To process your requests to us, provide you with services and personalise our service to you. If you agree, we will also use your information to tell you about other services and events.
Your information may be shared with other parts of government, other councils and our delivery partners to deliver you services or if required by law.
We will not share your details with 3rd parties for marketing purposes unless you agree.
You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the supervisory authority.
This notice was last updated May 2019
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it.
We collect your personal data for a variety of purposes. Please see specific purposes for more details. You provide some of this data when you create an Enfield Connected account, when you fill in a form (online or paper), when you speak to us on the phone or face to face. We get some of it from automatic recording e.g cookies.
When we no longer require your personal data, it is deleted according to our retention policy (PDF).
The data we collect can include the following:
Name and contact details: we collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services. If you have given permission, we also use these for marketing purposes for services/events provided by us or by others in the local area. If you have given permission for third party marketing, we additionally may pass this data to third parties for carefully selected marketing relevant to
Demographic data: this includes age and gender. We may collect more sensitive characteristics such as nationality, race, religion, sexuality and ethnicity in order to fulfil our obligations under the Equalities Act 2010. These sensitive characteristics are only used for the purposes of the Equalities Act or those defined and to which you consented at the time we collected them. Where practicable, these data are managed separately from other data.
We additionally receive demographic data including aggregated data from other services to inform our planning of services. This data is not personally identifiable – we cannot identify individuals from the data, but will include matters such as health, police information and financial information.
Device and Usage data: when you connect to us online, we collect data about pages you have visited, completed actions, error messages, IP address details, device operating system, region and language settings. These are used to provide services to you, and to improve our services.
Preferences and account data: our systems include the ability to create an account using a username/password. The username is stored to allow us to retrieve your account; the password is NOT stored, but a “hashed” version of it is stored. This “hashed” password cannot converted back into your password, but allows our systems to confirm the correct password has been entered.
If you have created an account, we will store data in all the categories referenced elsewhere in this document with your account. This allows us to retrieve this data to auto-fill forms for you and present you with data about your past requests to us.
As an alternative, you may use a guest logon. This allows you to create a request to us, but the data given is only held in respect of that request. You cannot add more requests or retrieve history under a guest logon. Guest logons are valid only for the creation of a request and cannot be reused.
Financial Data: we collect data about income, outgoings, savings and assets owned in order to provide services to you. These include matters such as benefits and provision of social care.
We additionally receive financial data about you from third parties eg credit rating agencies.
Health and Care Data: we collect data about your health, including medical conditions, disabilities and information from your healthcare providers where needed to provide services to you.
We additionally receive health data about you from third parties eg NHS and police under a series of multi-agency sharing agreements. Data about you is used to inform our services to you and is only shared with practitioners in those services.
We use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.
In carrying out the purposes listed above, we reuse your data to improve your experience and ensure you are provided with the best possible service. For example, if you tell us you have changed your name, you only need to tell us once for it to be changed over most of our services (some, like Electoral Registration, we can’t change without other information by law).
We use your personal data in the following ways:
We share your personal data with a range of organisations to provide you with services, plan services and to ensure that crime is prevented or detected. These include:
We share your data with your consent or as necessary to provide any service.
We share with third party organisations delivering services on our behalf. This sharing is covered by agreements to maintain your privacy to the same level as we require of ourselves, and data shared is strictly restricted to that necessary for delivering services.
We also share data with Central Government and its agencies, including police and health, as required by law, for the delivery of service, prevention and detection of crime, public health, safety and service planning. This sharing, where not required by law, is again covered by agreements about your privacy.
Information we collect from you will be shared with fraud prevention agencies who will use it to:
If fraud is detected you could be refused certain services, finance or employment. Find out more by visiting Fraud detection and prevention.
You can access your data online via your Enfield Connected account. You have a right to require us to make changes to your data if it is wrong. You can make changes to incorrect data on the website, but if you find data you cannot correct email email@example.com.
You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it. You can do this by emailing firstname.lastname@example.org.
You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You may do this by making an online request.
If you have a privacy concern, complaint or question for the Enfield Council Data Protection Officer, please email or contact via post as detailed in our other important privacy information page.
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner.
You can change your preferences in marketing and use of your data at any time. Please visit your Enfield Connected account and go to preferences.
For more details on your rights in processing data, visit ICO.
Enfield Council is registered with the ICO as a data controller and processor. Our registration number is Z5492012.
The Electoral Registration department of Enfield Council is registered with the ICO separately, with registration number Z4938916.
If you wish to restrict or block the cookies which are set by our websites, or any other website, you can do this through your browser settings. The ‘Help’ function within your browser should tell you how.
Please be aware that restricting cookies may impact on the functionality of our website.
To view your cookie code, click on the cookie to open it. You will see a short list of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.
To learn more about cookies on GOV.UK websites, visit GOV.UK.
Your Enfield account is used to simplify your access to our services. By storing your personal data in the account we are able to automatically fill in basic data about you and your circumstances so you don’t have to do it more than once. By linking your accounts from our internal systems to your Enfield account we can show you information from these systems and make it easier for you to manage your relationship with us.
Your Enfield account initially stores a small amount of information about you that you supply when you register for the account. This information is used to fill in forms on the web for you, and to allow us to link our internal systems to your Enfield account. Once internal systems are linked, you can access data from these systems online, and request a wider range of services online. The Enfield account doesn’t store this information – only the link is stored with the account – but retrieves it on request.
Whenever you log on to the website and use online services the interactions are logged. We keep these logs for one year for security purposes.
When you make a request to us (eg ask for a service) this is recorded with your Enfield account and will be visible to you for up to five years. If you did not use an Enfield account (ie a guest logon) this is again kept for five years but is not associated with any account. Transactions on a guest logon do not appear on Enfield accounts.
Below you will find additional privacy information you may wish to know. Enfield is committed to maintaining the privacy of your personal information. If you have any issues with our privacy, please contact Complaints and Information via the website or via email.
We collect and use information under various legal basis which depend on the purposes; we evaluate each use to ensure that we have a legal basis for use.
Our most common reasons for use are:
GDPR Article 6 1(c) and (e) – Legal basis or performance of task in public interest, exercise of official authority. The majority of our information use is based on these clauses – legislation enabling local government services covers many areas. For example, we have a legal obligation to ensure that planning processes are implemented.
GDPR Article 6 1(a) – Consent. We use a consent basis for some information e.g. using your email address to inform you of events. You can always withdraw consent and we will cease to process for that purpose
GDPR Article 6 1(b) – Contract. Some of our use e.g. bulky waste collection is based on a contractual agreement.
GDPR Article 6 1(d) – Vital interest. Some of our services can result in serious harm if we do not deliver them, and therefore vital interest is occasionally used; however in most cases the use is covered by law and therefore falls into GDPR Article 6 1(c) or (e).
We additionally use special category personal data. This is most commonly under GDPR Article 9 2(b) – employment, social security and social protection; or GDPR Article 9 2(g) – substantial public interest.
We maintain a Register of Processing Activities supplying individual justifications for use.
Data collected by Enfield Council is generally processed within the UK and the EEA. These uses all comply with the requirements of the GDPR and UK government security policy. For some purposes, we process in the USA; this use is covered by either contractual agreements with an assessment of adequacy or US Privacy Shield.
Typically, our data is either stored in Ireland or Southern England. Backups of data and resilient services are generally in the Netherlands or Northern England.
We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems.
Enfield Council operates a data retention and disposal scheme based on legal and operational requirements. Data is disposed of securely when it is no longer required for processing purposes. View the retention scheme (PDF).
We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top page how will we use the information about you?. If there are significant changes we will notify you either by a pop-up notice when you logon or directly sending you a notification. We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.
For general issues, please contact us via your Enfield account.
If you have a privacy concern, complaint or question for the Enfield Council Data Protection Officer, please email email@example.com.
You can also contact the Council’s Data Protection Officer directly at firstname.lastname@example.org or by post:
Data Protection Officer
Enfield Council Civic Offices