The way we collect, store and process your personal information is governed by data protection legislation. The council is the controller for the personal information we process, unless otherwise stated. What personal information does the council process? Personal information To provide you with support and services, we need to collect and process information about you. This is your personal information. Personal information is information that relates to a living person, who can be directly or indirectly identified from the data in question or together with other information – and this information must relate to an individual in order to be identified as personal information. For example, this can include: Your name Location Date of birth Age Gender Address Postcode National Health Service Number Special category personal information Some information is more sensitive and needs more protection due to its sensitivity. It is often information you would not want widely known and is personal to you. This is likely to include anything that can reveal your: Sexuality and sexual health Religious or philosophical beliefs Ethnicity Physical or mental health Trade union membership Political opinion Genetic/biometric data Criminal history Information is collected from you when you contact council services, or from someone who is concerned about you, or from partner organisations or other agencies. The information we collect is limited to what is necessary in order to provide you with services and/or support. In some circumstances where it is optional for you to provide certain information, this will be explained to you. Why are we able to process your personal information The law expects us to define what data we will process and why we will process it before we can use your data for any purpose. We cannot process your data unless a lawful basis has been identified. There are six lawful basis that the council can rely on: Legal obligation – we need to process your information to comply with the law Public task – we need to process your information to provide you with certain council services Contract – we need to process your information as part of a contract Vital interest – we need to process your information to protect someone’s life in an emergency Consent – we need your permission to use your personal data Legitimate interest – we need to process this information for legitimate interests e.g when we investigate for fraud, for employment purposes, or when we hold festivals and publish photos of crowds. Where the Council is relying on your consent to process your personal data, you have the right to withdraw your consent at any time. If you are unsure how to withdraw your consent please contact the Data Protection Officer at firstname.lastname@example.org You do not have the right to withdraw consent if the Council is not relying on your consent to process your data. For what purpose does the council process your personal data? Your personal data is processed to enable the council and the organisations we work with to provide a range of services to fulfil our duties - in the most effective and efficient way, for example: We process data on individuals and families in order to provide support and services We process data to maintain accounts and records to improve administrative processes such as assessment of benefits and collection of council tax We also sometimes process your information for data analytics at individual and population level in a way which protects your privacy. This means we use the data we process, at individual level to better understand your needs and to provide support. At population level, we use data to identify patterns in the wider population, this helps us to better design, deliver and commission more targeted services which data shows is better for our local population We also process data to keep Barking and Dagenham safe – such as the use of CCTV for the prevention and detection of crime, and where necessary, the prosecution of individuals We may need to process your data for other reasons, for more information please refer to the individual service privacy notices available on the council's website Who do we share your information with? In order to deliver services, it may be necessary to share your personal information. This could be with internal council services or with other organisations we are working with, in order to provide you or the wider Barking and Dagenham community with the right support. Any sharing of personal information is governed by GDPR and we have established processes for complying, including ensuring the data is shared and used as defined and agreed for a specific reason, for a specific period of time. This is a critical way of ensuring we are sharing appropriately. When we work with external organisations, we will ensure each organisation sets out how it will comply with data protection requirements. We only share when it is necessary to do so, and any sharing is kept to a minimum. If we share your personal information for research purposes, your information will be used in ways that does not identify you, e.g. anonymised – where your name or identifying details are removed or pseudonymised meaning your name or identifying details are replaced with a key. The research produced using your data is only shared in a format that still protects the individuals data – we will only share research at population level, unless you have agreed that your personal information can be used in a format that does allow you to be identified. We may also share personal information when we feel there’s a good reason that’s more important than protecting someone’s privacy. This doesn’t happen often, but we may share your information: In order to detect and prevent crime and fraud, or if there are serious risks to the public, our staff or to other professionals To protect a child; or To protect adults who are thought to be at risk, for example, if they are frail, confused or cannot understand what is happening to them If we’re worried about your safety or the safety of others, In the rare event that we consider the risk so great, we may need to share information straight away. We will not share your data with organisations outside the United Kingdom, unless we are required by other UK or European law for safety and security reasons We will never share your data for commercial reasons – we will never sell your data How does the council protect your information? We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include: Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what is called a ‘cypher’. The hidden information is said to then be ‘encrypted’ Pseudonymisation, meaning that we’ll use a different name or key so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it Data stewardship is a way for us to be clear about who is responsible for what data and sets out clearly who has access to the data – limiting access to only those who need it to carry out our duties All our staff undertake annual mandatory data protection training. Training our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong Regular testing of our technology and ways of working including keeping up to date on the latest security updates Our policies and procedures on records management and personal data. How long does the council retain and process your data? GDPR states that we can only retain personal data for as long as we are legally allowed. We will always retain data under a specific lawful basis. There are different retention periods for different information. The retention and disposal policy is explained in the Barking and Dagenham Council Records Management Policy. If the council is processing your data, what are your rights? GDPR sets out the rights you have if an organisation is using your information – this is known as individual rights. Your rights are set out below and can be exercised by you emailing the Data Protection Officer on the details below unless otherwise stated. Right to be informed This general privacy notice is an example of how we keep you informed. Right of access You can request a copy of the information that we hold about you. This is referred to as a Subject Access Request and more information is available in our Subject Access Request Policy: Subject Access Request Policy (PDF, 214KB) Right of rectification If you think that some information we hold about you is inaccurate or incomplete, you have the right to request that this be corrected. Right to erasure In certain circumstances, you can ask for us to erase any personal information we hold on you. Right of portability You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This only applies to personal information we process where consent is the lawful basis, or for the performance of a contract, and the processing of your information is automated (does not include information held on paper). Right to restrict processing In certain circumstances you may have the right to request that we limit the way we use your data. Right to object You have the right to challenge certain types of processing. The right to object only applies in certain circumstances and depends on the lawful basis for processing. You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes. Rights related to automated decision-making including profiling This provides a right not to be subject to a decision based solely on automated processing, including profiling, which has a legal or similarly significant effect on you. How to lodge a complaint If you have a complaint regarding the processing of your personal information then please contact the Council’s Data Protection Officer at email@example.com. You also have the right to lodge a complaint with the supervising authority, the Information Commissioner’s Office (ICO), at any time. Should you wish to exercise that right the full details are available at https://ico.org.uk/make-a-complaint/. Why does the council use data analytics and how does it do this? In order to improve the services we provide to residents, we use your information in different ways, this is known as data analytics. We bring together information from a range of services and sometimes partner organisations to understand more about the needs of those living in the borough. We may bring together your information from the services with which you engage to create a ‘single view’ of you and/or your family – on one system. This helps to save frontline professionals time (they do not need to look in different systems to understand your circumstances) and you do not have to explain your circumstances repeatedly – it helps us to better understand your specific needs to ensure we are supporting you in the right way. We also use data to identify households that are becoming more vulnerable, so we can help at an earlier stage. The law places a duty on councils to find ways to prevent people’s needs from getting worse by identifying and supporting earlier. When data is used to prevent circumstances from getting difficult, it is commonly known as predictive analytics. Predictive analytics is used in a limited number of ways by the council. For example, by using data we can better understand the circumstances that lead to someone becoming homeless because of debt. In this way we can proactively offer help and support to address debt problems before there is a risk of homelessness. Data from the following 5 services areas are brought together to form a ‘single view’ of a person, or a household to support specific needs at an earlier stage: Revenues and Benefits: Council Tax; Housing Benefit; Free School Meals Housing: Homes and Money Hub; Tenancy Sustainment; Accommodation and Temporary Accommodation; Homelessness Prevention; Social Housing Register / Single Point of Access. Adult’s Care and Support: Adults: Intake team, Extended Intake team and Locality teams Children’s Care and Support: Early Help; Multi-Agency Safeguarding Hub; Extended Intake Team COVID-19 related: Shielding list Although this information is available to all the above services, specific access permissions are in place for different roles. This means that council staff can only see the information that is relevant for them to do their job. Sometimes we use your data to inform policy development, service design, commissioning and to monitor how our services are performing to help shape improvements. In order to protect your individual privacy, unless there is a legal reason to do otherwise, data analytics are only undertaken using anonymised (where your name or identifying details are removed) or pseudonymised data (where your name or identifying details are replaced with a key). All data sharing and data analytics including predictive analytics is carried out in line with data protection legislation. What data does the council use for predictive analytics? What is predictive analytics? Predictive analytics is a set of statistical techniques including data mining and predictive modelling that uses current and historical information to make predictions about future or otherwise unknown events. We use predictive analytics by bringing together your information from the services with which you engage to create a ‘single view’ of you and/or your family – on one system. We do this to identify households that are becoming more vulnerable, so we can help at an earlier stage. The law places a duty on councils to find ways to prevent people’s needs from getting worse by identifying and supporting earlier. Predictive analytics is used in a limited number of ways by the council, but we mainly use it to prevent circumstances from getting more difficult for our residents. For example, by using data we can better understand the circumstances that lead to someone becoming homeless because of debt. In this way we can proactively offer help and support to address debt problems before there is a risk of homelessness. This technique also helps to save frontline professionals time (they do not need to look in different systems to understand your circumstances) and you do not have to explain your circumstances repeatedly – it helps us to better understand your specific needs to ensure we are supporting you in the right way. What data do we use? Data from the following services is brought together to form a ‘single view’ of a person, or a household which we use to support our resident’s needs at an earlier stage: Revenues and Benefits: Council Tax; Housing Benefit; Free School Meals and Debt Housing: Homes and Money Hub; Tenancy Sustainment; Accommodation and Temporary Accommodation; Homelessness Prevention; Social Housing Register / Single Point of Access Adult’s Care and Support: Adults: Intake team, Extended Intake team and Locality teams Children’s Care and Support: Early Help; Multi-Agency Safeguarding Hub; Extended Intake Team For each of these four service areas we generally use the following data fields: Name and personal details Address and property details Case related information No decisions about an individual are solely made based on characteristics protected under the Equalities Act 2010. In many cases we do not collect this information. Where used, protected characteristics may be used to monitor inequalities to prevent bias and discrimination Although this information is available to all the above services, specific access permissions are in place for different roles. This means that council staff can only see the information that is relevant for them to do their job. Cookies To make this website easier to use, we sometimes place small text files on your device (for example your smartphone, iPad or laptop) called cookies. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site. Unless the law allows us to, we do not: share any of the data we collect about you with others, or use this data to identify individuals Analytics We use Siteimprove Analytics to collect anonymised information about how you use this site. We do this to make sure it’s meeting your needs and to understand how we can make the website work better. We use Siteimprove to track: what pages you visit how long you use the site how you got to the site and what links you clicked on We don’t allow Siteimprove to share this data with anyone else. We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are. Other website’s cookies We use videos from YouTube and Vimeo and feeds from other websites such as Facebook and Twitter. These websites place cookies on your device when watching or viewing these pages. Further guidance on the use of personal information is available from the Information Commissioner’s Office (ICO). How to change cookie settings We recommend that you allow the cookies we set by this website as they help us provide a better service. You can change your cookie preferences on this site at any time by clicking on the ‘C’ icon at the bottom of the screen. You can then adjust the available sliders to ‘On’ or ‘Off’, then click on the X to close the window. If you click the 'Accept recommended settings' button it will switch on the use of analytical and marketing cookies. You may need to refresh your page for your settings to take effect. Alternatively, most web browsers allow some control of most cookies through the browser settings. Find out how to manage cookies on popular browsers: Google Chrome Microsoft Edge Mozilla Firefox Microsoft Internet Explorer Opera Apple Safari To find information relating to other browsers, visit the browser developer's website. To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt-out browser add-on. Turning off cookies You can use your web browser to delete or block cookies and clear all cookies when you close your browser. You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. Please be aware our website may not function properly without accepting cookies, by turning them off or deleting them functionality will be lost. Should you wish to delete them after your session, the browser you have used will be capable of deleting any stored cookies. Further information on deleting and controlling cookies: AboutCookies.org Allaboutcookies.org Anonymous browsing You can also chose to open a ‘private’ or ‘incognito’ browser session, which allows you to browse the internet without storing local data. If you wish to anonymously browse our website please use a browser which supports this function, but remember, if you do not accept cookies your browsing experience will be poor and you may not be able to use the full functionality of the site. Cookies we use on our website The table below explains the cookies we use on our website and why. Cookie Name Purpose Expiry period Civic UK HACIVIC Used by the server’s load balancer to identify the server that is active for your request on Civic's cluster. Its purpose is to improve the performance of the website. This is an essential cookie to the operation of the site that is always set by the load balancer and does not store any personal information. Session. Civic UK nmstat Used to help record visitors' use of the website. It is used to collect statistics about site usage such as when the visitor last visited the site. Persistent. 50 years. Siteimprove nmstat Used to collect statistics about site usage such as when the visitor last visited the site. This information is then used to improve the user experience on the website. This cookie contains a randomly generated ID used to recognise the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics. Persistent. 50 years. Siteimprove AWSELB Used to distribute traffic to the website on several servers to optimise response times. Session. Siteimprove siteimproveses Used purely to track the sequence of pages a visitor looks at during a visit to the site. This information can be used to create User Journeys and enable visitors to find relevant information more quickly. Session. Siteimprove __cfduid Set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. Persistent. 1 month. My B&D MyB&DIdentificationBarking Used when you are logged into the My B&D service. Persistent. 20 years. My B&D sid Session cookie set after user logs in the My B&D service. Session. Icasework data protection management CookiesSupported We use iCasework as part of our complaints, feedback and freedom of information requests. Checks whether cookies are supported or allowed in your browser. Session. Icasework data protection management AWSALB We use iCasework as part of our complaints, feedback and freedom of information requests. Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience. Persistent. 7 days. Icasework data protection management JSESSIONID We use iCasework as part of our complaints, feedback and freedom of information requests. Preserves user state across page requests. Session. Icasework data protection management AWSALBCORS We use iCasework as part of our complaints, feedback and freedom of information requests. Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience. Persistent. 7 days. New Relic JSESSIONID JSESSIONID is a cookie in J2EE web applications which is used in session tracking. Session. Incapsula visid_incap_913011 An essential third party cookie used to improve the security of the website. Appears on a page with content inserted from an external website. Persistent. 1 year. Incapsula incap_ses_459_913011 An essential third party cookie used to improve the security of the website. Appears on a page with content inserted from an external website. Session. Vimeo vuid We embed videos from Vimeo. When you press play Vimeo will drop third party cookies to enable the the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals. Persistent. 2 years. Youtube YSC We embed videos from YouTube. Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session. Youtube VISITOR_INFO1_LIVE We embed videos from YouTube. Tries to estimate the users' bandwidth on pages with integrated YouTube videos. Persistent. 6 months. Youtube GPS We embed videos from YouTube. Registers a unique ID on mobile devices to enable tracking based on geographical GPS location. Persistent. 30 minutes. Youtube test_cookie We embed videos from YouTube Used to check if the user's browser supports cookies.. Persistent. 15 minutes. Google DoubleClick IDE We embed videos from YouTube. Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Persistent. 1 year. Google Analytics tableau_locale Used to help record visitors' use of the website. It is used to collect statistics about site usage. Appears on a page with content inserted from an external website. Session. Google Analytics tableau_public_negotiated_locale Used to help record visitors' use of the website. It is used to collect statistics about site usage. Appears on a page with content inserted from an external website. Session. Google Analytics _ga Used to help record visitors' use of the website. It is used to collect statistics about site usage. Appears on a page with content inserted from an external website. Persistent. 2 years. Google Analytics _gat_UA-625217-47 Used to limit the amount of data recorded by Google on high traffic volume websites. Appears on a page with content inserted from an external website. Persistent. 1 minute. Google Analytics _gid Used to help record visitors' use of the website. It is used to collect statistics about site usage. Used to group user behaviour together for each user. Appears on a page with content inserted from an external website. Persistent. 1 day. Google Analytics _gat_UA-625217-22 Used to limit the amount of data recorded by Google on high traffic volume websites. Appears on a page with content inserted from an external website. Persistent. 1 minute. Tag Manager analytics This cookie is set up after user provides explicit consent to the use of analytics cookies. It stores user's preferences regarding cookies. Tag Manager marketing This cookie is set up after user provides explicit consent to the use of marketing cookies. It stores user's preferences regarding cookies. Page Tiger PTIDEVICE Appears on a page with brochure content inserted from an external website. Persistent. 10 years. Facebook fr Used by Facebook to on pages where we feature a button to share the content on Facebook. Persistent. 3 months. Twitter lang Session Contact us Barking and Dagenham Council, Barking Town Hall, Town Hall Square, Barking, IG11 7LU Data protection Officer: Kim Starbuck firstname.lastname@example.org Data protection is regulated by the Information Commissioners Office.