This privacy notice explains how Harlow Council (as a Data Controller) will collect, use and protect personal data specifically with regard to the coronavirus pandemic.
You can view the council’s main privacy notice which contains more information on how we collect, use and protect personal data generally, as well as your rights as a data subject.
You can also check the council's latest updates on coronavirus
What personal data we will be processing and why
The council already holds data regarding tenants, employees and stakeholders.
You may have provided this information for a specific reason and normally the council would seek to inform you that the data provided would be being used for a different purpose. However, due to the rapidly emerging situation regarding the current pandemic this will not always be possible.
If we already hold information regarding vulnerability as defined in the current guidance from the government and Public Health England, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council.
We may in this current crisis need to ask you for personal data including sensitive personal data that you have not already supplied - for example, your age or if you have any underlying illnesses or are vulnerable. This is so the council can assist you and prioritise its services.
If we have information indicating that you are vulnerable in the current pandemic, we may contact you to ensure your safety and to assist you where possible.
Legal basis for processing your personal data
As explained above, we will process your personal data for specific reasons during the coronavirus outbreak and below is the list of legal provisions under which the council will do so:
- where processing is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR)
- where processing is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) GDPR)
- where processing is necessary for the reasons of substantial public interest (Article 9(2)(g) GDPR)
- where processing is in the interest of public health (Article 9(2)(i) GDPR)
Sharing your personal data
In this current pandemic, we may share your personal data internally with the various departments of the council and externally with other public authorities, emergency services, and other stakeholders as necessary and proportionate to do.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.
Please consider the privacy information given at the time you provided your personal data to us or alternatively you can view our records retention policy (pdf)
Generally, where possible we will anonymise your personal data so that you cannot be identified.
Where we do not need to continue to process your personal data, it will be securely destroyed.
Complaints or queries
We try to meet the highest standards when collecting and using personal data. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of your personal data is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the council’s Data Protection Officer firstname.lastname@example.org.
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:
Information Commissioner's Office