Privacy Notices - Customer complaints, comments and feedback Privacy Notice
- Introduction
-
You need to be aware of this privacy notice if you are making a complaint, comment or compliment about Council Services via the council’s website.
- What is a Privacy Notice?
-
A Privacy Notice is a statement which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
-
Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
To find out more about Swindon Borough Council’s data protection policies please contact our Data Protection Officer by email: dataprotection@swindon.gov.uk or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire, SN1 2JH.
- Your personal data – what is it?
-
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
- What personal data do we collect?
-
Swindon Borough Council will collect data about you as you complete your complaint, comment, or compliments form.
If you make a complaint to us, we will hold the information you provide to us securely and use it to help us process your complaint. We will let you know if we need more information from you as your complaint progresses.
We process information that is relevant to the investigation of complaints we receive. This could include:
- personal and family details
- financial details
- details of complaints, incidents and grievances
- visual images
- sound recordings
We also process special categories of personal data. This may include information about:
- physical or mental health
- adult social care
- sex life or sexual orientation
- racial or ethnic origins
- religious or philosophical beliefs
Personal data will be stored on our IT systems, including our Customer Relationship Management and email systems. You can copy and directly upload any documentation to support your case into your council online ‘My Account’, should you wish to set one up.
- How do we process your personal data?
-
Swindon Borough Council complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Why do we need your personal information?
-
We may need to use some information about you to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- check the quality of services
- help with research and planning of new services
- How the law allows us to use your information?
-
To investigate complaints, comments and compliments, we need to process personal data to carry out our public task, and in the public interest. you, or your legal representative, have given consent.
If we have received your explicit consent to use your personal information, you also have the right to remove it at any time.
If you want to remove your consent, please contact DataProtection@Swindon.gov.uk and tell us which service you are using so we can deal with your request.
- Who do we share your information with?
-
We may also need to show some of the information you give us to other people. For example, in nearly all cases, we will share some of the information you give us with the Council Department, or partner organisation you have complained about, so they can respond to our enquiries. We will do this even if you have yet to complete the complaint process with that organisation.
Where you have complained about a specific employee of the council, or partner organisation concerned, we will usually share information you have provided about your complaint with that employee.
The types of other people and organisations we share data with include: a person who is representing you in making your complaint, professional advisers, ombudsman or regulatory authorities. We will usually tell you when we share your data, and who with.
We will often complete a Privacy Impact Assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy.
This does not happen often, but we may share your information:
- in order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can decide to override your right to privacy.
If we are worried about your physical safety, or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
- How do we protect your information?
-
We take the security of your data seriously. We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees only access your data in the proper performance of their duties.
- How long do we keep your personal information?
-
There is often a legal reason for keeping your personal information for a set period, so we try to include all of these in our corporate Retention & Disposal schedule and they are often explained within each service-related Privacy Notice.
For each service, the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.
- What you can do with your information?
-
The law gives you a number of rights to control what personal information is used by us and how it is used by us.
You can ask for access to the information we hold on you.
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for a copy of all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we have recorded about you, however, we cannot let you see any parts of your records that contain:
- confidential information about other people
- data a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing; or
- if we think that giving you the information may stop us from preventing or detecting a crime.
This applies to personal information that is in both paper and electronic records. If you ask us, we will also let others see your record (except if one of the points above applies).
If you cannot ask for your records in writing, we will make sure there are other ways that you can.
If you have any queries about access to your information contact DataProtection@Swindon.gov.uk.
You can ask to change information you think is inaccurate
You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
- Your right to complain
-
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk. You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email: casework@ico.org.ukThis website also contains information on data protection and your rights and remedies.
- What if you do not provide personal data?
-
You are under no statutory obligation to provide personal data to Swindon Borough Council; however, if you do not provide the data, we may not be able to process your case properly or at all.
- How will we ensure compliance?
-
A yearly audit will take place on personal data to ensure that we remain legally compliant in accordance with current data protection legislation.
- Main privacy notice
-
You are viewing the Privacy Notice for customer comments, complaints and feedback about the council.