This Privacy Notice is designed to help you understand how and why Selby District Council is processing your personal data in relation to Coronavirus (Covid-19). This notice should be read in conjunction with the Council’s Corporate Privacy Notice.
Who are we?
Selby District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR).
Selby District Council is a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004 and has statutory duties and responsibilities to fulfil as part of this.
The Council processes the data of service users in a variety of different ways, typically the Council will have a privacy notice for the specific team or area informing you of how and why this information is collected and processed. However, as this area of processing data is likely to change rapidly and affect various different services, the Council has one privacy notice for processing data related to Coronavirus (Covid-19). This should be read in conjunction with any other relevant privacy notices.
The Council has appointed Veritau Ltd to be its Data Protection Officer. Their contact details are: Information Governance Office, Veritau Ltd, County Hall, Racecourse Lane, Northallerton, DL7 8AL / DPO@selby.gov.uk / 01609 55 2848.
What Personal Data of mine do you collect?
The Council could collect:
• Contact details
• Address or other geographical marker
• Medical Information, age or any other personal information which would mark a vulnerability to the virus
• Recent history of contacts with other individuals or any other personal information which could help prevent or trace transmission of the virus
• Any other personal information which the Council is asked to be collected by the relevant health or government authorities to mitigate the risks associated with Coronavirus (Covid-19) this includes health risks, economic risks and social risks.
What is the purpose of collecting my Personal Data?
The Coronavirus (Covid-19) situation means that to fulfil these responsibilities, including statutory obligations, the Council may collect additional personal information where relevant to the prevention or mitigation of the impact, of the virus to comply with the CCA.
This information is collected so the Council can prioritise its services and enable it to plan and respond to the situation as it changes.
The Council may also be required to collect and process personal information to mitigate the other impacts of Coronavirus (Covid-19) such as economic or social impacts.
Who do you share this data with?
The Civil Contingencies Act places a duty on Category 1 responders to share information with Category 2 responders and other organisations in order to provide services in response to the pandemic. We may share information with others including, but not limited to, Category 1 and Category 2 responders, such as:
• Other Council services, public bodies and authorities including North Yorkshire County Council and other District Councils within North Yorkshire
• Central Government
• Emergency services
• NHS agencies
• Healthcare organisations
• Utility companies
• Voluntary organisations
How long do you keep this data for?
Information will be kept for as long as necessary for the purposes for which it is processed. The Council will destroy or archive information when the risks from Coronavirus (Covid-19) have been appropriately reduced.
What is your legal basis for processing this data?
The legal basis the Council relies on will be determined by the specific process. However it is likely that the Council will process this personal data under the legal basis of:
• Article 6(1)(c) - Legal Obligation and;
• Article 6(1)(e) - Public Task.
• Article 6(1)(d) - Vital Interest of the data subject and other people
Some of the personal data processed by the Council will be information defined as Special Category Data. In order to lawfully process this type of information, the Council will rely on the following Article 9 conditions:
• Article 9(2)(g) - Reasons of substantial public interest (with a basis in law)
• Article 9(2)(c) - Vital Interest of the data subject where they are physically or legally unable to give consent.
The legislations, policies and guidance that underpin this processing include, but are not limited to:
• Civil Contingencies Act (CCA) 2004 and Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005
• The Local Government Act 1972
• The Local Government Act 2000
Changes to this Privacy Notice
This privacy notice will undergo regular review as the situation evolves. If any changes are made, we will publish the updated version here.
For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.