Corporate Privacy Notice
West Lancashire Borough Council (WLBC) collects personal information in a variety of ways
eg via paper or online forms, by telephone or in face to face meetings, by email and letters.
We also record images of people through CCTV.
This information may have been provided directly by you, your representative, a member of
staff or by another organisation where there is a legal reason for them to share your
information with us.
We process personal data to provide public services.
Personal data is information about living identifiable individuals. It can be a name, address,
contact details, photograph, sound recording; it can be details of someone’s behaviour,
lifestyle, physical or mental health needs; it can be a unique number, such as a vehicle
registration plate, National Insurance number, etc.
We decide what personal data we need and how to use it, so we are a Data Controller and
registered as such on the Information Commissioner’s Register of Data Controllers.
When we collect personal data, we are required to make sure you are clear what data we
need and why, what we intend to do with it, what your individual rights are, and who you
can contact for enquiries or concerns about the use of your personal data. This is called a
"Privacy Notice" and we can do this verbally or in writing.
We collect and use personal information to:
- provide, plan and manage our services
- carry out our regulatory, licensing and enforcement roles
- carry out any other tasks which we have to do by law
- make and take payments and grants and spot fraud
- listen to your ideas about our services
- tell you about our services
- evaluate and improve services
We might collect your personal data directly from yourself, from someone acting on your
behalf, or from another third party. We might collect this data in person, over the
telephone, in writing, or captured as an image, audio or film recording.
We can only use your personal data if we have a lawful basis for doing so. The lawful basis
will be recorded on the "Council’s Record of Processing Activity" (ROPA) and, where
appropriate, on relevant service area privacy notices.
If we rely on consent to process your data, you have the right to withdraw that consent at
any time. To withdraw consent, either contact the Service that you provided the consent to
or contact the information management team.
Sharing your information
We share personal data internally within the council and also with external third parties so
we can carry out our work. Internal sharing might include checking your eligibility for a
service or keeping accurate records, whereas external sharing might be to ensure you
receive the right service (eg social care support).
Who we share information with depends on the service we are providing and your
circumstances, but may include:
- healthcare, social and welfare organisations and professionals
- providers of goods and services
- financial organisations, including debt collection, tracing and credit referencing agencies
- elected members
- local and central government
- ombudsman and regulatory authorities
- professional advisors and consultants
- police forces, other law enforcement and prosecuting authorities
- voluntary and charitable organisations
- Disclosure and Barring Service
- Courts and Tribunals
- utilities providers
When personal data is shared, only the minimum amount is shared and relevant contracts
and / or agreements will be in place.
Fraud prevention and detection
We are required by law to protect the use of public funds and for this reason we share
information with internal services and other bodies responsible for auditing or
administering of public funds to detect and prevent fraud. This sharing includes, but is not
exclusive to the Council’s external auditor, Department for Work and Pensions, other local
authorities, HM Revenue and Customs, the Police, credit reference agencies.
We also share personal data as part of the Governments "National Fraud Initiative". This is a
national data matching exercise, which takes electronic data from the private and public
sectors to identify potential fraudulent claims and payments.
The Cabinet Office stipulates the data that they need and subsequently provides us with
details of the cases where the matching indicates an inconsistency or potential for fraud, so
that we can investigate further. This data matching is carried out under the Local Audit and
Accountability Act (part 6, Schedule 9) and does not rely on your consent.
How long we keep information for
This varies depending on the type of information, as well as the legal requirements and
reason we are keeping the information. In some instances the law sets the length of time
information has to be kept. We also have retention and disposal schedules which give
details about how long we need to keep different types of information.
Your data rights
You have the following rights in regard to your personal information, to:
- access copies of any records we hold about you
- have any information we hold about you corrected
- have any information we hold about you deleted or destroyed
- restrict how information we hold about you can be used or shared
- object to information about you being held
- have any information we hold about you transferred to a third party
- challenge decisions relating to you made using automated decision making and profiling
(currently we have no services that use automated decision making or profiling for decision making)
Who to contact about the way your personal data is handled
If you have any queries, concerns or complaints about the way we process your personal
data, including the way we handle information requests, you can contact our Data
Protection Officer via email@example.com
If you are not satisfied with our response or believe we are not processing your personal
data in accordance with the law you have the right to contact the Information
Commissioner’s Office (ICO). For more information visit https://ico.org.uk