Milton Keynes Council Corporate Privacy Notice
Everything we do with information about people, such as how we collect it and who we share it with, has to comply with the Data Protection Act and the General Data Protection Regulation (GDPR). A key part of this is being open about how we use information and what rights you have in respect of information we hold about you.
This notice sets out the broad information for the Council as a whole. Some services will tell you more about how they use your information as part of you deciding to access that service.
If anything in this notice is not clear, or if you have further queries, please get in contact with the Data Protection Officer using the details at the end.
We collect information about people who live in Milton Keynes as well as people outside the county who use services that we provide. What information we collect varies according the services people receive.
Most of the information we hold starts as a result of:
- An individual directly contacting us wanting to use one of our services.
- Another organisation, such as an NHS body, making a referral to us, generally on the individual’s behalf and with their knowledge.
We also hold some information about individuals that other organisations are required to provide to us as the Council in Milton Keynes. Primarily this involves early years settings and schools in the authority providing us with core information about the children attending their establishments. Schools and early years settings should provide you with their own privacy notices that will explain what information they collect and who they share it with. Back to Top
We provide a wide range of statutory services. We are under legal obligations to provide many of these services and to deliver these we need to collect and use personal information of those using or affected by these services
Much of what we do is a result of legislation set nationally that requires us to provide various public services in Milton Keynes. In such cases, if you access a council service then the law that requires us to provide that service will be our legal basis for collecting and using your personal data, as we can’t provide you with the service without it.
In a small number of cases we will process personal data solely on the basis of consent, such as where you might opt in to receive email updates or marketing details about certain council services. This will be clearly explained when you sign-up to that service.
We also collect and use information to support the local democratic process (administration of council meetings etc) and as part of research to support the delivery and development of our statutory functions as set out above. Additionally, we collect and use information in line with our requirements as an employer (recruitment, personnel information, payroll and pensions etc).
Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All staff and councillors receive training on data protection and information security. Back to Top
We share information with a range of different types of people and organisations depending on the service being provided or the statutory requirement that we have to comply with. The types of recipients include:
- Service users (and families where relevant)
- Local government organisations
- Central government departments
- Our contractors: organisations that we commission to provide goods and services
- Law enforcement agencies, such as Thames Valley Police
- Bucks Fire and Rescue Services
- Health and social care organisations and professionals (NHS bodies such as GPs, Milton Keynes Clinical Commissioning Group, Milton Keynes University Hospital)
- Education establishments such as schools, colleges and early years settings
- Examining bodies
- Regulatory bodies, investigators and ombudsman (for example Ofsted, CQC, Local Govt Ombudsman)
- Courts, tribunals and prisons
- Legal representatives
- Fraud prevention agencies
- Debt collection agencies
- Current, past and prospective employers
- Trade unions
- Press and the media
- Councillors and political parties
- Housing associations and landlords
- Survey and research organisations
We participate in the Cabinet Office's National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
We will give a Milton Keynes Councillor personal data about you if you ask us to or if he/she reasonably needs it to carry out his/her duties, but the Councillor must not use it for other purposes. Back to Top
We only keep information for as long as it is needed. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice. This is set out in our retention schedule. Back to Top
You have various rights around the data we hold about you.
- Right of access (to receive a copy of your personal data)
- Right to rectification (to request data is corrected inaccurate)
- Right to erasure (to request that data is deleted)
- Right to restrict processing (to request we don’t use your data in a certain way)
- Right to data portability (in some cases, you can ask to receive a copy of your data in a commonly-used electronic format so that it can be given to someone else)
- Right to object (generally to make a complaint about any aspect of our use of your data)
- Right to have explained if there will be any automated decision-making, including profiling, based on your data and for the logic behind this to be explained to you.
Any such request can be submitted to the Data Protection Officer. Whether we can agree to your request will depend on the specific circumstances and if we cannot then we will explain the reasons why.
If we are processing your information based on you giving us consent to do so, you have the right to withdraw your consent at any time. Doing so may mean we are unable to provide the service you are hoping to receive and the implications of you giving or withdrawing your consent will be explained at the time.
If you are unhappy with any aspect of how your information has been collected and/or used, you can make a complaint to the Data Protection Officer. You can also report concerns to the national regulator, the Information Commissioner’s Office. Their details can be found on their website:
Last Updated: 16 July 2018