The Community Employment Service (CES) forms part of Milton Keynes Council. This privacy notice sets out how we deal with your personal information within this service.

This privacy notice should be considered alongside the council’s corporate privacy notice.

Who are we?

The Community Employment Service provides assistance to people of Milton Keynes; helping them into paid work, accessing training and qualifications, careers advice and volunteering/work experience opportunities.

Everything we do with information about people, such as how we collect it and who we share it with, has to comply with the Data Protection Act and the General Data Protection Regulation (GDPR) that came into force in May 2018.  A key part of this is being open about what personal information we hold about you, how we use it, who we share it with and how long we keep it for. You also need to know what rights you have in this respect.

What information do we hold?

Most of the information we hold starts as a result of:

• an individual directly contacting us wanting to use one of our services.
• another organisation, such as the Department of Work & Pensions, making a referral to us, generally on the individual’s behalf and with their knowledge.

We also sometimes hold some information about individuals that other organisations are required to provide to us. This may include organisations like the NHS or the police.  They will have their own privacy notices that explain what information they collect and who they share it with.

The CES may hold personal information like your name, address, phone number and email address. We may also hold sensitive personal data (referred to as special categories of data under GDPR) including information like your ethnicity, religion, sexual orientation, disabilities and medical conditions.

Why do we have it and what do we use it for?

We provide a wide range of statutory services. We are under legal obligations to provide many of these services and to deliver these we need to collect and use the personal information of those using or affected by these services.

Much of what we do is a result of legislation set nationally that requires us to provide various public services in Milton Keynes. In these cases, if you access a council service then the law that requires us to provide that service will be our legal basis for collecting and using your personal data, as we can’t provide you with the service without it.

In a small number of cases we will process personal data solely on the basis of consent, such as where you might opt in to receive email updates or marketing details about certain council services. This will be clearly explained when you sign-up to that service.

Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All our staff receive training on data protection and information security.

All of the personal information we hold is kept securely on our council servers. There is also no automatic decision-taking when your personal information is processed.

Who do we share information with and why?

We share information with a range of different types of people and organisations depending on the service being provided or the statutory requirement that we have to comply with. The types of recipients include:

• service users (and families where relevant)
• central and local government organisations
• our contractors: organisations that we commission to provide goods and services
• health and social care organisations and professionals (NHS bodies such as GPs, Milton Keynes Clinical Commissioning Group, Milton Keynes University Hospital)
• current, past and prospective employers
• councillors and political parties
• housing associations and landlords
• education establishments such as schools, colleges and early years settings
• examining bodies
• regulatory bodies, investigators and ombudsman (for example Ofsted, CQC, Local Government Ombudsman)
• law enforcement agencies, such as Thames Valley Police
• Bucks Fire and Rescue Services
• courts, tribunals and prisons
• legal representatives
• fraud prevention agencies
• debt collection agencies
• trade unions
• press and the media
• survey and research organisations

We participate in the Cabinet Office's National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.

How long do we keep hold of information?

We only keep information for as long as it is needed. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice.

Within our service, we keep the following information for the following periods:

• service user information (paper based) (3 years)
• service user information (digital based) (3 years)
• course attendee and sign-in registers (3 years)

What rights do you have?

You have various rights around the data we hold about you.

• Right of access (to receive a copy of your personal data)
• Right to rectification (to request data is corrected inaccurate)
• Right to erasure (to request that data is deleted)
• Right to restrict processing (to request we don’t use your data in a certain way)
• Right to data portability (in some cases, you can ask to receive a copy of your data in a commonly-used electronic format so that it can be given to someone else)
• Right to object (generally to make a complaint about any aspect of our use of your data)
• Right to have explained if there will be any automated decision-making, including profiling, based on your data and for the logic behind this to be explained to you.

Any such request can be submitted to the Data Protection Officer. Whether we can agree to your request will depend on the specific circumstances and if we cannot then we will explain the reasons why.

If we are processing your information based on you giving us consent to do so, you have the right to withdraw your consent at any time. Doing so may mean we are unable to provide the service you are hoping to receive and the implications of you giving or withdrawing your consent will be explained at the time.

If you are unhappy with any aspect of how your information has been collected and/or used, you can make a complaint to the Data Protection Officer. You can also report concerns to the national regulator, the Information Commissioner’s Office. Their details can be found on the ICO website.