The council has a wide range of purposes for which we gather data, all aimed at providing you the best possible service. A large number of these purposes are listed below. If a service is not listed this is because it only retains data relevant to delivery which is not sensitive. For services not noted a retention period for your data of seven years may be assumed. Some parts of these notices have been provided by third parties and therefore may repeat information elsewhere in this notice.
Enfield Adoption Service is committed to protecting the privacy and security of your personal information. The adoption service privacy notice (PDF) describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the data protection legislation. This applies to all users of our adoption service.
Enfield Council rents allotments to people who wish to use them for growing of vegetables, fruit and flowers. The Council keeps records of contact details, rent payments, issues with the allotment and details allowing discount. All are kept until the end of tenancy plus seven years as required for records involving financial details.
Enfield Council processes asbestos samples on its own behalf, on behalf of other organisations and members of the public on request. The data relating to these samples is kept for 20 years including the details of the requestor.
Enfield Council operates CCTV systems across the borough for the purposes of prevention and detection of crime under Section 115 of the Crime and Disorder Act 1998. New camera requests follow the surveillance camera code of practice. Image data is retained for 31 days unless an incident occurs. Data is retained as long as is required for evidence if an incident occurs.
Enfield Council keeps records of contractors working in cemeteries in connection with cemetery operations, funeral directors, memorial masons etc. This is a legal requirement under the Local Authorities Cemeteries Order 1977 (amended 1986) and associated regulations.
Enfield Council wants its citizens to be aware of services that may be useful to them, and to encourage local events and culture. We operate an opt-in email mailing list for this purpose; citizens may opt in or out at any time by visiting our website. We also respond to social media queries; we do not retain data on social media accounts. Please see the privacy statements of the social media providers for more detail. Enfield Council also keeps details on voluntary and community organisations (“third sector”) including contact details for people in these organisations so that we can contact them with relevant information. Consent is obtained for this annually via email/letters and completion of form template.
The Complaints and Information Service acts as the gateway to the council for complaints, consultations, Environmental Information requests, Freedom of Information requests, Subject Access requests and general information requests. Data is held in order to complete your request or complaint and for the purposes of internal performance reporting. The retention period of each type of data can be found in our retention policy (PDF).
If you apply for a Blue Badge, Freedom Pass, Taxi Card or Brown Badge we keep data about you in order to service the request and to prove eligibility. This includes your contact details, your National Insurance Number, your date of birth, your benefits entitlement and details of your disability, including evidence from others verifying the data given. This data is used only for this purpose and is removed when you no longer claim the travel concession.
The Council Tax Regulations and Local Government Finance Act 1992 and the Non-domestic rating Regulations 1989 allow for local authorities to collect and administer Council Tax and Business Rates.
The information we collect and process for this purpose includes:
We also collect the following information for the purposes of debt collection:
We have a duty to protect the public funds we administer and may use information held about you for all lawful purposes, including the prevention and detection of fraud. The Council may also share this information with law enforcement agencies and other bodies responsible for auditing or administering public funds for these purposes.
Your data will be kept for at least seven years as required by law and is not generally removed unless you are no longer resident in the borough.
The council has a duty to protect public funds and as such will use measures to ensure that monies it owes are collected.
If we notify you that you owe us money, and you are having difficulties paying, please contact us so we can try to help.
If you do not pay, we can use various methods to pursue payment. These include obtaining information via public sources, sharing with other government organisations, referencing/tracing agencies and private sector debt collectors.
We are legally required to make some debt collections (e.g. Council Tax) and therefore the legal basis for processing is GDPR Article 6 1(c) - processing is necessary for compliance with a legal obligation to which the controller is subject.
Some debt accumulated is not a legal obligation but may be contractual and covered by GDPR Article 6 1(b) - received chargeable services from us and not paid for them.
Some further debts are accumulated by default by the data subject leading to a debt to the public purse, for example, unpaid utility bills which then become the liability of the council.
It in the public interest to collect these to avoid detriment to the public purse and therefore covered by GDPR Article 6 1(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Electoral Services are responsible for producing the electoral register. This is a list of all people who are eligible to vote in elections in the borough of Enfield. The law requires us to share the data with various agencies and parties. Electoral Services are also responsible for managing elections in the borough. This involves using the data to enable people to vote, and to enable parties and candidates to participate. We collect personal data from our residents to enable us to carry out these functions and all functions are performed in the public interest.
The Council appoints an Electoral Registration Officer (ERO) and a Returning Officer (RO) who has the legal powers to collect this data.
The following lists all primary and secondary legislation relevant to the collection, processing and retention of personal data:
We are legally required to collect this information so we can determine if you are eligible to vote and to record you as a legitimate voter. The national insurance number is removed as soon as we determine your application. We share this data with the government office which provides the Individual Electoral Registration Digital Service. They check the data against other government records to determine its legitimacy. Find out more about privacy when registering to vote.
We also collect data on electoral registration and election staff so we can employ them to conduct electoral duties. Political parties and candidates are required to provide information when they wish to stand for election. Again, electoral law determines what data we have to request and how long we retain it.
The information you provide is held in electoral registers which are managed by electoral registration officers who, using information received, keep two registers – the full electoral register and the open (edited) register.
The full register is published once a year and is updated every month and can only be supplied to the following people and organisations:
We also have to disclose (share) your information with our Software providers and contracted printers for the purposes of carrying out our duties of electoral registration and elections.
It is a crime for anyone who has a copy of the full register to pass information from this register on to others, if they do not have a lawful reason.
The full register contains data on all registered electors. Anyone can inspect the full electoral register under supervision. They can take extracts from the register, but only by hand written notes. Information taken must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open version of the register. Anyone who fails to observe these conditions is committing a criminal offence and may be charged a penalty of up to £5,000.
The open register contains the same information as the full register, but is not used for elections or referendums. It is possible to opt-out of the Open Register. It is updated and published every month and can be sold to any person, organisation or company for a wide range of purposes. It is used by businesses and charities for checking names and address details; users of the register include direct marketing firms and also online directory firms.
You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.
The Electoral Registration Officer and Returning Officer are obliged to process your personal data in relation to preparing for and conducting elections. Your details will be kept and updated in accordance with our legal obligations and in line with statutory retention periods. For a copy of our Retention Policy please contact us directly.
You are entitled to request a copy of any information about you that we hold. Any such requests must be made in writing. If the information we hold about you is inaccurate you have a right to have this corrected and you have the right to request completion of incomplete data.
You have the right to request the deletion of your personal data in certain circumstances (‘right to be forgotten’). You have the right to request that we stop, or restrict the processing of your personal data, in certain circumstances. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
If you are dissatisfied with how the Electoral Registration Officer/Returning Officer have used your personal information you have a right to complain to the Information Commissioner's Office.
The Electoral Registration Officer and Returning Officer are required to keep a record of your personal data in order to comply with the Representation of the Peoples Act 1983, Electoral Registration and Administration Act 2013, Representation of the People Regulations 2001 and Electoral Registration (Disclosure of Electoral Registers) Regulations 2013.
Enfield Council has responsibilities under the Civic Contingencies Act 2004 to be prepared for emergencies and able to react to them. This requires us to keep data on our employees for emergency contacts, but also employees of other organisations required for emergency preparedness. Consent is obtained at the time of requesting the contact. Currently organisations include, but are not limited to Metropolitan Police, London Fire Brigade (LFB), London Ambulance Service (LAS), the Military, the NHS, Clinical Commissioning Groups, Environment Agency, Thames Water, British Red Cross, Voluntary Sector Representatives, representatives of organisations offering emergency rest centres and Highways Agency.
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that it is necessary in the public interest or in exercising official authority for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details at Other Important Privacy Information.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
For more information or to exercise your data protection rights, please contact us using the contact details at Other Important Privacy Information
You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.
If you enquire about or apply for a grant under the Housing Grants, Constructions and Regulations Act 1996 and Regulatory Reform (HA) Order 2002, we will keep data relating to this purpose and to offer you a grant should you be eligible. Data is currently kept for at least seven years.
We are participating in a national homelessness research project called Homelessness Case Level Information Collection (H-CLIC). View the privacy information regarding this purpose below:
The sharing of data gathered for H-CLIC is for research purposes only and aims to provide central government departments, local public services and delivery partners with valuable information about the cycle of homelessness and its impact on outcomes, as well as the impact and cost benefit of interventions and services targeted at reducing homelessness.
The project involves sharing personal identifiers and personal data between local authorities and MHCLG. The personal identifiers provided by local authorities will be processed by ONS (MHCLG’s trusted third party processor) to create an ONS identifier (ONS ID) that can be used to link together H-CLIC Data submissions over time and across local authority boundaries.
"The data subjects are residents of Enfield Known to Housing Services and their families. In the future it is hoped that the data can also be linked to other datasets, such as Rough Sleeping Questionnaire (RSQ), The Troubled Families Evaluation Dataset, and data from other Government Departments (OGDs), such as Ministry of Justice, Department for Education and Department for Work and Pensions/Her Majesty’s Revenue and Customs and health agencies (NHS Digital and Public Health England). The resulting dataset created for this project will be shared with ONS (in a de-identified form) to be made available to bona fide academics in the Secure Research Service (SRS).
ONS (as the data processor) will use the personal identifiers (referred to as H-CLIC PI) gathered from local authorities to create a look-up table of unique identifiers (ID numbers) to facilitate the matching of attribute data (including H-CLIC attribute data, the rough sleeping questionnaire and data from other government departments. The look-up table contains ID numbers only and no personal identifiers. The project and the look-up table have been designed to ensure the attribute data is pseudonymised (de-identified) at the earliest opportunity and staff analysing the attribute data do not know the identity of data subjects – organisational measures have been put in place to protect the anonymity of data subjects, including separation of roles for each organisation (MHCLG and ONS), separation of duties for staff and measures to ensure the identifiable data (H-CLIC PI data) is handled separately to any attribute data (e.g. H-CLIC attribute data).
For this project, MHCLG and local authorities are independent data controllers and ONS is the trusted third-party data processor acting on behalf of MHCLG.
Data sharing will take place between local authorities and national public bodies and data sharing agreements will be agreed between MHCLG and each party. The data gathered for the project will be de-identified to allow use for research only. "
Data sharing is necessary to observe the effectiveness of Homelessness Programmes and the Homelessness Reduction Act 2017 on a wide range of different outcomes that it aims to affect, spanning the remit of different Government Departments and to control for household and individual characteristics.;
The Homelessness Reduction Act 2017 (the 2017 Act) significantly reformed England’s homelessness legislation by placing duties on local authorities to intervene at earlier stages to prevent homelessness in their areas. It also requires housing authorities to provide homelessness services to all those affected, not just those who have ‘priority need’. The 2017 Act was fully in force by 3rd April 2018. Hence the legal basis will be GDPR Article 6 1(c) – legal requirement on the controller and 6 1(e) public task.
Where the personal data to be processed is special category data (sensitive personal data) it will be possible to rely on Article 9(2)(g) of the GDPR. MHCLG will rely on meeting the condition in Schedule 1, Part 2, paragraph 6 of the DPA 2018 in order to process special category personal data in accordance with section 10(3) of the DPA 2018.
Article 9(2)(g) allows for the processing of special category data where it is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject/individual.
A DPA has been signed between Enfield and the MHCLG for the quarterly on-going supply of H-CLIC personal identifiers and attribute data to the Ministry for Housing, Communities and Local Government. This data share will facilitate the linking of homelessness and other data sources to improve the evidence of the causes of homelessness as well as the factors associated with better outcomes.
Not required as covered by The Homelessness Reduction Act 2017 (the 2017 Act) hence legal basis is as above.
Retention of Data follows national guidelines.
Understanding more about what causes homelessness and how well homelessness services meet peoples’ needs
This research is being carried out by the Ministry of Housing, Communities and Local Government (MHCLG).
By carrying out this research, MHCLG aims to find out whether:
To do this, MHCLG wants to link information about you and others in your household together with other information, including your homelessness application and past and future information on your use of services and benefits.
MHCLG will use your personal information - name, date of birth, gender, last known address, National Insurance number (if known) - to gather the right data held by other government agencies. Any information you provide will not be used to make any decisions about what benefits you get, services you use, now or in future, or used to identify fraud.
We want to collect data on all people asking for help with homelessness.
At your assessment you will be asked questions about:
Your information will only be used for research and will be anonymised so the researchers will not know whose data they have.
Your local authority will send your information to MHCLG using a secure IT system.
Your personal information (name, date of birth, gender, last known address) will be used to identify data collected as part of your assessment and linked to information held by other government departments:
Your information will be kept strictly confidential. Your name, date of birth, gender, address and National Insurance number will be kept separately from all the other information in a secure, password-protected document on a computer system. You will be assigned a unique reference number, so that even though a researcher will see all your information, they will not be able to know it is you.
DWP, DfE and MOJ will only keep your personal information for a month and will not keep records showing you were part of this research.
MHCLG will keep your personal information for five years.
We will only use your data within the terms of data protection laws, will delete your data securely and only keep it for as long as necessary. We will review dates for keeping personal data in the future and if necessary update these privacy notices.
To legally share data for this research, local authorities and MHCLG will rely on the Digital Economy Act 2017.
The collection of personal information by MHCLG for this project is compliant with data protection legislation.
Your local authority will collect your personal data under the public task basis (in this case to provide housing services) and agree to share this data with MHCLG under the public task basis (in this case to reduce homelessness).
MHCLG will rely on the following reasons for processing personal data and additional special category data below:
The processing is necessary for this reason:
Special category personal data may be processed if:
(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
You can talk to your local authority about whether your data is being used for this project without it affecting your legal rights or routine care. You can also see copies of all the data MHCLG hold about you and ask for it to be corrected or deleted.
If you want more information you can ask a member of staff. You can also contact MHCLG’s Knowledge and Information Team about seeing your data or withdrawing from the research.
If you are unhappy with the way your personal information is being handled you can contact the independent Information Commissioner.
The final results of this research will be published on the main government website. You will not be identified in any research report.
If you come to us for housing services, including sheltered housing and homelessness, we will collect data such as name, address, date of birth, medical information, income and expenditure, schooling, work and family composition in order to assist us in the allocation of emergency/temporary accommodation or affordable longer term accommodation. This work is carried out under the Housing Act 1996. We retain the data about you in accordance with our retention policy (PDF) – the length of time it is retained depends on your needs and the type of tenancy you receive.
The information we hold, and the information provided to us by the Department for Work and Pensions (DWP) is required for the calculation of your Housing Benefit and Council Tax Support claim.
We receive personal information from yourself via your on-line application form, from the DWP, HMRC and from landlords.
The information collected includes:
We have a duty to protect the public funds we administer and may use information held about you for all lawful purposes, including the prevention and detection of fraud. The Council may also share this information with law enforcement agencies and other bodies responsible for auditing or administering public funds for these purposes.
Your data will be kept for a period of seven years from the end of your claim.
Enfield Council keeps a wide range of information for the prevention and detection of crime under various acts including the Crime and Disorder Act 1998 and the Fraud Act 2006. Data held for these purposes are exempt from certain provisions of the GDPR by the Data Protection Act 2018 section 15 and Schedule 2 Part 1.
For more information on fraud prevention, visit Fraud detection and prevention.
If you sign up to our library service, we keep data on you to enable us to contact you, to record items you have used/borrowed from the library. We keep this data for one year after your last interaction with us, unless you have outstanding fines in which case your record is kept until the fine is paid.
Enfield Council has a duty to protect the public funds we administer.
To help do this, and to prevent and detect fraud, we share information with the Cabinet Office, who is responsible for carrying out the National Fraud Initiative data matching exercise.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body, to see how far they match. This is usually personal information.
Computerised data matching allows potentially fraudulent claims and payments to be identified. If a match is found, it may show that there is an inconsistency which needs to be investigated. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. Matching also helps to keep records up to date and accurate.
Types of data provided by Enfield Council for this purpose may include:
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.
Please note this doesn't require the consent of the individuals concerned under the GDPR and the DPA 2018.
If you have any questions about this exercise, contact our Counter Fraud Team by emailing firstname.lastname@example.org.
If you are receiving support from adult social care then the NHS may share your NHS number with adult social care. This is so that the NHS and adult social care are using the same number to identify you whilst providing your care. By using the same number the NHS and adult social care can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS service called the Personal Demographic Service (PDS). Adult social care sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in the Council’s adult social care case management system.
These data are retained in the adult social care system in line with the Council’s record retention policies. These policies are in accordance with the Data Protection law, Government record retention regulations and best practice. Further information is available on our policies and procedures.
In terms of the Data Protection Act the Council is both the Data Controller and the Data Processor.
The NHS Number then has two uses, the first being a unique identifier to allow Social Care information to be displayed in the Council’s adult social care case management system, for the provision of direct care. We will also use this Number in an integrated care record system across a number of support services including GP’s, hospitals, community matrons, district nurses and social care practitioners.
The Council will share information only to provide health and social care professionals directly involved in your care access to the most up-to-date information about you. It will do this by sharing appropriate information between health and social care services at the time of patient contact. Access to information is strictly controlled, based on the role of the professional. For example, social workers will only have access to information that is relevant to the execution of their care duties.
The Council’s IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care. These policies are available on our policies and procedures.
The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS Number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.
The addition of the NHS Number to social care data will bring additional benefits:
You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have.
If you wish to opt-out from the use of your NHS Number for social care purposes, please talk with your social worker.
Aon Hewitt Limited ("Aon") has been appointed to provide pensions advisory and calculation services that relate to your membership of the Fund. In doing so Aon will use personal information about you, such as your name and contact details, information about your pension contributions, age of retirement, and in some limited circumstances information about your health (where this impacts your retirement age) in order to be able to provide these services.
The purposes for which we use personal information will include management of the Fund and your membership within it, funding (i.e. helping to ensure that the funds held within the Fund are sufficient to cover the members who are party to it), liability management (that is to say providing advice on the different ways benefits could be determined, and drawn, from the Fund), Fund Actuary duties (which include assessing individuals who are members of the pension scheme and assessing how the make-up of the membership may affect the amounts payable and when they become payable so as to manage the Fund appropriately), regulatory compliance, process and service improvement and benchmarking.
We may pass your personal information to third parties such as financial advisors and benefits providers, insurers, our affiliates and service providers and to certain regulatory bodies where legally required to do so. Depending on the circumstances, this may involve a transfer of data outside the UK and the European Economic Area to countries that have less robust data protection laws. Any such transfer will be made with appropriate safeguards in place.
More detail about Aon’s use of your personal information is set out in our full Privacy Notice. You can also request a copy by contacting us, including reference to the Fund name, at: Data Protection Officer, Aon Hewitt Limited (Retirement and Investment UK), PO Box 730, Redhill, RH1 9FH
If you supply goods or services to the council, we keep records of this supply including your contact details, contract details, purchase orders made, goods/services/invoices received, bank details for payment purposes and records of contacts made. These are kept for seven years after your last interaction with the council.
From 1 April 2013, local authorities were given a new duty to improve the health of their residents.
The Public Health team in a local authority is required to commission and manage certain Public Health services for residents, and provide advice and intelligence about health and wellbeing to help the Council, NHS and other partners plan services that meet the needs of the people of Enfield. To fulfil this function, the Enfield Public Health team uses data and information from a range of sources.
The Enfield Public Health team has a legal status allowing the processing of Personal Confidential Data for Public Health purposes. The use of such data will be restricted so that the principles contained in the Data Protection Act 1998 are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The Enfield Public Health team collects and holds information for public health purposes about:
all to whom it has a public health duty of care.
This information includes;
We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Enfield. We can describe the data as follows:
Enfield Public Health team uses personal identifiable information about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:
The Public Health team also uses the information to derive statistics and intelligence for assessments and planning purposes, which include:
These statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.
This information is collected in two ways:
It may be provided to us directly by a member of the public when they sign up to use a service we are providing.
It may be shared with us by another organisation due to us being part of a service they are providing, or as part of research and intelligence necessary for Public Health functions, such as informing decisions on the design and commissioning of services. This will include organisations such as Office for National Statistics, NHS Digital, national, regional and local NHS bodies, Clinical Commissioning Group, local authorities and schools.
We are required to comply with data protection regulations to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.
Any personal identifiable data is sent or received using secure email. All data is stored electronically on secure equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all who of whom undertake regular training about data protection and managing personal information.
Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from Enfield Council Public Health is also under a legal duty to keep it confidential.
In relation to births, deaths and hospital episode statistics, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time. Data is permanently disposed of after this period, in line with Enfield Council’s retention policy (PDF) or the specific requirements of the organisation who has shared the data with us.
You have the right to opt out of Enfield Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to. For more information, email email@example.com.
The Council is registered as a Data Controller with the Information Commissioner’s Office (Registration Number Z5492012) under the Data Protection Act. Further details about how the Council processes personal data can be found in our registration via the Information Commissioner’s Office. You can also view the Council’s NHS Information Governance Toolkit status.
The Registrars service in Enfield has a separate Data Protection registration from the council. The service holds details of births, marriages and death as required by the various acts. This is a statutory service and all data held is in line with the statutes, specifically the Births and Deaths Registration Act 1953, the Marriage Act 1949 and The Register of Marriage Regulations 2015.
The council is required to provide services for a wide range of regulation enforcement and delivery services including, but not limited to:
Each of these services is either covered by a legal basis in legislation and therefore does not require a consent, or is a service which people request and therefore give consent at that point. Many users are companies, but for sole traders the privacy regulations will apply. Retention periods for records are published in the retention policy (PDF).
Enfield Schools are responsible for their own data protection compliance and therefore have individual privacy notices. Please refer to the school website for details.
Enfield Council in its role at a Local Education Authority keeps a range of data relating to schools and early years settings, to administer services. These include the following:
Data kept (contact, pupil identification, parent/carer identification assumed), consent/legal basis and retention period
Manage and organise music education
Details of learning, attendance records, correspondence, free school meals status (for discounts), payments, methods, instrument, level, exams, results. A waiting list is also maintained. Consent on application, three year retention.
Manage and organise group activities, provide records to Arts Council England for grant funding
Attendance records, correspondence, payment reconciliation, application of concessionary rates data, ethnicity, gender and age. Consent on application, retained for 6 months after last attendance.
Enable applications to various funding bodies for scholarships.
Details vary depending on the scholarship qualification requirements. Consent on application, retained for two years after scholarship is finished.
Finance and school place planning
Manage and organise school budgets
Details of pupils; attendance records; free school meals; exclusions; Education Heath and Care Plan records
Early Years and Families Information
To support children's learning and behaviour; Monitor and report on children's progress; Meet our duties to promote high standards of educational achievements; Provide appropriate care; Monitor the impact of funded 2 year olds and 3 and 4 year olds; assess the quality of our services.
We collect and use this information under the Education Act 1996, various enactments relating to the sharing of data with the Department for Education e.g. the Education (Information about Individual Pupils) (England) Regulations 2013. We also collect special category data under the Education Act 1996 and the Children Act 1989 where required. Information outside these enactments is collected and used by consent e.g. voluntary activity data. We will always inform you if you are providing data on a legal basis or if you have a choice about provision.
We routinely share children and young person’s information with:
We hold information about young people living in our area, including about their education and training history. This is to support the provision of their education up to the age of 20 (and beyond this age for those with a special educational need or disability). Under parts 1 and 2 of the Education and Skills Act 2008, education institutions and other public bodies (including the Department for Education (DfE), police, probation and health services) may pass information to us to help us to support these provisions.
Once our pupils reach the age of 13, we pass their contact details to the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide of youth support service and careers advice.
A parent / guardian can request that only their child’s name, address and date of birth be passed to their provider of youth support services by informing us at the contact details in this notice. This right is transferred to the child/pupil once he/she reaches the age of 16.
We will also share relevant information about pupils not in education, training or employment (such as their contact details) aged 16+ with the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide the following services:
Find out more about services for young people.
We share children and young person’s data with the Department for Education (DfE) on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding, educational attainment policy and monitoring and enables them to; produce statistics, assess our performance, determine the destinations of young people after they have left school or college and to evaluate Government funded programmes.
We do not share information about children and young people without consent unless the law and our policies allow us to do so.
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) visit GOV.UK.
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
The law requires us to provide information about our pupils to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The legislation that requires this is the Education (Information About Individual Pupils) (England) Regulations 2013. Find out more about the NPD.
The Department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. Find out more information about the department’s data sharing process.
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record held by their education provider, contact us at the details given in this notice.
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance at the contact details in this notice. Alternatively, you can contact the Information Commissioner’s Office.
To validate your bank account details, we need to share relevant information you've given us with TransUnion. This will be used to ensure your support payment is paid to the correct bank account and to help prevent fraudulent use of support payments.
This is not a credit check and won't impact your credit rating.
For more information on how TransUnion may use your data, visit TransUnion.
The Social Care service collects a wide range of data relating to persons in need of social care services, their carers, family and other persons who may affect them. This includes data which is defined by the Data Protection Law as “special categories” including data relating to racial or ethnic origin, religious or philosophical beliefs, genetics, health and sexuality. The Care Act 2014 and Children Act 1989 gives the Social Care service the legal basis for processing, but we also seek consent where possible for processing your data. If you refuse consent, or limit processing this may affect the level of service we can provide to you and could potentially put you at risk. We may, where you or someone else is at serious risk if we do not share information, share information without your consent, but only if absolutely necessary to prevent harm.
It is commonly necessary for persons receiving / providing social care to be provided with finance in order to manage personal budgets, provide care or other appropriate reasons. In order to monitor spending of public funds, the council records these financial transactions in addition to the data above. These are kept for seven years after the repayment period.
Enfield Special Guardianship Service is committed to protecting the privacy and security of your personal information. The special guardianship privacy notice (PDF) describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the data protection legislation. This applies to all users of our Special Guardianship service.
Enfield Council, as a responsible employer, is required by law to keep a wide range of data on prospective, current and former employees, pensioners, contract staff and volunteers. This data has restricted access and is only generally available to appropriate staff including HR advisors and Heath and Safety staff, with managers having limited access to data about their staff.
In addition to statutory requirements, Enfield Council keeps information relating to staff performance, staff vetting, staff training, staff emergency contacts, staff access to sites/buildings/rooms, staff health data where needed to ensure safety of the staff member or the public and other data needed for the safe and responsible delivery of its services. Retention periods for the data are published in our retention policy (PDF).
Enfield Council uses external professional services for occupational health, and staff information will be passed to these providers where there is a need for an occupational health assessment or follow-up.
The legal basis for this use is GDPR Article 6 1(b) - contract with the data subject, GDPR Article 6 1(c) - legal requirement on controller depending on the type of employment, and GDPR Article 9 2(b) for sensitive data - obligations in the field of employment law.
The council is required by central government to assist in this survey every two years as part of the national carers strategy.
We are required to ask all adult carers in the borough to participate in the survey and to collect and collate data which is then used for planning across government. We do not share personal data of carers with any other organisation, but do share anonymised data with other organisation including health, central government and the voluntary sector.
The data is also used by the council to: