The council has a wide range of purposes for which we gather data, all aimed at providing you the best possible service. A large number of these purposes are listed below; if a service is not listed this is because it only retains data relevant to delivery which is not sensitive. For services not noted a retention period for your data of seven years may be assumed. Some parts of these notices have been provided by third parties and therefore may repeat information elsewhere in this notice.
Enfield Council rents allotments to people who wish to use them for growing of vegetables, fruit and flowers. The Council keeps records of contact details, rent payments, issues with the allotment and details allowing discount. All are kept until the end of tenancy plus seven years as required for records involving financial details.
Enfield Council processes asbestos samples on its own behalf, on behalf of other organisations and members of the public on request. The data relating to these samples is kept for 20 years including the details of the requestor.
Enfield Council operates CCTV systems across the borough for the purposes of prevention and detection of crime under Section 115 of the Crime and Disorder Act 1998. New camera requests follow the surveillance camera code of practice. Image data is retained for 31 days unless an incident occurs. Data is retained as long as is required for evidence if an incident occurs.
Enfield Council keeps records of contractors working in cemeteries in connection with cemetery operations, funeral directors, memorial masons etc. This is a legal requirement under the Local Authorities Cemeteries Order 1977 (amended 1986) and associated regulations.
Enfield Council wants its citizens to be aware of services that may be useful to them, and to encourage local events and culture. We operate an opt-in email mailing list for this purpose; citizens may opt in or out at any time by visiting our website. We also respond to social media queries; we do not retain data on social media accounts. Please see the privacy statements of the social media providers for more detail. Enfield Council also keeps details on voluntary and community organisations (“third sector”) including contact details for people in these organisations so that we can contact them with relevant information. Consent is obtained for this annually via email/letters and completion of form template.
The Complaints and Information Service acts as the gateway to the council for complaints, consultations, Environmental Information requests, Freedom of Information requests, Subject Access requests and general information requests. Data is held in order to complete your request or complaint and for the purposes of internal performance reporting. The retention period of each type of data can be found in our retention policy (PDF).
If you apply for a Blue Badge, Freedom Pass, Taxi Card or Brown Badge we keep data about you in order to service the request and to prove eligibility. This includes your contact details, your National Insurance Number, your date of birth, your benefits entitlement and details of your disability, including evidence from others verifying the data given. This data is used only for this purpose and is removed when you no longer claim the travel concession.
We collect Council Tax and Business Rates under the Local Government Finance Act 1992. We keep data about your name, address, contact details, forwarding address if applicable, personal details of other adults in the property as required for statutory discount and exemptions, banking details, payment details and property details. We keep records of correspondence and telephone calls should you contact us or we contact you. In the event a payment arrangement is made we will keep additional financial details in order to decide this. In the event of a payment default further information relating to proceedings is also retained. See Housing Benefit and Council Tax support for related information on data we keep if you apply for or receive one of these benefits. Data is retained for at least 7 years as required by law, and is not generally removed unless you cease to be resident in the borough.
Electoral Services are responsible for producing the electoral register. This is a list of all people who are eligible to vote in elections in the borough of Enfield. The law requires us to share the data with various agencies and parties. Electoral Services are also responsible for managing elections in the borough. This involves using the data to enable people to vote, and to enable parties and candidates to participate. We collect personal data from our residents to enable us to carry out these functions and all functions are performed in the public interest.
The Council appoints an Electoral Registration Officer (ERO) and a Returning Officer (RO) who has the legal powers to collect this data.
The following lists all primary and secondary legislation relevant to the collection, processing and retention of personal data:
We are legally required to collect this information so we can determine if you are eligible to vote and to record you as a legitimate voter. The national insurance number is removed as soon as we determine your application. We share this data with the government office which provides the Individual Electoral Registration Digital Service. They check the data against other government records to determine its legitimacy. Find out more about privacy when registering to vote.
We also collect data on electoral registration and election staff so we can employ them to conduct electoral duties. Political parties and candidates are required to provide information when they wish to stand for election. Again, electoral law determines what data we have to request and how long we retain it.
The information you provide is held in electoral registers which are managed by electoral registration officers who, using information received, keep two registers – the full electoral register and the open (edited) register.
The full register is published once a year and is updated every month and can only be supplied to the following people and organisations:
We also have to disclose (share) your information with our Software providers and contracted printers for the purposes of carrying out our duties of electoral registration and elections.
It is a crime for anyone who has a copy of the full register to pass information from this register on to others, if they do not have a lawful reason.
The full register contains data on all registered electors. Anyone can inspect the full electoral register under supervision. They can take extracts from the register, but only by hand written notes. Information taken must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open version of the register. Anyone who fails to observe these conditions is committing a criminal offence and may be charged a penalty of up to £5,000.
The open register contains the same information as the full register, but is not used for elections or referendums. It is possible to opt-out of the Open Register. It is updated and published every month and can be sold to any person, organisation or company for a wide range of purposes. It is used by businesses and charities for checking names and address details; users of the register include direct marketing firms and also online directory firms.
You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.
The Electoral Registration Officer and Returning Officer are obliged to process your personal data in relation to preparing for and conducting elections. Your details will be kept and updated in accordance with our legal obligations and in line with statutory retention periods. For a copy of our Retention Policy please contact us directly.
You are entitled to request a copy of any information about you that we hold. Any such requests must be made in writing. If the information we hold about you is inaccurate you have a right to have this corrected and you have the right to request completion of incomplete data.
You have the right to request the deletion of your personal data in certain circumstances (‘right to be forgotten’). You have the right to request that we stop, or restrict the processing of your personal data, in certain circumstances. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
If you are dissatisfied with how the Electoral Registration Officer/Returning Officer have used your personal information you have a right to complain to the Information Commissioner's Office.
The Electoral Registration Officer and Returning Officer are required to keep a record of your personal data in order to comply with the Representation of the Peoples Act 1983, Electoral Registration and Administration Act 2013, Representation of the People Regulations 2001 and Electoral Registration (Disclosure of Electoral Registers) Regulations 2013.
Enfield Council has responsibilities under the Civic Contingencies Act 2004 to be prepared for emergencies and able to react to them. This requires us to keep data on our employees for emergency contacts, but also employees of other organisations required for emergency preparedness. Consent is obtained at the time of requesting the contact. Currently organisations include, but are not limited to Metropolitan Police, London Fire Brigade (LFB), London Ambulance Service (LAS), the Military, the NHS, Clinical Commissioning Groups, Environment Agency, Thames Water, British Red Cross, Voluntary Sector Representatives, representatives of organisations offering emergency rest centres and Highways Agency.
If you enquire about or apply for a grant under the Housing Grants, Constructions and Regulations Act 1996 and Regulatory Reform (HA) Order 2002, we will keep data relating to this purpose and to offer you a grant should you be eligible. Data is currently kept for at least seven years.
Understanding more about what causes homelessness and how well homelessness services meet peoples’ needs
This research is being carried out by the Ministry of Housing, Communities and Local Government (MHCLG).
By carrying out this research, MHCLG aims to find out whether:
To do this, MHCLG wants to link information about you and others in your household together with other information, including your homelessness application and past and future information on your use of services and benefits.
MHCLG will use your personal information - name, date of birth, gender, last known address, National Insurance number (if known) - to gather the right data held by other government agencies. Any information you provide will not be used to make any decisions about what benefits you get, services you use, now or in future, or used to identify fraud.
We want to collect data on all people asking for help with homelessness.
At your assessment you will be asked questions about:
Your information will only be used for research and will be anonymised so the researchers will not know whose data they have.
Your local authority will send your information to MHCLG using a secure IT system.
Your personal information (name, date of birth, gender, last known address) will be used to identify data collected as part of your assessment and linked to information held by other government departments:
Your information will be kept strictly confidential. Your name, date of birth, gender, address and National Insurance number will be kept separately from all the other information in a secure, password-protected document on a computer system. You will be assigned a unique reference number, so that even though a researcher will see all your information, they will not be able to know it is you.
DWP, DfE and MOJ will only keep your personal information for a month and will not keep records showing you were part of this research.
MHCLG will keep your personal information for five years.
We will only use your data within the terms of data protection laws, will delete your data securely and only keep it for as long as necessary. We will review dates for keeping personal data in the future and if necessary update these privacy notices.
To legally share data for this research, local authorities and MHCLG will rely on the Digital Economy Act 2017.
The collection of personal information by MHCLG for this project is compliant with data protection legislation.
Your local authority will collect your personal data under the public task basis (in this case to provide housing services) and agree to share this data with MHCLG under the public task basis (in this case to reduce homelessness).
MHCLG will rely on the following reasons for processing personal data and additional special category data below:
The processing is necessary for this reason:
Special category personal data may be processed if:
(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
You can talk to your local authority about whether your data is being used for this project without it affecting your legal rights or routine care. You can also see copies of all the data MHCLG hold about you and ask for it to be corrected or deleted.
If you want more information you can ask a member of staff. You can also contact MHCLG’s Knowledge and Information Team about seeing your data or withdrawing from the research.
If you are unhappy with the way your personal information is being handled you can contact the independent Information Commissioner.
The final results of this research will be published on the main government website. You will not be identified in any research report.
If you come to us for housing services, including sheltered housing and homelessness, we will collect data such as name, address, date of birth, medical information, income and expenditure, schooling, work and family composition in order to assist us in the allocation of emergency/temporary accommodation or affordable longer term accommodation. This work is carried out under the Housing Act 1996. We retain the data about you in accordance with our retention policy (PDF) – the length of time it is retained depends on your needs and the type of tenancy you receive.
In order to provide the above benefits, the Council is required by the regulations to keep data relating to your claim including contact details, family details, housing details, financial details, verification from DWP and Inland Revenue of financial details and data relating to your claim/payments. This data is kept for seven years after you no longer claim.
Enfield Council keeps a wide range of information for the prevention and detection of crime under various acts including the Crime and Disorder Act 1998 and the Fraud Act 2006. Data held for these purposes are exempt from certain provisions of the GDPR by the Data Protection Act 2018 section 15 and Schedule 2 Part 1.
If you sign up to our library service, we keep data on you to enable us to contact you, to record items you have used/borrowed from the library. We keep this data for one year after your last interaction with us, unless you have outstanding fines in which case your record is kept until the fine is paid.
If you are receiving support from adult social care then the NHS may share your NHS number with adult social care. This is so that the NHS and adult social care are using the same number to identify you whilst providing your care. By using the same number the NHS and adult social care can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS service called the Personal Demographic Service (PDS). Adult social care sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in the Council’s adult social care case management system.
These data are retained in the adult social care system in line with the Council’s record retention policies. These policies are in accordance with the Data Protection law, Government record retention regulations and best practice. Further information is available on our policies and procedures page.
In terms of the Data Protection Act the Council is both the Data Controller and the Data Processor.
The NHS Number then has two uses, the first being a unique identifier to allow Social Care information to be displayed in the Council’s adult social care case management system, for the provision of direct care. We will also use this Number in an integrated care record system across a number of support services including GP’s, hospitals, community matrons, district nurses and social care practitioners.
The Council will share information only to provide health and social care professionals directly involved in your care access to the most up-to-date information about you. It will do this by sharing appropriate information between health and social care services at the time of patient contact. Access to information is strictly controlled, based on the role of the professional. For example, social workers will only have access to information that is relevant to the execution of their care duties.
The Council’s IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care. These policies are available on our policies and procedures page.
The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS Number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.
The addition of the NHS Number to social care data will bring additional benefits:
You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have.
If you wish to opt-out from the use of your NHS Number for social care purposes, please talk with your social worker.
Aon Hewitt Limited ("Aon") has been appointed to provide pensions advisory and calculation services that relate to your membership of the Fund. In doing so Aon will use personal information about you, such as your name and contact details, information about your pension contributions, age of retirement, and in some limited circumstances information about your health (where this impacts your retirement age) in order to be able to provide these services.
The purposes for which we use personal information will include management of the Fund and your membership within it, funding (i.e. helping to ensure that the funds held within the Fund are sufficient to cover the members who are party to it), liability management (that is to say providing advice on the different ways benefits could be determined, and drawn, from the Fund), Fund Actuary duties (which include assessing individuals who are members of the pension scheme and assessing how the make-up of the membership may affect the amounts payable and when they become payable so as to manage the Fund appropriately), regulatory compliance, process and service improvement and benchmarking.
We may pass your personal information to third parties such as financial advisors and benefits providers, insurers, our affiliates and service providers and to certain regulatory bodies where legally required to do so. Depending on the circumstances, this may involve a transfer of data outside the UK and the European Economic Area to countries that have less robust data protection laws. Any such transfer will be made with appropriate safeguards in place.
More detail about Aon’s use of your personal information is set out in our full Privacy Notice. You can also request a copy by contacting us, including reference to the Fund name, at: Data Protection Officer, Aon Hewitt Limited (Retirement and Investment UK), PO Box 730, Redhill, RH1 9FH
If you supply goods or services to the council, we keep records of this supply including your contact details, contract details, purchase orders made, goods/services/invoices received, bank details for payment purposes and records of contacts made. These are kept for seven years after your last interaction with the council.
From 1 April 2013, local authorities were given a new duty to improve the health of their residents.
The Public Health team in a local authority is required to commission and manage certain Public Health services for residents, and provide advice and intelligence about health and wellbeing to help the Council, NHS and other partners plan services that meet the needs of the people of Enfield. To fulfil this function, the Enfield Public Health team uses data and information from a range of sources.
The Enfield Public Health team has a legal status allowing the processing of Personal Confidential Data for Public Health purposes. The use of such data will be restricted so that the principles contained in the Data Protection Act 1998 are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The Enfield Public Health team collects and holds information for public health purposes about:
all to whom it has a public health duty of care.
This information includes;
We work with many types of data to be able to promote health and support improvements in the delivery of health and care services in Enfield. We can describe the data as follows:
Enfield Public Health team uses personal identifiable information about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:
The Public Health team also uses the information to derive statistics and intelligence for assessments and planning purposes, which include:
These statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.
This information is collected in two ways:
It may be provided to us directly by a member of the public when they sign up to use a service we are providing.
It may be shared with us by another organisation due to us being part of a service they are providing, or as part of research and intelligence necessary for Public Health functions, such as informing decisions on the design and commissioning of services. This will include organisations such as Office for National Statistics, NHS Digital, national, regional and local NHS bodies, Clinical Commissioning Group, local authorities and schools.
We are required to comply with data protection regulations to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.
Any personal identifiable data is sent or received using secure email. All data is stored electronically on secure equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all who of whom undertake regular training about data protection and managing personal information.
Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from Enfield Council Public Health is also under a legal duty to keep it confidential.
In relation to births, deaths and hospital episode statistics, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time. Data is permanently disposed of after this period, in line with Enfield Council’s retention policy (PDF) or the specific requirements of the organisation who has shared the data with us.
You have the right to opt out of Enfield Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to. For further information, please email the team.
The Council is registered as a Data Controller with the Information Commissioner’s Office (Registration Number Z5492012) under the Data Protection Act. Further details about how the Council processes personal data can be found in our registration via the Information Commissioner’s Office. You can also view the Council’s NHS Information Governance Toolkit status.
The Registrars service in Enfield has a separate Data Protection registration from the council. The service holds details of births, marriages and death as required by the various acts. This is a statutory service and all data held is in line with the statutes, specifically the Births and Deaths Registration Act 1953, the Marriage Act 1949 and The Register of Marriage Regulations 2015.
The council is required to provide services for a wide range of regulation enforcement and delivery services including, but not limited to:
Each of these services is either covered by a legal basis in legislation and therefore does not require a consent, or is a service which people request and therefore give consent at that point. Many users are companies, but for sole traders the privacy regulations will apply. Retention periods for records are published in the retention policy (PDF).
Enfield Schools are responsible for their own data protection compliance and therefore have individual privacy notices. Please refer to the school website for details.
Enfield Council in its role at a Local Education Authority keeps a range of data relating to schools and early years settings, to administer services. These include the following:
Data kept (contact, pupil identification, parent/carer identification assumed), consent/legal basis and retention period
Manage and organise music education
Details of learning, attendance records, correspondence, free school meals status (for discounts), payments, methods, instrument, level, exams, results. A waiting list is also maintained. Consent on application, three year retention.
Manage and organise group activities, provide records to Arts Council England for grant funding
Attendance records, correspondence, payment reconciliation, application of concessionary rates data, ethnicity, gender and age. Consent on application, retained for 6 months after last attendance.
Enable applications to various funding bodies for scholarships.
Details vary depending on the scholarship qualification requirements. Consent on application, retained for two years after scholarship is finished.
Finance and school place planning
Manage and organise school budgets
Details of pupils; attendance records; free school meals; exclusions; Education Heath and Care Plan records
Early Years and Families Information
To support children's learning and behaviour; Monitor and report on children's progress; Meet our duties to promote high standards of educational achievements; Provide appropriate care; Monitor the impact of funded 2 year olds and 3 and 4 year olds; assess the quality of our services.
We collect and use this information under the Education Act 1996, various enactments relating to the sharing of data with the Department for Education e.g. the Education (Information about Individual Pupils) (England) Regulations 2013. We also collect special category data under the Education Act 1996 and the Children Act 1989 where required. Information outside these enactments is collected and used by consent e.g. voluntary activity data. We will always inform you if you are providing data on a legal basis or if you have a choice about provision.
We routinely share children and young person’s information with:
We hold information about young people living in our area, including about their education and training history. This is to support the provision of their education up to the age of 20 (and beyond this age for those with a special educational need or disability). Under parts 1 and 2 of the Education and Skills Act 2008, education institutions and other public bodies (including the Department for Education (DfE), police, probation and health services) may pass information to us to help us to support these provisions.
Once our pupils reach the age of 13, we pass their contact details to the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide of youth support service and careers advice.
A parent / guardian can request that only their child’s name, address and date of birth be passed to their provider of youth support services by informing us at the contact details in this notice. This right is transferred to the child/pupil once he/she reaches the age of 16.
We will also share relevant information about pupils not in education, training or employment (such as their contact details) aged 16+ with the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide the following services:
Find out more about services for young people.
We share children and young person’s data with the Department for Education (DfE) on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding, educational attainment policy and monitoring and enables them to; produce statistics, assess our performance, determine the destinations of young people after they have left school or college and to evaluate Government funded programmes.
We do not share information about children and young people without consent unless the law and our policies allow us to do so.
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) visit GOV.UK.
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
The law requires us to provide information about our pupils to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The legislation that requires this is the Education (Information About Individual Pupils) (England) Regulations 2013. Find out more about the NPD.
The Department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. Find out more information about the department’s data sharing process.
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record held by their education provider, contact us at the details given in this notice.
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance at the contact details in this notice. Alternatively, you can contact the Information Commissioner’s Office.
The Social Care service collects a wide range of data relating to persons in need of social care services, their carers, family and other persons who may affect them. This includes data which is defined by the Data Protection Law as “special categories” including data relating to racial or ethnic origin, religious or philosophical beliefs, genetics, health and sexuality. The Care Act 2014 and Children Act 1989 gives the Social Care service the legal basis for processing, but we also seek consent where possible for processing your data. If you refuse consent, or limit processing this may affect the level of service we can provide to you and could potentially put you at risk. We may, where you or someone else is at serious risk if we do not share information, share information without your consent, but only if absolutely necessary to prevent harm.
It is commonly necessary for persons receiving / providing social care to be provided with finance in order to manage personal budgets, provide care or other appropriate reasons. In order to monitor spending of public funds, the council records these financial transactions in addition to the data above. These are kept for seven years after the repayment period.
Enfield Council, as a responsible employer, is required by law to keep a wide range of data on prospective, current and former employees, pensioners, contract staff and volunteers. This data has restricted access and is only generally available to appropriate staff including HR advisors and Heath and Safety staff, with managers having limited access to data about their staff.
In addition to statutory requirements, Enfield Council keeps information relating to staff performance, staff vetting, staff training, staff emergency contacts, staff access to sites/buildings/rooms, staff health data where needed to ensure safety of the staff member or the public and other data needed for the safe and responsible delivery of its services. Retention periods for the data are published in our retention policy (PDF).
Enfield Council uses external professional services for occupational health, and staff information will be passed to these providers where there is a need for an occupational health assessment or follow-up.
Staff consent for this recording is part of the contract of employment or is signed up to on commencement by contractors and volunteers.
The council is required by central government to assist in this survey every two years as part of the national carers strategy.
We are required to ask all adult carers in the borough to participate in the survey and to collect and collate data which is then used for planning across government. We do not share personal data of carers with any other organisation, but do share anonymised data with other organisation including health, central government and the voluntary sector.
The data is also used by the council to: