How we use your personal information
West Sussex County Council (WSCC) complies with the Data Protection Act 1998 and is registered as a ‘Data Controller’ with the Information Commissioner’s Office (Reg. No. Z6413427). We ensure that your personal data is processed fairly, kept safe and secure and retained for no longer than is necessary. If you are under 18, please get your parent or guardian's permission before you provide personal information to our website.
In order to register and receive or use many of the services on our website, you will be required to submit some personal information. We will hold this information for as long as it is needed for the service you have requested and remove it when that purpose has been met, or, in the case of an online information service such as email alerts, you no longer wish to continue to receive the service and choose to opt out.
This personal information may be shared with internal departments or with external partners and agencies involved in delivering services on our behalf.
Statutory services such as education and social care, protection of vulnerable children and adults and the support of public health and wellbeing, may involve collecting, using and sharing Sensitive Personal Data as defined by the Data Protection Act 1998. We do not disclose or share sensitive or confidential information without your explicit consent, except in a small number of situations where disclosure is required by law, or where we have good reason to believe that failing to do so would put you or someone else at risk.
You may decide you do not wish your personal information to be collected or shared, or may set conditions on our use of it. In such cases we may not be able to provide the service you require, or may only be able to provide it in a limited way. There are occasions where we have a statutory obligation to collect or use personal information.
We may use ethnic, gender, sexual orientation and age information, such as equalities data to compile statistics in order to comply with equality legislation and assist in planning and service provision. Such data does not identify individuals or affect your entitlement to services.
WSCC must protect public funds and may use personal information and data-matching techniques to detect and prevent fraud and ensure public money is targeted and spent in the most appropriate, cost-effective way. In order to achieve this information may be shared with other bodies responsible for auditing or administering public funds, including the Audit Commission, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, Fraud Investigation Services and the Police. WSCC uses CCTV for the detection and prevention of crime.
We reserve the right to monitor and record electronic communications (website, email and telephone conversations) for the purposes of keeping records, staff training, detection, investigation and prevention of crime. We will inform you if your call is being recorded or monitored.
WSCC may use personal information to identify individuals who need additional support during emergencies or major incidents, for example, emergency evacuation.
To enable WSCC to provide effective integrated social care with Health Partners, we may share personal identifiable information with NHS Digital in order to obtain NHS Numbers.
We do not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent. We may process your personal information using web services hosted outside the European Economic Area, but only where a data processing agreement is in place that complies with obligations equivalent to those of the Data Protection Act.
Emails that we send to you or you send to us may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedule. If we need to email sensitive or confidential information to you, we will perform checks to verify the correct email address and may take additional security measures. If sending us such information we recommend using our secure online forms where provided, or the postal service.
Our website does not store or capture personal information of users with general public access, but does log visitors' IP addresses. Cookies are not used for the general running of our website, but are used to enable requested services. Using our website confirms your acceptance of our cookies.
National Fraud Initiative
The National Fraud Initiative (NFI) is an exercise that takes place every two years by the Cabinet Office and matches electronic data within and between public sector bodies to prevent and detect fraud. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
We have a legal obligation to take part in the exercise which also includes police authorities, local probation boards and fire and rescue authorities, as well as other local councils.
Details recorded on our payroll system are provided electronically to the Cabinet Office as part of the exercise using a password-protected website. Strong security measures are in place to protect the information and access to the data extract file is strictly controlled.
The data extract will not be sent by post or by courier. Once the data extract file has been successfully submitted, it will be removed from the County Council's computer network.
Further information about the National Fraud Initiative can be found on GOV.UK.
For data matching queries relating to West Sussex County Council, please contact:
- Phone: 033 022 28666
- Email: email@example.com
- You may request that WSCC stops processing your personal data in relation to any council service. This may delay or prevent us delivering a service to you. We will seek to comply with your request but may be required to hold or process information to comply with our legal duties.
- You are entitled to request access to, and a copy of, any information we hold about you.
- You have the right to ask to have your information corrected.
- You have the right to view CCTV images of yourself, and be provided with a copy.
If you have a complaint about why your information has been collected, how it has been used or how long we have kept it for, please view our Comments and complaints section.
2 Public Health Data privacy notice
WSCC complies with the Data Protection Act 1998 and is registered as a ‘Data Controller’ (Reg. No. Z6413427). WSCC endeavours to keep your personal information accurate and up to date and ensures that it is not kept longer than necessary. The County Council exists to provide a wide range of services. This can only be done by collecting and using the appropriate personal information which is collected either in person, over the phone or via the forms on our website.
When contacting us, you may be asked for personal information such as name, address and postcode.
Information may be collected:
- to fulfil your request for information or services
- as input to improving our site
- as part of the process of consultation.
It will only be used in those activities necessary to provide you with the service you have requested or require. Any information provided via the comments/compliments/complaints area of the website will be used for the purposes which we reasonably believe it was provided for.
You will be advised of any additional purposes or uses at the time the information is collected.
In addition to the purposes which we have stated when we collected the information, it will also be processed in line with those purposes which we have identified on our Data Protection Notification which is registered with the Information Commissioner’s Office. We may also use information for those purposes required by law.
How your data is used
Information which you have provided the County Council will be stored securely. It will be used for the purposes stated when the information was collected.
Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.
Since April 2013, The Health and Social Care Act 2012 has given local authorities the power to perform public health functions. This means that the we have "A duty to improve the health of the people and responsibility for commissioning appropriate public health services" and the statutory responsibilities for public health services are clearly set out in the Health and Social Care Act 2012.
You have the right to opt out of West Sussex County Council receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues.
The process for opting out will depend on the specific data and what programme it relates to. For further information, please email the Public Health team: ACDJSNA@westsussex.gov.uk.
Health and Social Care Act 2012
To deliver public health, local authorities need to use available health data sources to get relevant health and social care information. This data can contain Person Identifiable Data (PID) which may identify patients such as name, address, age, sex, ethnicity, disease, use of hospital services, and/or NHS Number.
Some data may not be obviously identifiable, however there may be the potential to deduce individuals’ identities through combinations of information, either by the people handling the data or by those who see published results.
We will have access to the following data:
- Primary Care Mortality Database (PCMD) - The PCMD holds mortality data as provided at the time of registration of the death along with additional GP details, geographical indexing and coroner details where applicable.
- Births and vital statistics datasets - Births files, includes date of birth, sex, birth weight, address, postcode, place of birth, stillbirth indicators and age of mother. Deaths data, includes deaths broken down by age, sex, area and cause of death sourced from the deaths register.
- Hospital Episode Data (HES) - A data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. This data is collected during a patient's time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data.
West Sussex County Council’s Public Health service will access health and related information to analyse the health needs and outcomes of the local population and for monitoring trends and patterns of diseases and the associated risk factors.
The County Council Public Health team is however, committed to using pseudonymised or anonymised information as much as is practical and in many cases this will be the default position.
Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. The purpose is to render the data record less identifying and therefore lower customer or patient objections to its use.
Anonymisation is the process of removing identifying particulars or details from something (especially medical test results), for statistical or other purposes.
All information accessed, processed and stored by public health staff will be used to measure the health, mortality or care needs of the population, for planning, evaluating and monitoring health, protecting and improving public health. It is used to carry out and support:
- health needs assessments
- health equity analysis
- commissioning and delivery of services to promote health and prevent ill health
- public health surveillance
- identifying inequalities in the way people access services
- joint strategic needs assessment
- health protection and other partnership activities.
Any information held by the County Council about individuals will be held securely and in compliance with the Data Protection Act 1998. Information will not be held for longer than required and will be disposed of securely.
The legal basis for the flow of data for the above purposes is set out in Section 42 of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
Data Protection Act 1998 and subject access requests
Under the Data Protection Act 1998, we have a legal duty to protect any information that we collect from you. We take measures to safeguard your data and apply security standards and controls to prevent any unauthorised access to it.
For independent advice and a guide to data protection visit the Information Commissioner’s website.
Further information can be found on how to exercise your rights under the Data Protection Act.
Freedom of information
The Freedom of Information Act came fully into force on 1 January 2005. This act gives you the right to access information held by WSCC. There are exemptions to this right and, should any of these apply, we are required to explain this to you. Some information may incur a charge and details of these charges can be found on the website.
Further information on the County Council's Freedom of Information Team and its role within the organisation can be found on the Freedom of Information page.
Collecting information automatically
Our website does not collect personal information of users with general public access.
Health related data is accessed over an N3 connection, the secure national broadband network for the NHS. Any data extracts and analysis are saved in the confidential data library storage areas for Public Health Analysts which has restricted access controls.
The County Council seeks to provide high quality information and we have made every effort to ensure that this information is accurate and up to date. However, we are unable to give any guarantee as to the accuracy of the information on the website and can accept no liability for any loss, damage or inconvenience which may be caused by relying on any such information.
We take reasonable steps to ensure that any external website that we provide links to, or any information provided by third parties, is not offensive or defamatory. However, we are unable to take responsibility for the content of any such information or website maintained outside of the council.