This privacy notice explains how Harlow District Council (as a Data Controller) collects, uses and protects personal data generally.
When we collect your personal data, we will provide you with specific information in regards to why we are collecting it and how it will be used. To view some of our specific privacy notices, please see the links at the bottom of this page.
Your personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Some of your personal data is classed as 'special categories of personal data' because it is the information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation and information regarding your physical and mental health.
For information on how we will protect special category personal data, you can read our appropriate policy statement (pdf)
The processing of personal data is governed by the General Data Protection Regulation (GDPR) 2016 and the principles set out in it.
Who we are
Harlow District Council is the data controller (contact details at the bottom of the page). This means we decide how your personal data is processed and for what purposes.
You can view our registration with the Information Commissioner's Office
You can find information about the services the council provides from our website homepage
How we process your personal data
We comply with our obligations under the GDPR and the principles of the Data Protection Act 2018 (DPA) by:
- keeping personal data up to date
- storing and destroying it securely
- not collecting or retaining excessive amounts of data
- protecting personal data from loss, misuse, unauthorised access and disclosure
- ensuring that appropriate technical measures are in place to protect personal data
Under the DPA, we have a legal duty to protect any personal data we collect from you - whether through written correspondence, online forms, emails or phone recordings. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it.
Our access to information policy (pdf) contains full details of Harlow Council’s data protection policy.
We will not process any data relating to a child (under 16) without the express parental or guardian consent of the child concerned.
Legal basis for processing your personal data
How we are processing your personal data will determine the legal basis for processing. Generally, the legal bases for processing by the council as a public authority will be:
- to perform a function or provide a service required by statute (Article 6(1)(e) GDPR)
- to comply with a legal obligation (Article 6(1)(c) GDPR)
- where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR)
- where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR)
- with your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR)
Where the purpose for processing your personal data has changed, we will inform you of this.
In certain circumstances, you will be able to withdraw your consent to processing. Please contact our Data Protection Officer (contact details below), who will explain if your consent cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors carrying out repairs to council houses. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
In most cases we will not disclose your personal data without your consent, however there are circumstances when your consent is not required such as the legal bases 1 to 4 above.
Where we require your consent to share or disclose your personal data, we will contact you to obtain your consent.
You can read more information on how we share your personal data and use it for data matching exercises
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.
However, where possible we will anonymise this data so that you cannot be identified.
Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- to request a copy of your personal data which we hold about you
- to request that we correct any personal data if it is found to be inaccurate or out of date
- to request that your personal data be erased where it is no longer necessary for us to retain such data
- to withdraw your consent to the processing at any time
- to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (where applicable) - this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we processes the data by automated means
- to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data
- to object to the processing of personal data (where applicable) – this only applies where processing is based on legitimate interests (or the performance of a task in the public interest or exercise of official authority), direct marketing and processing for the purposes of scientific or historical research and statistics
- the right to be informed of the processing of your personal information by automated means, which results in a decision being made (without human intervention), and profiling, which is used for the purpose of evaluating certain characteristics about you without human intervention (for example, to predict your behaviour or interests) that have legal or similarly significant effects on you as an individual - where these methods of processing are used, you have the right to be informed as to how you can request human interaction and how to challenge a decision
- to lodge a complaint with the Information Commissioner's Office
You can access the personal information that we hold about you (number 1 above) by submitting a subject access request (SAR) to the council. This request must be in writing and clearly specify the information you require.
If you would like to make a request in regards to the processing of your personal data please contact the Data Protection Officer on the details provided below. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.
Further information can be found in our access to information policy (pdf)
Individual privacy notices
- Coronavirus privacy notice
- Electoral Services privacy notice
- Employees privacy notice
- Housing Services privacy notice
- Legal Services privacy notice
- Licensing privacy notice
- Revenues and benefits privacy notice (pdf)
- Self-isolation payment privacy notice
- Temporary workers at elections and canvass privacy notice
Copies of council policies
You can find copies of council policies on our policies, plans and strategies page
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the council’s Data Protection Officer.
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:
Information Commissioner's Office
Changes to this privacy notice
We keep this privacy notice under regular review and if we make any changes, we will publish the updated version on our website.