Privacy Notice

You are here

Ipswich Borough Council is a controller of personal data.  We are registered with the Information Commissioners Office and our registered number is Z649690X.  We have a Data Protection Officer who works with us to make sure we process personal information only in the way the General Data Protection Regulation and the Data Protection Act 2018 say that we should.

What is personal information?

Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details. 

Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your: 

  • sexuality and sexual health
  • religious or philosophical beliefs
  • ethnicity
  • physical or mental health
  • trade union membership
  • political opinion
  • genetic/biometric data
  • criminal history

Why we need to use your personal information

The Council may need to use some information about you.  For example:

  • to maintain our accounts and records
  • to manage our property and housing
  • to provide leisure and cultural services
  • to carry out surveys
  • to collect taxes and pay benefits
  • licensing and other regulatory activities
  • protecting public money by taking part in local, regional and national fraud initiatives
  • crime prevention including the use of CCTV
  • to provide services to our residents and visitors
  • to support and manage our employees
  • to manage archived records for historical and research purposes

The legal basis for processing your personal information

Generally, we collect and use personal information where:

  • it is necessary to perform our statutory duties
  • you have entered into a contract with us
  • it is required by law
  • it is necessary for employment purposes
  • it is necessary for legal cases
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • you, or your legal representative, have given consent
  • it is necessary to protect someone in an emergency

We will only collect and process the information that we need.

How long we keep your data for

We will only keep your information for as long as it is required by us in order to comply with legal and regulatory requirements or for other operational reasons. The retention period is either dictated by law or by our discretion and is documented in our retention schedule. Once your information is no longer needed it will be securely and confidentially destroyed.

For privacy notices relating to specific services please see Ipswich Borough Council Services - Privacy Notices

Why we share data and who we share it with

We use a number of commercial companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisations comply with data protection law.

Organisations that we may share your information with include; Councillors, MPs, The Cabinet Office, The Department for Work and Pensions, other local Councils, Her Majesty’s Revenues and Customs, the Police, the Fire Service, the Ambulance Service, Health & Social Care providers and agencies, the Housing Ombudsman, credit reference agencies, service providers and contractors and partner agencies/bodies.

We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:

When using personal data for research purposes, the data will be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data in this way.

We do not sell personal information to any other organisations for the purposes of direct marketing. 

Joined up services - sharing basic details across council services

The Council is serious about delivering accessible, appropriate, timely and effective services and it is important that it can properly coordinate what it does for your benefit. To achieve this, it aims to improve its centralised customer database so that it acts as a hub for all services. This means, for example, that the system can report any change of address to all the services that use the database, so you won't have to repeat it every time you contact the Council.

Over time the Council's aim is to ensure that it has one master record containing your basic details, together with information about the nature of your transactions. The database is not designed to provide specific details of the services you have received but rather to ensure that the Council is not asking you to repeat basic information for each service you require. It will also help the Council to tailor services to meet your needs and ensure that your requests are being dealt with effectively and help to prevent them getting lost in the system.

You will always have the right to opt out of this or any other data sharing initiatives. However, remember that the Council is only collecting the data for the purpose of improving the services on offer to you. It will not use your information for other purposes without your permission and will certainly not supply it for third party marketing purposes.

Sharing information with other councils, community partners and other agencies

The Council has a responsibility to promote social wellbeing and to work with other councils and community partners such as Suffolk County Council, neighbouring district councils, the Police, the Fire & Rescue Service, the voluntary services and the Health Service in order to preserve life, reduce accidents, reduce crime and improve health. The Council may need to share your personal and sensitive information with these other councils and partners.

If the Council needs to share your sensitive personal data with a third party, it will only do so once it has obtained your consent and in all circumstances the Council will be open and informative about why the sharing is necessary and whom it will be shared with. Wherever possible your consent will be secured at the time the information is collected, for example, on the application forms for council services.

You need to be aware that the Council is periodically required to share your information with other agencies to help reduce crime or investigate fraud. An example of this is in reducing Housing Benefit fraud and involves the Council sharing Council Tax, Housing Benefit, Electoral Registration and other licensing and registration data to ensure that claimants are not claiming illegally. This is done under the direction and security of a National Government Agency known as The Cabinet Office. The shared data is not used for any other purpose.

The need to share this information for promoting social wellbeing will only be for the Council's legitimate business purposes and community projects where the balance of benefit to you and the community far outweighs the remote possibility that you or any other individual could suffer any detriment.

The likelihood of any such detriment will also be further reduced by strict data sharing protocols between the Council and partners and tight security in terms of the transfer of information. Access to your sensitive personal information will also be restricted to authorised individuals only and strictly on a 'need to know' basis.

Cookies Policy

For more information about how we use cookies, please visit www.ipswich.gov.uk/cookies-policy

How we protect your information

We’ll take all possible steps to protect the information we hold about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:

  • Secure emails: Use of secure email networks to ensure that sensitive information is safely shared.
  • Pseudonymisation: Meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without knowing it was you.
  • Controlling access to systems and networks: Allows us to prevent people not permitted to view your personal information from gaining access to it.
  • Staff Training: Allows us to make all our staff aware of how to handle information and how to report incidents or issues regarding the use of information.
  • Regular testing of our IT systems: and ways of working, including keeping up to date on the latest security updates and training all our staff on protecting and using information securely.

Your rights

Data Protection law gives you a number of legal rights. These are:

  • The right of access:  You can ask the Council for a copy of the personal information it holds or processes relating to you. We should provide the information within 1 month.  If there is a great deal of information or it is difficult to identify and retrieve, then we can ask for a time extension.
  • The right to rectification: Everyone is entitled to have their own personal data rectified / changed if it is inaccurate or incomplete.  If an organisation has shared the personal data in question with anyone else, then it must also take all reasonable steps to inform them of the change.  You will be asked to provide evidence of your identity and the correction so that the organisation can ensure your privacy rights are protected.
  • The right to erasure: The right to erasure can sometimes be referred to as ‘the right to be forgotten’.  However, this is not an absolute right.  You can only request the deletion or removal of personal data where there is no compelling reason for an organisation to keep it.  Where the organisation has a statutory obligation or a legally justifiable reason to keep the information they must let you know.
  • The right to restrict processing: In some circumstances you have a right to restrict what processing an organisation carries out or ask that they stop processing your personal data.  When processing is restricted, the organisation may continue to store your data but not to process it further.  However, this right cannot overrule any legal obligation placed on the organisation to continue processing your personal information.
  • The right to data portability: Following a request for disclosure of your data, you have the right to ask for your information in a digital format so that you can reuse it for other purposes.  For example, data portability could be used to upload your information to a third party price comparison website to compare and identify best value for something like utilities or mobile phone use.  It is unlikely that data portability will apply to most of the services you receive from the Council.
  • The right to object: Everyone has the right to object to the processing of their data in limited circumstances. However, you can only object based on “grounds relating to your particular situation”.  For example, you may need to maintain a higher level of security due to the type of job you have.  In these situations, an organisation must stop processing your personal data unless it can demonstrate compelling grounds for the processing, which override your interests, rights and freedoms or where processing is for the establishment, exercise or defence of legal claims.
  • Rights related to automated decision making and profiling: You have a right to request that decisions based solely on automated processing, including profiling, which may produce a legal effect or affect you significantly, have some form of human input so they are not automatically generated by a computer. This right is in place to ensure that potentially damaging decisions are not taken without some form of human intervention. This right also applies to ‘profiling’. However, this Right will not apply if the decision:
    • is necessary for entering into, or performance of, a contract between you and the data controller (the Council)
    • is authorised by law, or
    • is based on your explicit consent

  Organisations are required to ensure that appropriate safeguards are in place to protect your rights, freedoms and legitimate interests and you can ask to have any computer-made decisions explained to you.

How to request your personal information

Requests can be made verbally but we would prefer you to do so in writing – this includes email – and must include sufficient information to clearly identify you, so that we don’t provide your information to someone attempting to impersonate you (for example, your full name, address and date of birth). If you would find it easier to make a Subject Access Request verbally this is possible, however, we will also need copies of documents that prove your identity, in this way we can ensure your privacy rights continue to be protected.

If you wish to authorise someone to act on your behalf – this could be another individual or an organisation, such as your legal representative or Citizens Advice - it is important that you make your wishes clear and provide a form of authority to them so that we know they are acting under your instruction.

We have an online form and guidance on the website, or contact us for a copy of the form using the details on the left.

How to make a complaint

We will always try to help you with queries and respond appropriately to all requests regarding the processing of your information.

If you have a concern about the way we are collecting or using your personal data or are not satisfied with the way we handle your requests please raise your concern with us in the first instance to allow us to investigate.

If you are still not satisfied with the council’s internal review procedure, you can refer your concerns to the Information Commissioner’s Office on their website or write to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

To request access to your personal information, or to report inaccuracies, or raise a complaint please email us at dataprotection@ipswich.gov.uk or telephone us on 01473 432514.

Contact Details

Ipswich Borough Council,
Grafton House,
15-17 Russell Road,
Ipswich,
IP1 2DE

Telephone icon

01473 432000