We keep our privacy notice under regular review and we will place an updated version on this page. This will help ensure that you are always aware of what information we collect and how we use it.
Unless stated, your personal data is being collected and processed by, or on behalf of, Southampton City Council.
As part of the council’s response to the COVID-19 virus, we will need to share information with other organisations in order to:
- Contact individuals to arrange support
- Arrange deliveries of basic food packages directly to vulnerable people
- Inform those organisations of other essential needs
- Inform those organisations of individuals who have said they do not currently need support so resources can better be targeted at others
- Refer people with urgent welfare and care needs to the appropriate service
The data shared may be obtained from the NHS, Social Care records, Housing Records, and the Electoral Register, and may include:
- Dates of birth
- NHS number
- Addresses and post codes
- Mobile and landline telephone numbers
- Email addresses
- Indication that individuals have a pre-existing medical condition which makes them extremely vulnerable to COVID-19, but no specific information on medical conditions will be shared
NHS Test and Trace
In order to assist the NHS’s Test and Trace service, the Council is maintaining a temporary record of our visitors. This information will be shared with the NHS if needed, in order to help contain clusters and outbreaks during the coronavirus pandemic.
The information we will collect about you is as follows:
- Your name
- A contact telephone number
- The date of your visit, arrival time, and departure time
- Any staff member that you’ve interacted with
If we do not have this data already on our systems, you will be asked to provide it.
This data will be held for 21 days, at which point it will be securely disposed of and deleted. If you prefer that we didn’t share this data with the NHS, you can opt-out. If you wish to do so, please notify a member of staff during your visit, or contact the Council's Data Protection Officer using the details below.
Please note that whilst providing your information is voluntary, we may refuse entry to buildings and services and carry them out remotely instead if necessary, in order to comply with government guidelines on test and trace and entry to public places and buildings.
The Council relies on the following lawful bases for processing the Shared Personal Data:
- The processing is necessary for the performance of a task carried out in the public interest under Article 6(1)(e) of GDPR
- The processing is necessary for reasons of substantial public interest performance of a task carried out in the public interest under Article 9(2)(g) of GDPR
- The processing is necessary for reasons of public interest in the area of public health under Article 9(2)(i) of GDPR
- The processing is necessary under paragraph 6 of Schedule 1 of the Data Protection Act 2018
More detailed information about the data processing of the following services can be viewed by visiting the pages below:
Data Protection concerns and Data Protection Officer details
If you have any concerns about how the Council is handling your personal data, these can be initially raised with the Council's Corporate Legal team
Southampton City Council
Data protection concerns will be investigated without undue delay, and a response will be issued within one month of receipt of the concern. This is in line with the timescales for individuals exercising their rights under the General Data Protection Regulation (GDPR).
If you receive the response from the Corporate Legal team and remain dissatisfied, you may ask for your concerns to be reviewed by the Council’s Data Protection Officer.
Whilst the escalation process will be contained on the response from the Corporate Legal team, the contact details for the Council’s Data Protection Officer are as follows:
Information Lawyer (Data Protection Officer)
Southampton City Council
Should you remain dissatisfied when both stages of the data protection concerns procedure have been exhausted, you can raise your concerns with the Information Commissioner’s Office
Whilst concerns about the processing of your personal data should be raised with the Council in the first instance, you have the right to lodge a complaint directly with the Information Commissioner’s Office at any time.
What information do we collect about you?
Whilst visiting our site, you may be asked to enter personal data on one of our online forms. 'Personal data' means any information relating to an identified or identifiable natural person.
The information requested will be the minimum necessary in order to provide our services effectively, and may include your name, contact details, and other personal data.
In some cases, we may request sensitive personal data, such as ethnic origin or religious belief, but only when necessary to provide the service requested.
All local authorities have a duty to improve the health of the population they serve. To help with this, we use data and information from a range of sources to understand more about the nature and causes of disease and ill-health in the area. Examples of the data processed for this purpose include births, deaths and hospital activity data. More information can be found on our Public Health privacy page.
Important information about the processing of your personal data
The purpose of the processing will be the service or function for which the information is being collected, and your personal data will not be used for another purpose, unless provided for by law
The Council may share your personal information for the purposes of the prevention, investigation, detection, or prosecution of criminal offences
We will not process your personal data unless it is necessary to do so in order to comply with a legal obligation, perform a public task, or to exercise official authority. Further details of our powers and duties can be found on the Local Government Association's website
In performing the service or function, it may be necessary for us to share some of your personal data with external organisations or internal departments. Depending on the service or function, we may share information with the following types of organisations:
Central Government Departments
Debt Collection and Tracing Agencies
Housing Associations and Landlords
Ombudsmen and Regulatory Authorities
Other Local Authorities
Voluntary and Charitable Organisations
We will not transfer your personal data to other countries or international organisations without adequate data protection
Your personal data will only be held for as long as necessary for the performance of the service or function. This period will vary depending on the service or function being performed, and further details can be found in our Records Review and Retention Schedule
In addition to the right of access, the GDPR provides the following rights to individuals:
- The right to be informed
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Depending on the service being provided, these rights may apply to the processing of your personal data. Further information about these rights can be found on the Information Commissioner's Office website.
If you wish to exercise one or more of these rights, a request should be made in writing to the Council’s Data Protection Officer or using the Data Subject Rights Request form.
If the processing of your personal data is based on your consent, you have the right to withdraw this at any time. Please note, withdrawal of your consent will not affect the lawfulness of any processing that took place prior to this
Whilst concerns about the processing of your personal data should be raised with our Data Protection Officer in the first instance, you have the right to lodge a complaint with the Information Commissioner’s Office
If we are requesting your personal data, it is because it is necessary and relevant to the service or function being performed. As such, if you withhold information, it is likely that we will not be able to perform the service or function, or there will be a delay in doing so
Your information will be held and transferred securely at all times and we will ensure that nobody has access to it who shouldn't. Where necessary, we will use encryption to ensure the security of your transactions
Communications with the Council (including online transactions) may be subject to monitoring and recording only for purposes permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
Webchat is available for a number of services on the Southampton City Council website. It allows you to speak to our customer advisors in real time using 'web chat' functionality to provide online support to citizens.
If you engage with our webchat, we may collect:
- Your name and email address
- Chat transcripts
- Completed surveys
- Automatic information, such as IP address, operating system and type of browser and the geographical location
Data from each 'chat' will be held for six months and may be used when looking into your enquiry and for quality purposes. You may be asked to complete a short survey on completion of your web chat. All answers for the survey are anonymised and will be used for service improvement.
Our chatbot is available on pages across the Southampton City Council website to provide online support to our customers. It allows you to ask us questions relating to council services and receive a response in real time. Please do not enter any personal data in your conversations with the chatbot.
The Council will hold the data from each conversation for six months. On completion of your conversation you may be asked to complete a short survey. All answers for the survey are anonymised. Conversations and survey results may be used for quality monitoring and service improvement purposes.
If you send us an email, its contents will be checked before it is released it to the person to whom it was sent. Software will automatically detect unacceptable content, including obscenities and profanities, certain attachment types, viruses, spam (junk emails). If an email that contains unacceptable content is detected, it will not be delivered.