Privacy Notices - Hackney Carriage and Private Hire Privacy Notice

Introduction

You need to be aware of this Privacy Notice if you are making an application for a Hackney Carriage and Private Hire Drivers Licence, if you are a Hackney Carriage and Private Hire Vehicle Proprietor or are a holder of a Private Hire Operator Licence.

What is a Privacy Notice?

A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.

Who is collecting and using your personal data?

Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)

To find out more about Swindon Borough Council’s data protection policies, contact our Data Protection Officer. dataprotection@swindon.gov.uk or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire, SN1 2JH.

Please note that not providing your personal data may lead to you being unable to utilise services provided by Regulatory Services.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

What personal data do we collect?

Swindon Borough Council collects a range of data about you during the application process for a licence. So we can determine whether or not you are a ‘fit and proper person’ to be the holder of a licence associated with the hackney carriage and private hire trade, we will only collect the personal data from you that we need in order to prove that you comply with the pre-licensing and licensing conditions.

This includes:

  • your name, address and contact details, as well as email address and telephone number
  • criminal conviction information and complete history (the Rehabilitation of Offenders Act 1974 does not apply to the taxi trade, and no conviction is therefore ever considered spent)
  • medical information
  • driver licence information and history
  • proof of your right to work and reside in the United Kingdom

All the above information is collected in relation to an application for a driver’s licence. A lesser amount of personal information is required prior to the grant of a vehicle or operator licence.

We collect this data in a variety of ways. For example, data might be contained in application forms, CVs, your passport or other identity documents, or collected through interviews or other forms of assessment.

Personal data will be stored in a range of different places, including on your application record, your job account within HR systems and on other IT systems (including email). Any paper-based documentation can be scanned and uploaded onto your application record.

How do we process your personal data?

Swindon Borough Council complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Why do we need your personal information?

We may need to use some information about you:

  • to deliver services and support to you
  • to manage those services we provide to you
  • to train and manage the employment of our workers who deliver those services
  • to help investigate any worries or complaints you have about your services
  • to keep track of spending on services
  • to check the quality of services
  • to help with research and planning of new services
How the law allows us to use your information?

There are a number of legal, legitimate or lawful reasons why we need to collect and use your personal information.

The two pieces of legislation we work in accordance with are the Local Government (Miscellaneous Provisions) Act 1976 and the Town Police Clauses Act 1847. In many cases there is a law that says we must or we can process your data and we can do so without your consent or permission.

In some instances (for example, when checking medical fitness reports or requesting details on criminal records), we will need to refer your data to a third party organisation. These third party organisations who provide their services are under contract and have to keep your details safe and secure, and use them only for this purpose.

We do this as task carried out in the public interest. We will not be able to determine whether or not you are a fit and proper person to hold a licence as defined by our licensing conditions without this information.

If we have consent to use your personal information, you have the right to remove it at any time.

If you want to remove your consent, contact DataProtection@Swindon.gov.uk and tell us which service you are using so we can deal with your request.

Who do we share your information with?

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.

We may complete a Privacy Impact Assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.

Basic information regarding your company, activity and star rating may be made available publicly on our website. You will be asked to confirm the details before this is uploaded to the website. You will have the option to opt out of this public list.

Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including:

  • if the court orders that we provide the information

We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy. This does not happen often, but we may share your information:

  • in order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to other professionals
  • to protect a child
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them

For all of these reasons the risk must be serious before we can decide to override your right to privacy.

If we are worried about your physical safety, or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.

We may still share your information if we believe the risk to others is serious enough to do so.

There may also be rare occasions when the risk to others is so great that we need to share information straight away.

If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.

How do we protect your information?

We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.

Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'
  • Pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
How long do we keep your personal information?

We will keep your information for as long as it is required by us or other regulatory bodies in order to comply with legal and regulatory requirements or for other operational reasons. In most cases this will be a minimum of six years.

What you can do with your information?

Under the Data Protection Act 2018 and the EU General Data Protection Regulations you have the following rights:

  • The right of access to you own personal data
  • The right to request rectification or deletion of your personal data
  • The right to object to the processing of your personal data
  • The right to request a copy of the information you provide us in machine-readable format
  • The right to withdraw your consent to any processing that is solely reliant upon your consent.

Should you wish to exercise any of your rights, you should contact the Data Protection Officer.

Your right to complain

In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.

If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk. You may refer the matter to the Information Commissioner’s Office whose contact details are below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email: casework@ico.org.uk

This website also contains information on data protection and your rights and remedies.

What if you do not provide personal data?

You have a statutory obligation to provide personal data to Swindon Borough Council in order to process your application.

How will we ensure compliance?

A yearly audit will take place on personal data to ensure that we remain legally compliant in accordance with current data protection legislation.

Main privacy notice

You are viewing the Privacy Notice for Hackney Carriage and Private Hire Licensing.

Read the main Privacy Notice