also share your information with the Police and educational establishments.
We will only share your personal information when we have your explicit consent to do so or are permitted to, or required to, by law.
We will not pass personal data to other organisations for marketing purposes without your explicit consent.
Your personal information may be stored and used by an external company providing services for you on our behalf. However, in these circumstances use of and access to your information will be strictly controlled and will have the same security conditions in place as if it were being processed by us.
How we use information from emails
Emails that we send to you or you send to us may be kept as a record of contact. We may also store your email address to use for services or transactions between us. Information will only be held for a certain length of time in accordance with our information and data retention policies.
How we use information from phone calls
If you phone us we may record some conversations. This will help with staff training; maintain records of conversations and help with the detection, investigation and prevention of crime.
How do we protect your information?
We store, use and manage your data and information whether on paper or electronically, in a secure way. Only those with the authority or appropriate job role will have the ability to see them.
Examples of our Information and Communications Technology (ICT) security programmes include:
- Information is disguised and locked (encrypted) so that it cannot be accessed or read without a special ‘key’ (such as a password or passphrase).
- We will replace information that can identify you with different names or details so that any data of a personal nature can’t be linked to you. This means that any third party using this data could never associate it with any living individual. This process is used typically to make sure systems that manage personal data may be tested without running the risk of disclosing information associated with a living individual
- All information and data that might identify an individual is deleted from datasets so that you remain anonymous. This is usually when information and data are used for statistical purposes.
- We will control access to systems and networks to make sure only those with the correct authority can view personal or sensitive data.
- Our staff will have annual and ongoing information security training. This will cover how to handle information and how and when to report incidents promptly if something goes wrong.
- We will consistently monitor our systems and information security toolkits to make certain we employ the latest software versions and security updates.
- We will work to achieve annual compliance with national government ICT security compliance regimes
- We will conduct annual ICT security health check assessments with a third party to check for vulnerabilities
- We will conduct annual ICT testing to ensure we can access and recover data following a major incident
Your rights under the EU General Data Protection Regulation (GDPR)
With the implementation of GDPR alongside the Data Protection Act you have a number of rights:
- The right to view your data – you can access your personal data free of charge.
- The right to be informed – organisations should tell you what they will be doing with your data and why.
- The right to be forgotten – you can ask for your data to be deleted. Be aware, this is not always possible, depending on the reason the organisation has the data.
- The right to move your data – you can obtain and reuse your personal data with other services and providers.
- The right to say no – you can stop direct marketing and data processing when there’s no ‘compelling reason’ to do it.
- The right to limit how your data is used – you can block and put restrictions on how your data is used.
- The right to make changes to your data – you can update any data about you that’s out of date or false.
- The right to human-made decision making – you can stop automated decisions being made about you.
What are 'cookies'?
Our website - dorsetforyou.gov.uk - uses three types of cookie:
- Accessibility cookies
- Anonymous analytics cookies
- System cookies
The accessibility cookies remember the settings you selected, such as the text size. If you have sight problems the text resizer allows you to increase or decrease the font size – the cookie enables us to remember this setting.
Anonymous analytics cookies
Analytics cookies help us to collect anonymous information about the way you use the site. They help us track which information is being viewed most frequently. The cookies cannot be used to identify individuals; they are used for statistical purposes only. Information collected during your visit includes:
- the number of times you’ve visited our website before
- when you arrived or left our website
- your geographic location
- the search engine you may have used to reach the website
- any website links you click on
System cookies are used by the software that runs the website. These system cookies do not contain any personal information and are required to run the site.
How do I turn cookies off?
You can stop your browser accepting cookies, or stop it accepting cookies from a particular website by changing the settings in your internet browser.
Please be aware that if cookies are blocked we may be unable to provide information or specific services that rely on cookies.
Where to find further advice about privacy and your information
If you have any queries or concerns about how your personal information or data is managed or processed by Dorset County Council, please contact the Data Protection Officer.
For independent advice about data protection, privacy and data sharing issues, please contact
The Information Commissioner's Office (ICO).