Privacy notice

Personal data includes information about living individuals who can be identified from the data we hold about them.

Our reasons for using personal information include:

• delivery of services and support to you
• managing our services
• training workers
• investigating complaints about our services
• monitoring and protecting public spending
• monitoring the quality of our services to ensure they are delivered in the most efficient and effective way
• helping us to improve and plan new services
• complying with laws that require us to provide personal information to other organisations, such as health organisations and courts.

We are usually allowed to use your information because we are complying with a specific public task or because the service we are providing is set out in law.

However, there may be circumstances when we need your consent to use your information. We will tell you if that is the case and ask you for your permission before you receive a particular service.

My Care Record

We are also part of the My Care Record approach which is supporting the work of health and care organisations across the East of England. Wherever possible, health and care professionals will be able to access your records from other services when it is needed for your care. For example, a doctor treating you in hospital, or a nurse working in the community, could view the information they need from your GP records. For more information, including the My Care Record Privacy Notice, please visit the My Care Record website.

National Data opt-out

Under the national data opt-out everyone who uses publicly-funded health and/or care services can stop health and care organisations from sharing their “confidential patient information” with other organisations if it is not about managing or delivering their own care. For example, if this information is used for research or planning purposes.

If you have any questions about the national data opt-out, or want to view or change your national data opt-out choice at any time, you can do this via the online service or by calling the NHS Digital Contact Centre on 0300 303 5678.

You have several rights regarding your personal data. These are:

Access to records

You can ask for copies of information we hold about you.

Correction of inaccurate information

If you think information we hold about you is inaccurate or incomplete, you can ask for this to be corrected.

Portability

You can ask us to provide any electronic data we may hold about you in a format that allows you to transfer it from one service to another.

The right to erasure (also known as the right to be forgotten)

You can ask for personal information we hold about you to be deleted or removed in some circumstances. For example, where we no longer need to use it.

We will not always be able to agree to the request, but in those cases, we may at least be able to restrict the processing.

Objections

You can ask us to stop processing your information for certain purposes, such as direct marketing.

However, this may delay or prevent us from being able to deliver a service, and we will not always be able to agree to your request, particularly where this relates to our public task functions.

Restrictions

You can ask us to restrict the processing of your data, even though we still hold it.

For example, where you are challenging the accuracy, or where we have to continue to hold the data for legal reasons, even though you have objected.

Automated decision making and profiling

You are entitled to protection against damaging decisions being made about you due to automated processes based on digital or other information we hold, and without human intervention, except for some situations where this is authorised by law.

For more information about your rights, please contact data.protection@suffolk.gov.uk.

Suffolk County Council has a range of security controls in place to safeguard the personal data we process, including:

• encryption of data (and other methods to make personal data not identifiable as it is shared and stored)
• controls on access by personnel
• audit and adequate training.

We will only keep your personal data for as long as we need to provide services or fulfil our obligations, and to comply with any legal requirements for keeping certain types of data.

The department providing a service to you will inform you of how long we expect to hold your data.

We will not sell or give personal information to any other organisation for direct marketing purposes without your consent.

SCC has contracts with some other organisations to help us provide services in certain areas, or to manage information. Those contracts and other arrangements have procedures in place which require the organisations to comply with data protection law so that the information will only be used to discharge those functions.

SCC will not share your personal information with third parties generally, though there are some situations in which we have a legal duty to do so, which may override your right to confidentiality in that particular circumstance. These include:

• court proceedings
• detection and/or prevention of crime or fraud
• to protect a child
• to protect a vulnerable adult

We will always aim to share the minimum information that will enable us to fulfil our legal obligation and will try where possible to protect your information by anonymising it. We will keep you informed about what information we have shared and with whom, where we are legally able to do so.

We will sometimes share data with third parties to help us, for example, to deliver our services to you. If this happens, the department providing the service to you will tell you which organisations your information has been shared with.

If you would like independent advice on this privacy notice or other matters about personal information, including complaints, you can contact the Information Commissioner's Office at:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Email: casework@ico.org.uk