Privacy Statement

November 2023

The UK General Data Protection Regulation (UK GDPR) gives individuals the right to be informed about how organisations use their personal data. Nottinghamshire County Council provides this information in Privacy Notices using a layered approach.

The Council's general privacy notice is on this page. You can find privacy notices for specific services, as well as child friendly and easy read versions of the general privacy notice, using the Related menu on the right or the links at the end of the general privacy notice.

Nottinghamshire County Council is registered as a data controller with the Information Commissioner's Office (registration number: Z5557238). The Information Commissioner’s Office is the regulator for data protection in the UK.

1. What is the purpose of this privacy statement?

This privacy statement tells you what to expect when Nottinghamshire County Council collects or receives personal data. It applies to information we collect or receive about:

  • visitors to our website
  • people who register for an on-line account  
  • people who register for and use our services
  • people who are referred to us by other persons, agencies, organisations
  • people who contact us with an enquiry or complaint
  • job applicants and our current and former employees
  • people who participate in publicity for the County Council
  • people who are recorded on CCTV systems operated by the County Council.

2. What is personal data?

Personal data is any information that relates to an identifiable living individual. The following are examples of personal data the County Council may collect or receive:

  • personal contact details such as name, address, phone number, etc.
  • personal identifiers such as an NHS number
  • visual images, personal appearance and behaviour
  • personal or professional opinions about an individual
  • family details
  • employment and education details
  • student and pupil records
  • housing needs
  • lifestyle and social circumstances
  • pension or financial activity records
  • offences (including alleged offences)
  • criminal proceedings, outcomes and sentences
  • health details
  • racial or ethnic origin
  • data concerning a natural person’s sex life or sexual orientation
  • trade union membership
  • political affiliation
  • political opinions
  • religious or other beliefs of a similar nature

Personal data can be in any format including:

  • written letters
  • emails
  • video recordings
  • audio recordings
  • photographs
  • meeting minutes
  • reports
  • digital files

3. What do we use personal data for?

We may need to use personal data for the following purposes:

  • the activities and functions we are required to carry out as a local authority; for instance, social services, adoption services, education, planning and highways functions, civil parking enforcement, etc.
  • public health functions
  • registration services
  • delivering services and support to customers and service users
  • managing and monitoring those services
  • service planning
  • dealing with and investigation of enquiries and complaints
  • responding to requests for information
  • complying with legal requirements or Court Orders
  • legal proceedings and legal advice
  • supporting and managing workers; for instance, recruitment, provision of HR, payroll and occupational health services
  • health and safety
  • managing our property
  • administering the Local Government Pension Scheme
  • internal financial support including maintaining our own accounts and records
  • emergency planning
  • flood risk planning
  • supporting the functions of other agencies
  • processing on behalf of other persons
  • carrying out surveys and audits
  • reporting to Government, professional and supervisory authorities
  • carrying out Disclosure and Barring Service checks
  • data matching under local and national fraud prevention initiatives
  • crime prevention and prosecution of offenders
  • law enforcement functions that may result in criminal investigations or prosecutions
  • archiving records
  • historical and statistical research
  • equal opportunity and diversity monitoring
  • decision making
  • responding to Councillors’ enquiries

4. When can we use your personal data?

Data protection law allows us to use or share personal data in any of the following circumstances:

With consent

  • when we have your (or your appointed representative’s) consent. For example, you may have indicated your consent on a paper form or on-line form on our web site;

Without consent

  • where we have a contract with you, or you have asked us to process your data prior to entering onto a contract;
  • where we are under a legal obligation that requires us to process your personal data;
  • when we are protecting your vital interests, or those of other persons. For example, sharing details from your care record with a medical professional in an emergency;
  • where the County Council is carrying out a task or function in the public interest. For instance, when providing a service that it has lawful authority to provide, such as social care, planning or highways;
  • where we or another organisation has a legitimate interest and need to use information for a specific purpose that does not unjustifiably infringe on your rights or freedoms;
  • where it is necessary for the performance of a law enforcement task.

The following special categories of data are sensitive personal data that we only use or share when additional conditions apply. Special category data is likely to include anything that can reveal your:

  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • physical or mental health;
  • sex life or sexuality.

Data protection law permits us to use or share special category data only in one or more of the following circumstances:

  • where we have explicit consent;
  • where it is necessary for social care or health care purposes;
  • where it is necessary for the assessment of the working capacity of an employee;
  • where it is necessary for medical diagnosis;
  • where it is necessary for the vital interests of an individual and the individual is unable to consent because they are physically or legally incapable;
  • where it is necessary for employment and social security and social protection law;
  • where it is necessary for reasons of substantial public interest and for:
    • performing a statutory function
    • for the administration of justice
    • the provision of counselling or other confidential services
    • the prevention or detection of crime
    • fraud prevention or protecting the public against dishonesty or other improper conduct
    • for insurance purposes or occupational pensions
    • for obtaining legal advice or for the purposes of legal proceedings
    • for responding to Councillors’ enquiries
    • for equal opportunity and diversity monitoring purposes;
  • for research and archiving purposes;
  • where the information has already been made public by the individual concerned.

We will also only process personal data about criminal convictions or offences when specific conditions provide lawful authority for us to process that data.

The County Council's Special category and criminal conviction personal data policy document contains more information about how the Council protects special category and criminal convictions personal data.

5. Who may we share personal data with or receive it from?

The County Council will sometimes need to share your information with other parties that support the delivery of the service you may receive or to support the Council carry out any of its statutory functions or, where appropriate, in any of the other circumstances referred to in section 4 above. 

We may provide personal data to (or receive personal data from):

  • customers and service users
  • family, associates or representatives of the person whose personal data we are processing
  • healthcare, social and welfare organisations
  • healthcare professionals
  • mental health assessors
  • care homes and care providers
  • local and central government bodies
  • adoption agencies
  • housing associations and landlords
  • voluntary and charitable organisations
  • current past and prospective employers
  • agency workers and contractors
  • consultants
  • trade unions
  • professional bodies
  • the disclosure and barring service
  • service providers and other suppliers of goods and services
  • buyers of goods and services
  • professional advisers and consultants
  • financial organisations
  • pensions regulators and pensions authorities
  • employers participating in the local government pensions scheme
  • credit reference agencies
  • customs and excise
  • ombudsman and regulatory authorities
  • press and the media
  • courts and tribunals
  • legal representatives, defence solicitors
  • law enforcement and prosecuting authorities
  • police forces
  • prisons and the probation service
  • the Children and Family Court Advisory and Support Service (CAFCASS)
  • police complaints authority
  • partner agencies, approved organisations and individuals working with the police
  • Home Office
  • international law enforcement agencies and bodies
  • debt collection and tracing agencies
  • private investigators
  • security companies
  • political organisations
  • licensing authorities
  • waste collection authorities
  • religious organisations
  • schools and academies
  • educators and examining bodies
  • students and pupils including their relatives, guardians, carers or representatives
  • survey and research organisations
  • press and the media
  • MPs, councillors and other elected representatives.

6. Will personal data ever be transferred outside the United Kingdom?

In some circumstances we may need to transfer personal data (including sensitive personal data) to other organisations based outside the UK, including countries or territories which are outside the European Economic Area. When we do so we will ensure that procedures and technologies are in place to maintain the security of all personal data which is processed overseas. 

In some circumstances we may need to transfer your personal data to organisations in the USA. The EU and USA have agreed a new Data Privacy Framework, allowing US organisations which are signed up to this framework to be considered adequate for data protection purposes.  The UK now has an extension to the EU/ US Data Privacy framework (the UK - US Data Bridge) which allows the UK to transfer personal data only to those organisations in the USA which have signed up to this.

If we transfer your data to US organisations which are not signed up to the framework, we will continue to consider this a restricted transfer and ensure appropriate legal controls are in place to ensure the data transfer is safe and in keeping with UK regulatory requirements.

7. How long do we keep personal data?

Nottinghamshire County Council’s records retention and disposal schedule explains how long we normally retain different categories and types of information, including personal data. The law may also specify a minimum amount of time we have to retain certain information.

8. How do we keep your information secure?

We will take appropriate steps to make sure we hold records about you in a secure way. We have put in place procedures and technologies to maintain security of personal data from the point of collection to the point of destruction. All employees are given training in information security and data protection standards and are obliged to respect the confidentiality of your personal data.

9. What rights do you have in relation to your personal data?

You have a number of rights that you may exercise in relation to your personal data. Some of the rights do not apply automatically and may not be available in certain circumstances where a lawful exception applies. 

You have a right to access your personal data. You can request a copy of personal data that we hold about you and ask us to explain how we use your data.

You have a right to object to processing of your personal data. You have an absolute right to stop your data being used for direct marketing. In other cases where the right to object applies, we may be able to continue using your data if we have a compelling reason for doing so.

If we are relying on consent as the lawful basis to process your data you can withdraw your consent at any time, and we will stop further processing.

You have a right to request the restriction or suppression of your personal data.

You have a right to have your personal data erased, if we no longer have a legitimate use for it. This right is sometimes called the ‘right to be forgotten’.

You have a right to rectification of your personal data if the information we hold in relation to you is inaccurate or incomplete.

You have a right not to be subject to any decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. You can request human intervention or challenge any solely automated decision-making that significantly affects you.

If you would like to request access to your personal data or exercise any of your other data protection rights, please contact the County Council’s Complaints and Information Team:

Complaints and Information Team

Nottinghamshire County Council
County Hall
West Bridgford
telephone: 0300 500 80 80

National Data Opt-Out

The National Data Opt-Out was introduced to give you a choice about whether you want your confidential patient information to be used just for your individual care and treatment, or also to be used for research or for the planning of health and care services. To find out more, or to register your choice to opt out, please visit Your NHS Data Matters.  You can change your mind about your choice at any time. If you do choose to opt out your confidential patient information will still be used to support your individual care.

The County Council has published a statement of compliance with the national data opt-out.

10. Visitors to our website

What information do we collect when you visit our website?

The computers which host our website maintain logs which include the Internet Protocol (IP) addresses of all devices that access our pages. We only use these logs to determine website usage and not to identify or obtain information about specific users. IP information is treated as confidential and is not published or shared with any third party.

Please read  our separate cookies notice for information about how we use cookies on our website.

Registering for online services

We collect personal data that you provide to us when you register for an online account. 

We collect personal data when you apply to access some of our services online. 

In general, we will hold your personal data for the purposes of maintaining and operating your account or registration and will use your personal information:

  • for the purpose you provided the information for
  • to verify your entitlement to access the services you have requested, e.g. verification of your residence in the county. (We may do this by checking with a third party)
  • where you give specific consent to allow us to be able to communicate and provide information about services appropriate to your needs.

We will retain your information for the period necessary to fulfil the relevant purpose for which it is held, and we will also retain any external verification so long as it remains accurate based on the information you provide to us. This will allow us to reuse that information when you register for additional services.

Photographic images

Images of individuals are treated as personal data. Images of crowds in a public area are not. When taking photographs intended for publication on our website or elsewhere, it is our policy to seek the written permission of any individuals who are photographed.

We will respond promptly to any request to remove photographic images and/or personal data from the website where the person making such a request has a right to do so in accordance with their data protection rights.

Links to other websites

This privacy statement does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on other websites you visit.

11. Changes to this privacy statement

We keep our privacy statement under regular review.

Any changes we make to our privacy statement will be posted on this page. Please check back frequently to see any updates or changes to our privacy statement.

This privacy statement was drafted with brevity and clarity in mind. It does not describe all aspects of Nottinghamshire County Council’s collection and use of personal data. If you would like any additional information or explanation please contact the Data Protection Officer.

12. How each service uses and protects your information

Many of Nottinghamshire County Council ‘s services have their own privacy notices which provide you with more detailed information about how we use your personal data.  You can find some of these privacy notices at the links below:

This list is not exhaustive and will be updated from time to time. You should contact the County Council to check for privacy notices that are relevant to the area you are interested in.

13. Where can I get advice or make a complaint?

If you have questions about this privacy statement or about how we use your personal data, you can contact the County Council’s Data Protection Officer (DPO) at:

Data Protection Officer
Nottinghamshire County Council
County Hall
West Bridgford
telephone: 0115 8043800

You can seek advice and have the right to make a complaint to the Information Commissioner’s Office. The ICO is an independent body set up to uphold information rights in the UK. You can contact them through the Information Commissioners Office website, their helpline on 0303 123 1113, or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane

Share this page?