Legal Information & Privacy Notice

Islington Council is committed to protecting your privacy when you use council services.
Our Privacy Notice explains how the council uses information about you, the ways in which we protect your privacy and some of the rights you have in relation to our handling of your data.

What is Personal Data?

Personal data means data which relates to a living individual who can be identified directly or indirectly from that data. Where necessary, we process personal data to deliver our services effectively; where possible, the data that we process will be anonymised or pseudonymised. Processing covers everything we do with your data from collecting your data, to storing, managing and deleting it.

This personal data might be provided to us by you, or provided by someone else or it could be created by us.

Why we use personal information

The council provides a wide array of services to the public, and it often cannot do so without using people’s personal information. It is hard to give a complete list of every situation in which we may need to use information about you. You will usually be able to get a clearer sense of how we use your data in a particular area by looking at the specific pages on our website about that particular service or issue. Where we specifically require you to provide us your personal data, we will tell you why.

But we can try broadly to summarise when we might use your information. We may need to use some information about you to:

  • manage and deliver services and support to you;
  • train workers;
  • help investigate any worries or complaints you have about your services;
  • keep track of spending on services;
  • check the quality of services, including our regulatory obligations; and
  • help with research and planning of new services.

How can you access the information we hold about you?

We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services.

However, you also have the right to ask for all the information we have about you and the services we have provided to you.

Further information on what you are entitled to, and the process for making a Subject Access Request including our Subject Access Form can be found on our Data Protection pages.

How can you request correction of inaccurate information?

You should let us know if you disagree with something written on your file. We may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.

When you can ask us to limit what we use your personal data for

You have the right to ask us to restrict what we use your personal information for where:

  • you have identified inaccurate information and have asked us to correct or erase it;
  • you don’t want your personal data to be erased but you are contesting whether we can lawfully use it;
  • you don’t want your personal data to be erased but you are contesting whether it is still necessary for us to use it for the purpose for which it was collected.

When our use of information is restricted this way, other than storing it securely, it can only be used with your consent or where it is needed for legal claims, to protect the legal rights of others, or where it’s for important public interests.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.

You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may delay or prevent us delivering that service.

Ultimately we may need to hold or use information because we are required to by law.

Consent

Where you may have provided your consent to the handling and use of your personal information for a particular purpose, you can always withdraw that consent. However, we will not always need your consent to use your personal data.

Right to be Forgotten

If you want to request that the council stops processing your personal data, you should describe the information concerned and outline the reasons for your request. Where we have a legal obligation to retain data, or where it is otherwise necessary to retain the data, we will inform you. Otherwise, we will consider your request under your “right to be forgotten”. Further information can be found on the Information Commissioner’s website.

You can ask to have your information moved to another provider (data portability)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.

This is unlikely to apply to most of the services you receive from the Council.

Automated individual decision-making and profiling

You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.

You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.

You also have the right to object to profiling. Profiling is where decisions are made about you based on aspects of your personal information.

If and when the council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.

If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we use your information.

How do we keep information secure?

We will take appropriate steps to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Our security includes:

  • encryption
  • firewall and network security frameworks
  • access controls on systems
  • access controls on council buildings
  • security training for all staff.

View our policy on Information security.

How long do we keep your personal information?

Please see our retention schedule which explains the retention periods for all information held by the council:

View our retention schedule.

Who will we share your personal information with?

We use a number of commercial companies and partners to either store personal information or to manage it on our behalf, and also to provide certain services to you. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection law.

In addition, there are circumstances when we are likely to share data with other public authorities and organisations where there is a legal basis for doing so, which might include:

  • other local authorities
  • government departments including HMRC
  • health service providers
  • the police
  • fire brigades
  • housing associations
  • voluntary and charity organisations
  • independent suppliers of council services (e.g. care homes)

Sometimes we have a legal duty to supply information about people. This is often because we must give that information to courts, including:

  • when we take a child into care;
  • court orders; and
  • cases under mental health law.

In very limited circumstances we may share your personal information when there is a pressing and legal reason for doing so that is more important than protecting your confidentiality. For example, if there is a serious risk to an individual’s safety. We may share your information:

  • for the detection and prevention of crime/fraudulent activity; or
  • if there are serious risks to the public, our staff or to other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

This risk must be identified as being serious before we can go against your right to privacy. When we are worried about your physical safety or we feel that we need to take action to protect you or another person from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation.

When using personal data for research purposes, the data will be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.

We would not normally expect to send any of your personal information outside of the EEA

We do not sell or provide personal information to any other organisation for the purposes of direct marketing.

Data Analytics

In order to improve the services we provide to our residents and ensure we make the most efficient use of resources, we use data and information from a range of sources gathered across the council and from data provided by external organisations such as the NHS, to understand more about the needs, including health and care, of residents. This data is used to derive statistics and intelligence for research and planning purposes and to monitor how our services are performing. This information may also be used to identify priorities for action and inform decisions made by the council about the services we provide.

In order to protect your individual privacy, data analytics are only undertaken using anonymised (where your name or identifying details are removed) or pseudonymised data (where your name or identifying details are replaced with a key).

At no point will data profiling data be used to identify you individually or your family. It is for research and planning purposes only.

Cookies

To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. Most big websites do this too. They improve things by:

  • remembering settings, so you don’t have to keep re-entering them whenever you visit a new page
  • remembering information you’ve given (e.g. your postcode) so you don’t need to keep entering it
  • measuring how you use the website so we can make sure it meets your needs.

By using our website, you agree that we can place these types of cookies on your device.

Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. You can manage and/or delete these small files as you wish.

The cookies used on our website are as follows:

  • CookieControl
  • DYNSRV
  • VISITOR_INFO1_LIVE
  • IDE
  • GPS
  • YSC

To learn more about cookies and how to manage them, visit AboutCookies.org

Measuring website usage (Google Analytics)

We use Google Analytics to collect information about how people use this site. We do this to make sure the website is meeting users’ needs and to understand how we could improve it.

Google Analytics stores information about what pages you visit, how long you are on the site, how you got there and what you clicked on. We do not collect or store your personal information other than your IP address (e.g. not your name or address). We do not try to identify you from your IP address.

We also collect information on the number of times particular search terms are used and the number of failed searches. We use this information to improve access to the site and to identify gaps in the information content so we can plan appropriate expansion of the system.

Social Network Contact with the Council

When you choose to contact the council via social media accounts (e.g. Facebook/Twitter) you should be aware that the council cannot control the data you post there. Once we have transferred any requests for service or complaints from the platform concerned onto our corporate systems, your information will be treated like any other personal data the council holds.

Facebook
Twitter

How can I contact the Council about data protection?

If you have any data protection queries or require further information on how the council handles your data, please feel free to contact our Data Protection Officer. C/O Information Governance Team, London Borough of Islington, 3rd floor, 7 Newington Barrow Way, London N7 7EP, or by email at dp@islington.gov.uk

How do I make a complaint about the way the Council has handled my data?

If you have any data protection complaint, or if you believe your personal data has been mishandled, please contact our Information Governance Team, London Borough of Islington, 4th floor, 7 Newington Barrow Way, London N7 7EP, or by email at infocomplaints@islington.go.uk

If you remain dissatisfied with the outcome of your complaint, you can refer the matter for adjudication to the Information Commissioner’s Office (ICO) whose details appear below.

Where can I get independent advice

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email casework@ico.org.uk.