Privacy and data protection

Data Protection Officer

Address

  • Data Protection Officer,
    Epping Forest District Council, High Street
  • Epping
  • Essex
  • CM16 4BZ

Contact

  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • 01992 564180

Download information as: vCard

Other information

Privacy


This privacy statement only covers the Epping Forest District Council website at www.eppingforestdc.gov.uk. This statement does not cover links within this site to other websites.

If you are a user with general public and anonymous access the Epping Forest District Council website does not store or capture personal information, but merely logs the user's IP address that is automatically recognised by the web server. We use cookies for monitoring the usage of the website but do not collect user information beyond that required for system administration of our web server. 

We also collect information on the number of times particular search terms are used and the number of failed searches. We use this information to improve access to the site and to identify gaps in the information content so we can plan appropriate expansion of the system.

Personal information

Epping Forest District Council handles personal information in accordance with the Data Protection Act 1998 and is the data controller for the purposes of the Act.

We do not collect personal information about you when you visit the website unless you choose to provide it to us to take advantage of a specific service, for example by completing an online form. We will use the information you supply to provide such services.

If you choose to send us personal information, we will use that information to respond to your enquiry and will only pass your details to another agency if it is required by law or that agency is relevant to your enquiry. We do not collect personal information for commercial purposes. 

We may pass your information to other agencies or organisations such as the Department for Work and Pensions or HM Revenue and Customs, as allowed by law. We may check information you have provided, or information about you that someone else has provided, with other information held by us. We may also get information about you from certain third parties, or give them information to

  1. Prevent or detect crime
  2. Protect public funds
  3. Make sure information is correct

These third parties include government departments, local authorities and private-sector companies such as banks, organisations that may lend you money and companies that assist us in fraud detection and prevention, such as Credit Reference Agencies.

We will not give information about you to anyone else, or use information about you for other purposes, unless the law allows us to.

 

Read more: Privacy

 

 

Data protection

Data protection and privacy


The Data Protection Act 1998 protects the privacy of individuals and places obligations on organisations that process personal data. Personal data is any information about a living individual that can identify them. The council needs to process and store personal data in order to provide its services effectively.

Our Data Protection Policy explains the way that our councillors, employees and anyone else working with the council must handle personal information.

To view our Data Protection Policy use the following link

{phocadownload view=file|id=182|text=Data Protection Policy|target=s}

The council is committed to protecting your privacy and will treat your personal data in accordance with the requirements of the Data Protection Act 1998. This page provides details of how to request access to the information that we hold about you.

In general, the DPA gives individuals a right to access the personal data an organisation is processing about them, unless an exemption applies. This is called a Subject Access Request and you can make a request to us to access your personal data and information. We charge a fee of £10 for Subject Access Requests.

To make a Subject Access Request for personal information under the DPA, you must make a written request. This can be done by any of the following methods:

Post: You can download a copy of our Subject Access Request Form for completion and return by post, by using the link below.

{phocadownload view=file|id=1313|text=Data Protection - Subject Access Request Form|target=s}

{phocadownload view=file|id=1657|text=Data Protection - Request for data declaration|target=s}

Written Subject Access Requests submitted by email, letter or the Data Protection Contact Form must include your name and contact address, and should describe the information you want.

In responding to your request, we will ask you for evidence of your identity and the relevant fee. We may also ask you to provide some details of the information you require, to help us understand what information you are seeking and where the data may be held.

We will reply to your request within forty calendar days of receiving evidence of your identity and the Subject Access Request fee. We will give you access to all the information you have asked for unless

  •  an exemption applies to some or all of it (see below)
  •  there is information about someone else included with your own information and it is necessary to withhold some or all of it

We will not

  •  ask you why you want the information or what it will be used for
  •  ask you to keep what we have told you confidential
  •  refuse any request unless an exemption applies

Providing information to you might affect the rights of other people. For instance it might include personal data about other people. If so, we may contact them to help us decide whether the information should not be disclosed. We will normally provide a copy of the information you require, but in some circumstances, if there is a large volume of information, we may invite you to view the information at the Civic Offices.

The council's protocol for handling Subject Access Requests sets out how we will deal with requests for personal data.

This can be downloaded below

{phocadownload view=file|id=2287|text=Protocol for the handling of Subject Access Requests|target=s} 

When applying for a special service or benefit provided by the Council, it is often necessary to supply particular information or personal documents to support an application or claim. This may be, for example, to provide evidence of identity, residence or financial status etc.

The minimum standards that will be applied in relation to the return of personal information and documents containing personal data, which are submitted by post or hand-delivered in connection with an application or claim for a service or benefit, are set out in our Personal Information and Documents Protocol, which can be downloaded using the link below.

{phocadownload view=file|id=2511|text=Personal Information and Documents Protocol|target=s}

Section 29 of the Data Protection Act 1998 allows the Council to share personal data about you with the police and other investigative agencies without your consent, where information is required:

  • for the prevention or detection of crime
  • for the apprehension or prosecution of offenders
  • for the assessment or collection of tax or duty

The disclosure of personal information to the police or other agencies is not compulsory, and will only be made where one or more of these circumstances apply and non-disclosure would prejudice an investigation into one of the above, or where the Council is served with a Court Order requiring the disclosure of the information.

Requests for the disclosure of personal information in connection with any of the above circumstances must fully comply with the Council’s protocol for the handling of data sharing requests, which can be downloaded below.

In particular, all requests must

  • be submitted on the headed paper of the organisation requesting the personal data
  • state the section of the Act under which the request is made, or any other statutory basis for disclosure that is considered to apply (if appropriate)
  • specify in as much detail as possible, the type and nature of the personal data that is sought
  • state, in as much detail as possible in the particular circumstances, the purpose(s) for which the personal data is required
  • state (if it is the case) whether a failure to disclose the required personal data would prejudice the purpose(s) for which the information is requested
  • be signed by the requestor and be countersigned by an appropriate supervisor, and provide the names, positions and full contact details of both, including addresses, telephone numbers and secure (GCSX, PNN, GSI etc.) email addresses

All requests for the disclosure of personal data must be made in writing. The Council will not accept any request made orally or by telephone.

{phocadownload view=file|id=2288|text=Protocol for data sharing requests|target=s}

This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Information from the Cabinet Office (GOV.UK)

Requests for all other types of data, which is not personal information, is dealt with under the provisions of the Freedom of Information Act 2000. For further information please visit our Freedom of Information page.

If you are not happy with how we handle your request for personal information, you can make a complaint through our compliments and complaints scheme.

If you are still not satisfied, you can contact the Information Commissioner. The Information Commissioner is an independent official appointed to oversee the Data protection Act 1998. Further information can be found on the Information Commissioner's Office website.

 

 

Read more: Data protection and privacy