Community services privacy notice - Privacy notices

What personal information do we collect?

This is a joint service with Surrey Heath Borough Council. Both organisations are data controllers.

Runnymede Borough Council, Civic Centre, Station Road, Addlestone, Surrey, KT15 2AH www.runnymede.gov.uk

Data Protection Officer: Natalie Lacey, dpo@runnymede.gov.uk  

Surrey Heath Borough Council, Surrey Heath House, Knoll Road, Camberley, Surrey GU15 3HD www.surreyheath.gov.uk

Data Protection Officer: Head of Legal, Monitoring Officer and Democratic Services, data.protection@surreyheath.gov.uk  

We collect and process personal data relating to our service users in order to provide services to the community. We are committed to being transparent about how we collect and use that data and meet our data protection obligations.

We collect and process a range of information about you. This includes:

  • Identity data such as your name, username or similar identifier, date of birth, gender
  • Contact data such as residential address email address and telephone number
  • Financial data such as details of your bank account and payment card details
  • Information specific to you such as your marital status, ethnicity next of kin and their emergency contact details
  • Transactional data including payments to and from you for products and services purchased
  • Information about medical or health conditions including if you have a disability and your NHS number
  • Marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences

We collect this information in a variety of ways. For example, data is collected through application forms and correspondence with you about the following services

  • Community Alarm and Telecare
  • GPS Location Service
  • Community Transport
  • Meals at Home
  • Day Centres
  • Home Improvement Agency and Handyperson services
Why do we process personal data?

Where you have asked for a service for which you pay for we need to process your data for the performance of this contract with you. For example, we need to process your data to provide you with the services referred to, or in order to take steps at your request, prior to entering into a contract for these services. 

With regard to special category data, such as health and disability data, processing is also necessary for reasons of substantial public interest, namely to support individuals with a particular disability or medical condition.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we have a duty to report safeguarding issues to the appropriate authority. Additionally, the Civil Contingencies Act 2004 requires us to share data with other organisations to support a multi-agency approach to a borough emergency, to ensure that residents identified as potentially vulnerable or at risk are identified as requiring possible support or assistance.

In other cases, we require your consent to process your information. For example, we would like to provide marketing material for our other services which may be of interest to you. However, we will always ask for your consent for this and give you the opportunity to withdraw consent at any time.

Who has access to your personal data?

Where necessary your information will be shared with the parties set out below for the purposes stated above.

  • Surrey County Council (including Adult Social Care) 
  • North West Surrey Clinical Commissioning Group
  • Surrey Heartlands Health and Care Partnership or Surrey Heath Clinical Commissioning Group
  • Woking Borough Council (as a partner organisation)
  • Safer Runnymede (who monitor the Community Alarm and Telecare Service and GPS Location Service)
  • Emergency services
  • Other council departments where there is a legitimate need to access your data
  • Telephone companies (to manage upgrades to the telecare service)

In addition, we will share your information with other borough councils and voluntary sector organisations where services you request or express an interest in are not provided directly by Runnymede Borough Council. 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.

List of Vulnerable People
In order to plan and mitigate the effects of emergencies we maintain a list of all those people who could be affected by an emergency. We share this list with other emergency responders, in an event of an emergency, so we are able to make the right judgements.

This sharing is regulated by the Surrey Provision of Direct Care Information Sharing Agreement and the Multi Agency Sharing Protocol Agreement.

The organisation will not transfer your data to countries outside the European Economic Area.

How do we protect personal data?

We take the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our systems is limited to members of the Community Services team whose job role requires access to the personal data.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 6 years after they cease being customers for internal administration purposes.

Your rights

As a data subject, you have a number of rights, including access to your data. A request for access can be made via our website or by sending an email to foi@runnymede.gov.uk

Data Protection Subject Access Request(SAR) | Introduction – Runnymede Borough Council

To find out more about your rights please see the ‘Your Rights’ section of our main privacy statement

If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially try to resolve it with the relevant department.

If you are unable to resolve the issue to your satisfaction contact our Data Protection Officer (DPO) who will investigate. If you remain dissatisfied with the outcome of the DPO’s review you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on their website Information Commissioner's Office (ICO)

Submit a FOI request

Submit a subject access request

Report personal data published