Privacy policy
Southampton City Council Privacy Notice
As a Local Authority, Southampton City Council (SCC) must meet its contractual, statutory, and administrative obligations. We are committed to ensuring that the personal data of our residents and service users is handled in accordance with the data protection principles.
This privacy notice tells you what to expect when SCC collects personal information about you. It applies to all service users. However the information we will process about you will vary depending on your specific involvement with SCC.
If we are requesting your personal data, it is because it is necessary and relevant to the service or function being performed. As such, if you withhold information, it is likely that we will not be able to perform the service or function, or there will be a delay in doing so.
SCC is the controller for this information unless this notice specifically states otherwise, and its Data Protection Officer can be contacted at dataprotection@southampton.gov.uk.
This notice should be read in conjunction with our service-specific notices listed below, and when appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this document.
We keep this privacy notice under regular review and it may be amended from time to time.
UKHSA Data
As part of the council’s role supporting the response to emergency situations and outbreaks of infectious disease, we may receive patient information from the UKHA in order to:
- Recognise trends in such diseases and risks
- Control and prevent the spread of such disease and risks
- Monitor and manage outbreaks of communicable disease
- Monitor and manage incident and exposure of communicable disease
The information provided to the council varies but may include:
- Age
- Sex
- Ethnicity
- Home postcode
- Test results
- Details of any symptoms, start date and nature
If you are a care home resident, we will also receive information in relation to this. The council uses this data only when necessary in an aggregated and anonymous form to make operational decisions with our partner agencies.
Service specific privacy notices
- Council Tax and Business Rates
- Children and Families
- Taxi camera systems
- CCTV privacy notice
- Development Management
- Public Health
- School Admissions
- Registration
- Funerals and bereavement
- Libraries - Joining the library
- Libraries - Use of computers
- Housing Services - Council tenants
- Directory
- Cookies
- Use of NHS number
- Advertising
- National Fraud Initiative
- Processing special category and criminal offences data
- Corporate Health & Safety
- HR and Recruitment
- Stray dogs
In this notice
- How do we get your information
- What personal data we process and why
- Lawful basis for processing your personal data
- How long we keep your personal data
- Data sharing
- Do we use any data processors
- Your rights in relation to this processing
- Transfers of personal data
- Further information
How do we get your information
We get information about you from the following sources:
- Directly from you.
- From third party organisations, such as the NHS, government departments, or the Police
- CCTV images from our own CCTV systems
What personal data we process and why
The information we process about you will vary depending on the service being provided, but will fall within the following categories:
- Education and training details
- Employment details
- Family, lifestyle and social circumstances
- Financial details
- Goods or services provided and related information
- Personal details issued as an identifier (e.g. NHS Number)
- Personal details, including any information that identifies the data subject and their personal characteristics
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
In addition to processing your personal data to provide our services and perform our functions, we may also use your personal data:
- For research purposes, and to help inform our policies and strategies
- To identify individuals that might be eligible for services, schemes, and support, and contacting those individuals if it is considered fair to do so
Information relating to your health and wellbeing and other special category data
In order to meet our statutory and legal obligations in respect of certain services, we may also need to process sensitive, or “special category” personal data about you, which could include data related to:
- Physical or mental health
- Religious or philosophical beliefs
- Trade union membership
- Sexual orientation
- Racial or ethnic origin
- Political opinions
- Biometric or Genetic data
- Gender status
- Criminal record and criminal proceedings
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
Lawful basis for processing your personal data
Depending on the service, we rely on the following lawful basis for processing your personal data under the GDPR:
- Article 6(1)(a) where we have your consent
- Article 6(1)(b) which relates to processing necessary for the performance of a contract.
- Article 6(1)(c) so we can comply with our legal obligations
- Article 6(1)(d) in order to protect your vital interests or those of another person.
- Article 6(1)(e) for the performance of our public task.
- Article 6(1)(f) for the purposes of our legitimate interest
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
Special category data
Where the information we process is special category data, for example your health data, the additional bases for processing that we rely on are:
- Article 9(2)(a) where we have your explicit consent
- Article 9(2)(b) which relates to carrying out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights.
- Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent.
- Article 9(2)(h) for the purposes of preventative or occupational medicine and assessing your working capacity as an employee.
- Article 9(2)(f) for the establishment, exercise or defence of legal claims.
- Article 9(2)(g) for reasons of substantial public interest
- Article 9(2)(h) for the provision of health or social care treatment, or the management of health or social care systems and services
- Article 9(2)(i) for reasons of public interest in the area of public health
- Article 9(2)(j) for archiving purposes in the public interest
In addition we rely on processing conditions at Schedule 1 parts 1 and 2 of the Data Protection Act 2018 (DPA2018). These relate to the processing of special category data for:
- Employment purposes
- Health or social care purposes
- Public health
- Reasons of substantial public interest
Our Policy on Processing Special Category Data provides further information about this processing, and for more detailed information about a particular service, review the relevant service-specific notice from the list above.
Criminal convictions and offences
We process information about staff criminal convictions and offences. The lawful basis we rely to process this data are:
- Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a) of the DPA2018.
Our Policy on Processing Special Category Data provides further information about this processing.
How long we keep your personal data
For information about how long we hold your personal data, see our Retention Schedule.
Data may be retained by certain services in an anonymised form for statistical and reporting purposes.
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
Data Sharing
In performing the service or function, or for reporting, evaluation, or monitoring purposes, it may be necessary for us to share some of your personal or pseudonymised data with external organisations or internal departments. Depending on the service or function, we may share information with the following types of organisations:
- Business partners
- Central Government Departments
- Commissioned Providers
- Corporate Suppliers
- Debt Collection and Tracing Agencies
- Education Providers
- Financial Organisations
- Fire Services
- Healthcare Providers
- Housing Associations and Landlords
- Ombudsmen and Regulatory Authorities
- Other Local Authorities
- Police
- Trade Unions
- Voluntary and Charitable Organisations
In some circumstances, such as under a court order, we are legally obliged to share information, and we may also share information with the Police and other enforcement agencies for the purposes of the prevention, investigation, detection, or prosecution of criminal offences.
We may also share information internally, in order to verify or confirm your personal details, to ensure our records are accurate and up-to-date. Data held by services will only be used by other internal departments or services when we are satisfied there is a lawful basis for doing so, and that is it fair.
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
Do we use any data processors?
Data processors are third parties who provide certain parts of our services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. Our current data processors for our main services are listed below
Data Processor | Purpose | Notice |
---|---|---|
Capita One Revenues and Benefits (supplier Capita) | The system used to administer Council Tax and Business Rates, and to manage Education Services | https://www.capita.com/privacy-notice |
Business World (supplier Unit4) | The system used to manage HR and payroll | https://info.unit4.com/rs/900-SZD-631/images/Unit4-Privacy-Policy-June-2018-English.pdf |
Care Director (supplier One Advanced) | The system used to manage Social Care services | https://www.oneadvanced.com/privacy-policy/services-privacy-statement/ |
UNI-form (supplier IDOX) | The system used to manage: • Planning and Building Control services • Environmental Health • Trading Standards • Licensing • Community Safety services |
https://www.idoxgroup.com/wp-content/uploads/2020/09/Privacy-Statement.pdf |
Bartec Collective (supplier Bartec Municipal Technologies) | The system used to manage Waste Collection and Recycling services | https://www.bartecmunicipal.com/privacy-policy/ |
NEC Software Solutions | The system used to manage Housing services | https://www.necsws.com/privacy-notice |
Balfour Beatty Living Places | We have a contract with BBLP to maintain our Highways | https://www.balfourbeatty.com/services/privacy/ |
Microsoft | Internal communications, general correspondence and document production. Includes email, instant messaging, and video conferencing | https://privacy.microsoft.com/en-gb/privacystatement |
For more detailed information about a particular service, review the relevant service-specific notice from the list above.
Your rights in relation to this processing
As an individual you have certain rights regarding our processing of your personal data, including a right to lodge a complaint with the Information Commissioner’s Office as the relevant supervisory authority.
For more information on your rights, please see our page on Data Protection.
Transfers of personal data
We don’t routinely transfer staff personal data overseas but when this is necessary we ensure that we have appropriate safeguards in place.
Further Information
CCTV
We operate CCTV inside our premises to monitor access to certain areas. Further information is available in our CCTV policy.
Additionally, you may be filmed by CCTV which is owned and operated by the landlords or owners of the buildings in which our offices are situated. SCC is not the data controller for this information.
Emails and communications with the Council
If you send us an email, its contents will be checked before it is released it to the person to whom it was sent. Software will automatically detect unacceptable content, including obscenities and profanities, certain attachment types, viruses, spam (junk emails). If an email that contains unacceptable content is detected, it will not be delivered.
Communications with the Council (including online transactions) may be subject to monitoring and recording only for purposes permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.