Who we share it with (recipients)
Are we relying on legitimate interests and if so, what are they?
How long will we keep your information for?
Will we transfer your information to a third country, and if we will what safeguards have we put into place?
Your personal information is shared within the Council to provide you with personal services, deal with your complaints and to make sure we commission the most effective and efficient services.
We sometimes need to share information with the individuals we process information about. To meet our responsibilities as laid out by law, we will share your information with other organisations. Where this is necessary we are required to comply with all aspects of the current data protection legislation.
Examples of legally based partnerships are:
- Sharing with the NHS to meet Social Care obligations
- The Troubled Families Programme
- Somerset Waste Partnership
We also share information with private sector suppliers because we have contracted them to provide our service to you. This includes, but is not limited to:
- adoption and fostering agencies
- advocacy services
- learning disability service
- nursing homes
- residential homes
- volunteer transport
All these contractors have to go through a rigorous procurement and vetting process to make sure they keep your data secure.
We do not sell or share your personal information with any other organisations, private or public, unless we are required by law, under contract or with your explicit consent.
The list below shows the categories of the organisations that we may share your information with where we are required to by law, or under contract, or with your explicit consent:
- Advocates or representatives of the person concerned
- Council registration service
- Credit reference agencies
- Current, past and prospective employers and examining bodies
- Customs and Excise
- Debt collection and tracing agencies
- Department for Work and Pensions
- Disclosure and barring service (DBS)
- Educators and examining bodies, such as schools and academies
- Families of the person concerned
- Financial organisations
- Healthcare professionals, social and welfare organisations, such as the NHS
- Housing providers, associations and landlords
- International law enforcement agencies and bodies
- Legal representatives and solicitors of the person concerned
- Licensing authorities
- Local and central government
- Local and national police forces, non-Home Office police forces
- Local Government Ombudsman, ICO and other regulatory authorities
- Ministry of Justice, courts, tribunals, prisons and probation service
- MPs and councillors
- Police Complaints Authority
- Political organisations
- Press and the media
- Private investigators
- Professional advisors and consultants
- Professional bodies
- Providers of services, contractors and data processors
- Religious organisations
- Security companies
- Social enterprises
- Students and pupils, including their relatives, guardians, carers or representatives
- Survey and research organisations
- Trades unions
- Voluntary and charitable bodies
- You and anyone you agree we can share with
You should be aware that information about you, held on our systems, may be used to prevent and detect fraud. The County Council has a duty under the Crime and Disorder Act 1988 to share information with other organisations, which handle public funds. Such arrangements form part of the annual audit required by the Audit Commission and will normally involve matching data from various databases held by participating authorities. Once an exercise has been completed, all data generated will be destroyed.
If we use your information because we have a legitimate interest we will tell you what the legitimate interest is. An example of a legitimate interest is employee monitoring for safety and management purposes.
We may need to transfer your information to a country that is defined as a third country. A third country is a country that is not in the European Union. If we need to do this you will be told that it is happening.
Any transfers made will be in full compliance with all aspects of data protection legislation.
When we collect information from you, we will tell you how long your information is to be kept, and the criteria used to determine the time frame.
Each service will have different requirements placed on it to keep your information for a defined time frame, and is established by:
- Best practice
- Business requirements
We will only keep your information for as long as it is needed, and it will be securely destroyed when we no longer need it.