Welcome to your new East Suffolk Council website
Should you have any issues or feedback about the new site, please let us know at web@eastsuffolk.gov.uk.
UK GDPR privacy notices - Customer Services Privacy Notice
Introduction
Customer Services have provided this privacy notice to help you understand how we collect, use and protect your information whilst we provide you with a first point of contact customer service. This includes case information gathering, signposting and the directing of information to best resolve your enquiry in the most efficient manner.
The document below will describe how we may collect and process your personal information.
The purpose of this document is to clearly acknowledge the council’s responsibilities in relation to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Definitions
Personal data means any information related to an identified or identifiable natural (living) person (‘data subject’) i.e. a person that can be directly or indirectly identified by reference to a name, ID reference number, email address, location data, or physical, physiological, genetic, mental, economic, cultural or societal identifier.
Special personal data, previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation. Records of criminal personal data must also be treated in a similar way.
Data Controller determines the purposes and means of processing personal data.
Data Processor is responsible for any operation which is performed on personal data on behalf of the controller, e.g. collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.
Third Party is someone/somebody who is not the Data Controller, the Data Processor or the Data Subject.
Who we are
The Customer Service Team is the first point of contact for East Suffolk Council and is responsible for the day to day use and maintenance of the corporate CRM (Customer Relationship Management).
The council is the ‘data controller’ for the information which is collated and processed. This means we are responsible for deciding how we can use your Page | 2 information. If you want more information regarding the services delivered, please go to our website.
The council regards lawful and correct treatment of personal information as critical to their successful operations, maintaining confidence between the council and those with whom they carry out business. The Council will ensure that they treat personal information correctly in accordance with the law.
Customer Services provide a link for the customer to the council’s statutory, discretionary and contractual services, by providing the correct department within the council with only essential customer data to allow them to carry out a customer service request.
The Data Protection Officer for ESC is Siobhan Martin, Head of Internal Audit, and can be contacted at dataprotection@eastsuffolk.gov.uk.
How the law protects you
UK GDPR says that we are allowed to use personal information only if we have a proper reason to do so. More information on how the law protects you can be found on the East Suffolk website.
Our responsibilities
UK GDPR provides us with main responsibilities for processing personal data. All personal information provided by you is held securely and in confidence by us in our computerised and other records. When we process your personal information, we do so in compliance with UK GDPR. For further information on our responsibilities, please see our website.
Your rights
The UK GDPR and DPA 2018 provide you with the following rights:
- The right to be informed: You have the right to be informed about the collection and use of your personal data, and this is outlined in this privacy notice.
- The right of access: You have the right to request access to the personal data we may hold about you. This is undertaken using a Subject Access Request.
- The right to rectification: You have the right to request that inaccurate personal data we hold is rectified.
- The right to erasure: In certain circumstances, you have ‘the right to be forgotten’ and have your personal data erased.
- The right to restrict processing: In certain circumstances, you have the right to request the restriction or suppression of your personal data.
- The right to data portability: In certain circumstances, you have the right to request to obtain your own personal data for your own use or to give to other organisations.
- The right to object: In certain circumstances, you have the right to object to your personal data being collated, stored and processed.
- Rights in relation to automated decision making and profiling: You have the right to request that we do not make our decisions based on solely an automated process, and you can object to an automated decision and ask that a person reviews it in certain circumstances.
- The right to withdraw consent: In our discretionary service provisions, you have the right to withdraw your consent at any time.
- The right to complain: You have the right to complain through our complaints procedure, and then to the Information Commissioner. Any requests in relation to your rights with regard to the personal data we hold should be made verbally or in writing to the Data Protection Officer. For further information on your rights, please see the ICO website.
Your responsibilities
You are responsible for making sure you give us accurate and up to date information, and to let us know if any personal information we hold is incorrect.
When do we collect information about you?
We collect information about you from different places, including:
- Directly from you
- E-mail enquiries to our Customer Services and complaints mailboxes
- F.O.I enquiries
- From contact with our call centre
- Face to face contacts at our Customer Reception points
- Form submissions via ‘My East Suffolk’ accounts
- Written contact
- From third party companies to provide digital support
- Enquiries/reports received from Fix My Street
What information do we maintain?
The information about you which we will maintain will include:
- Name – First name and Surname
- Address
- E-mail address
- Telephone number/mobile number
- Additional names(if appropriate)
- Customer contact creation date
- Customer case history up to 2 years
- Customer case history relating to financial transactions up to 5 years.
- Customers preferred contact method
- Customer notes – Important information relating to any of the following: cautionary contacts, information that will assist another Customer Services Assistants to resolve the customer query more efficiently pertaining to the original enquiry
- Customer date of birth
- Health data such a disability data, with your consent, to enable Customer Services Advisors to provide appropriate/tailored support to Customers
- Payment information such as bank details and or debit or credit card details.
How do we use your information?
We will be using your information to:
- Create a customer account on the council’s CRM system.
- Monitor, record, store and use call recordings with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer services.
- Verify identity for security purposes.
- Refer queries and requests to other council departments.
- Respond to queries, feed-back, compliments and complaints.
- Analysis of our complaints, compliments and customer feedback.
- Provide digital support such as accessing websites and completing eforms.
- Prevent and reduce serious violent crime.
We will not use your personal data for other purposes other than for what it was collated unless we have obtained your consent or for other lawful purposes (e.g. detection and prevention of fraud). In Customer Services we do not use automated decision making.
How long do we keep your information?
We will hold your personal information for 3-5 years as per the Council’s retention policy or if your customer account remains inactive for a period of 2 years. Call recordings will be held for 12 months unless there is a live complaint in which case it will be held until the complaint has been resolved. For the Customer SELF service account, the customer is responsible for the maintaining and deletion of this account. You can request that your personal information is deleted at any time. You can request that your information is anonymised at any time.
Data sharing
We will share your personal information with:
- East Suffolk Services Limited for services they provide on the council’s behalf.
- Anglia Revenues Partnership for services they provide on the council’s behalf.
- With contractors for the purposes of data analysis.
- Your information will also be shared with Granicus as our system supplier. Granicus Service Subscriber Privacy Policy
- Your information will be shared with our payment processor i.e. when we take payment from you for services such as garden waste.
- Third party representatives for the purposes of obtaining one-time individual feedback. This is a consent-based service and is entirely at your discretion.
- Relevant parties such as other local luthority’s and Police as part of our duty to assist with Domestic Homicide Reviews.
- Suffolk Office of Data and Analytics for the prevention and reduction of serious violent crime.
To ensure we deliver our statutory obligations, we will share information, where applicable, with the Suffolk Office of Data and Analytics for analytical purposes to support us in meeting our statutory functions.
Transferring your information overseas
Currently, we do not transfer any personal information outside of the European Economic Area (EEA).
National Fraud Initiative (NFI)
We may share information provided to us with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. For further information, see the East Suffolk website.