North Somerset Council is registered with the Information Commissioner’s Office for the purposes of processing personal data.

We will comply with data protection law. This says that the personal information we hold about you must be:

• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely

The information you provide will be held and used in accordance with the requirements of UK and European data protection law.  It will form part of your service record to ensure that we are able to provide the best support which will be stored for up to 18 months. It is stored in a restricted electronic folder and accessed by named members of staff only. We will use it to administer active programmes, to contact you about relevant services, and to provide you with ongoing advice and support. We compile anonymous statistics about the number of residents/businesses using the service and which resources are being utilised, which are shared within North Somerset Council, and sometimes with external organisations and partners.

Unless otherwise agreed with you, we will only collect personal data required to deliver the programme, which includes

• name
• date of birth
• contact details
• employment status
• qualifications
• living arrangements
• information relating to access needs such as mobility, visual and hearing impairments.

We may also collect, store and use the following more sensitive types of personal information:

• Information about your health, including any medical condition/disability/ethnicity

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• Where we need to perform the contract, we have with you, or are looking to set up a contract with you (enrolment), in accordance with Article 6(1)(b) of GDPR
• Where we need to comply with a legal obligation, in accordance with Article 6(1)(c) of GDPR
• Where our intention is to protect your vital interests, in accordance with Article 6(1)(d) of GDPR

Where we are processing sensitive personal data, we rely on additional conditions to ensure this is carried out in a lawful manner:

• Where it is necessary to carry out our obligations under employment law (generally the Employment Rights Act 1996, ACAS Codes of Practice and the Equality Act 2010), in accordance with Article 9(2)(b) of GDPR.

We will not use your personal information in a way that may cause you unwarranted nuisance.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014.  Under the conditions of the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research.  We do not share the information with other organisations for commercial purposes.

You have the right to see the personal data we process about you, as well as the right of objection, rectification, restriction and erasure in some circumstances.  For details of how to make such a request, please click here. If you have any questions or concerns about the way we process your personal data, our Data Protection Officer can be contacted at: DPO@n-somerset.gov.uk

If you wish to make a change to the data we hold about you, for example a new address or telephone number, please contact the Economy Team: business@n-somerset.gov.uk