Customer Privacy Notice
Last updated: 31 January 2023
This is where you can find out what we do with your personal data (information that is about you).
This is a general description. For more information about particular services, such as planning or benefits, please see the links at the bottom of the page.
What we mean by personal information is any information that can be collected via a paper or online form, by telephone, email, CCTV or by a member of our staff.
- Who are we
- What personal information we obtain
- Why we collect information about you
- How we use your information
- International transfers
- Information Sharing
- Communication with the Council
- Profiling and automated decision making
- How long will your information be held
- How we protect your information
- You information rights
- Website analytics
- Changes to this Privacy notice
- How to complain
- Contact information
- Service specific Privacy notices
- My South Cambs customer portal
We are registered (Z5418062) with the data regulator, the Information Commissioner’s Office (ICO) as an organisation that makes decisions about how personal data is used (a Data Controller).
We may not be able to provide you with a product or service unless we have enough information. Some of the services we offer, that we cannot complete without your information, are below:
- deliver public services
- confirm your identity to provide services
- contact you as you want us to
- understand your needs in order to advise you on the correct service and then provide that service
- ask your opinion about our service
- update your customer record
- help us understand how we are performing at delivering services and if we provide what our residents need
- process financial transactions
- prevent and detect fraud in the use of public funds
- allow us to undertake statutory functions efficiently
- enable us to meet our statutory obligations including those related to diversity and equalities
You can see service specific information in the section below. However, we mostly process data because the law tells us we have to. Further details of these are laws can be viewed on the government website.
We will use your information transparently. We will not keep it for longer than is necessary. We will try to keep your information up to date and accurate. We will always make sure you understand why we need the information. We will not collect irrelevant information.
In general, we process your information for the following reasons:
- for the service you have requested, to monitor and improve our performance in responding to your request
- to allow us to communicate effectively with you and provide services appropriate to your needs
- to the things the law tells us to do
- to carry out our law enforcement functions
- to prevent or detect fraud or crime
- to process financial transactions
- to collect money owed to us
- to protect individuals from harm or serious injury
- to analyse data to improve our services
We will not pass any personal data on to third parties, other than:
- those who process information on our behalf (our suppliers sometimes need access to information to deliver services for us)
- because of a legal requirement (such as needing to send certain information on benefits to the Department for Work and Pensions)
- organisations that we engage with in joint working (such as other councils and NHS bodies)
We will only do so, where possible, after we have tried to make sure that other organisations will also safeguard your information and use it lawfully.
None of our core systems host or store data outside the European Economic Area (EEA). Where we do transfer data internationally, it is through the use of websites such as Eventbrite. You use these services only with your consent and we avoid transferring any sensitive information.
If we do need to transfer any data outside the EEA, we do so with data processing agreements that meet our obligations under the Data Protection Act.
We may share your personal data within the Council, with other public authorities or government agencies in order to provide services to you and to prevent and detect fraud. The Council is a signatory to the Cambridgeshire Information Sharing Framework, which sets high standards for secure and safe practices in information sharing within the County and beyond.
Information will not be sold, or provided to anyone else, or used for any purpose that is not related to any of the Council's statutory functions, unless you have been advised that we will do so or it is required by law. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will take all appropriate safeguards.
When you call our main contact centre (01954 713 000) we record our calls for security and training purposes and keep them for 30 days. However, we do not record payment transactions or if the call is passed onto another member of staff who works outside of the contact centre.
Using our website
Some of our e-forms have their own Privacy Notice wording at the beginning of the form, before you enter any personal information. We recommend you read the Privacy Notice before filling in the form, as details of your rights will be in the Privacy Notice in the form. If a form does not have its own Privacy Notice, this Privacy Notice applies.
We use a range of different systems, requiring a different account username and password to sign in. We make sure these are kept secure in our systems. We would ask that you take care of your login details.
We have installed CCTV systems in some of our premises used by members of the public, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.
They are installed in our recycling sites for the purposes of public and staff safety, crime prevention and detection, and the abuse of council policies.
We also have some camera mounted on vehicles to improve the safety of our staff and assist with health and safety investigations.
In all locations, signs are displayed notifying you that CCTV is in operation and providing details of whom to contact for further information about the scheme.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.
You have the right to see CCTV images of yourself and be provided with a copy of the images.
Automated decision making
We do not make automated decisions generally, with the following exceptions, using the information you have provided:
- Some changes in circumstances relating to existing claims for benefit
- Change of address, Single Person Discount and change of payment method for council tax, where this information is provided via an e-form
- Some housing allocation is on a points-based system, which is automated to ensure that it is fair
Detect and prevent fraud or crime
We are required by law to manage public finances. We may use any of the information you provide to us for the prevention and detection of fraud.
We may also share this information with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud. This includes the Cabinet Office’s National Fraud Initiative, the Department for Work and Pensions, other local authorities, Her Majesty’s Revenue and Customs, and the Police.
We will not keep your information any longer than needed to provide the services you require. We may keep your data longer if we need to retain it for legal, regulatory or best practice reasons. The Retention Schedule [PDF, 0.8MB] sets out details of how long we keep data.
The information you provide will be subject to thorough measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t be allowed to see it.
We have a comprehensive set of Information and Security policies that we work with. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
In terms of payments, we use a PCI-DSS compliant provider for secure electronic payment systems. All transactions carried out via our payments provider website are protected by Secure Socket Layer (SSL) technology. This is to ensure that any information you provide, when transmitted over the internet, is encrypted and secure.
If something goes wrong with how we manage your information and this will cause serious harm, we will tell you and notify the regulator, the ICO, within 72 hours.
If you have any concerns about the way we have handled your personal data please contact the Data Protection Officer by emailing infogov@3Csharedservices.org. Your complaint will be answered as soon as possible and within 20 working days.
The Council takes a ‘data protection by design and default’ approach when we develop policy, strategy, or initiatives that have privacy implications including technological changes. We will carry out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests. We’ll carry out a screening checklist at the outset of a project (small or large) so that where there are potentially significant risks to individuals privacy this will be appropriately assessed and measures to mitigate the risk if applicable, will be actioned.
The Council recognises that individuals have specific enhanced rights dependant on the lawful condition for processing, and maintain procedures for individuals to exercise those rights.
The council has a month to respond and comply with a request you make. This is a maximum period. The council will take measures to assure ourselves of your identity and may ask you to provide photographic ID before addressing any request.
No charges will be made for supplying this information. Where we hold a lot of information about you, we may ask you to narrow the scope of your request. Requests about your rights will be coordinated by the Information Governance team. You can make a request by writing to us at email@example.com or write to us at the Council address
Right of access (Subject Access)
You have the right to ask the council what personal information we are processing about you and obtain:
- A copy of the personal data
- The purposes for which the data is being processed
- Categories of data being processed
- Who it is shared with
- How long the council will keep the data
- Source of the data (where it is not the data subject)
- Their right to rectification, restriction or erasure
- Their right to lodge a complaint with the ICO
Right of rectification
You have the right to have inaccurate personal data corrected without undue delay.
Right to erasure (right to be forgotten)
Under certain circumstances you can ask for your data to be erased. The council must comply with this request if:
- The data is no longer necessary
- It is being processed on the condition of consent and this consent is withdrawn
- The subject objects to direct marketing using that data
- The grounds for processing are unlawful
- There is a legal obligation to erase the data
- The data concerned a child and it was processed online on the basis of parental consent.
The council does not have to comply if processing is necessary for:
- Exercising freedom of expression
- A legal obligation, lawful authority, a public task, or in the public interest
- In the public interest in protecting public health
- Archiving in public interest or scientific or historical research
- Establishing, exercising or defending legal claims
You will be notified of outcome of the request without undue delay and no later than a month after a request has been made.
Right to restriction of processing
You can ask us to stop using your information for certain purposes and in a number of circumstances:
- When its accuracy is contested and the authority is considering their position
- When you are using your right to object to processing (see below) and the authority is considering the balance of their grounds for processing against those of yours
- When the processing is unlawful but you don’t want it to be erased (for example, if you are pursuing a complaint)
- You need the data to establish, exercise or defend legal claims (even if the Council no longer needs to process the data)
- When processing is restricted the Council is allowed to store the personal data, but not to process it further. The data the Council hold on its systems should at least be marked as unavailable, but other measures will be considered such as a restriction of access by staff
- If the personal data in question is disclosed to third parties, the Council will inform you about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. You can request only the data you have supplied to a controller (under either ‘Consent’ or ‘Contract’ lawful conditions only) to be provided in a ‘structured, commonly used and machine readable format (for example, CSV). You can request that this information is supplied directly to another data controller on your behalf.
The Council will ensure the data is transmitted securely.
Right to object
You have the right to object to the use of your data if it is processed for
- Legitimate interests or the performance of a task in the public interest
- Direct marketing (including profiling)
- Processing for purposes of scientific/historical research and statistics
- The data must be restricted whilst the authority is considering the balance of their grounds for processing against yours.
- Right to object to automated decision making
You have the right to object to any decision made by solely automated means. You can ask for human intervention on any decision, to express the Councils point of view and to obtain an explanation of the Councils decision. You also have the right to challenge the decision.
Where possible we will seek to comply with your request but we may be required to hold, retain or process information to comply with a legal obligation or as a public task.
Cookies are small pieces of data which are inserted into your browser as you look at our website. They enable us to improve the overall browsing experience, or remember certain settings.
Any personal data which you provide via our website is used only for the purposes described, and is never divulged to third parties.
You can control settings and measurement cookies on our cookie management page, or all cookies via the methods below. Please be aware that while cookies can usually be turned off by your browser, but this may affect the way the website reacts.
Clear, Enable and Manage Cookies
You can choose to delete existing cookies, allow or block all cookies, and set preferences for certain websites.
There are two types of cookies:
- First-party cookies are created by the site you visit. The site is shown in the address bar.
- Third-party cookies are created by other sites. These sites own some of the content, like ads or images that you see on the webpage you visit.
Clear all cookies
If you remove cookies, you'll be signed out of websites and your saved preferences could be deleted.
- Tap Privacy
- Clear browsing data
- Choose a time range, like Last hour or All time
- Check "Cookies, media licences and site data." Uncheck all the other items
- Tap Clear data
Allow or block cookies
You can allow or block cookies saved by websites.
Note: If you don't allow sites to save cookies, most sites that require you to sign in won't work.
- Tap Site settings Cookies
- Turn Cookies on or off
- Block cookies from other sites
- You can allow cookies from the site you visit, while blocking cookies from other sites that own ads or images on the webpage. To block these third-party cookies, uncheck the box next to "Allow third-party cookies."
- All cookies and site data from other sites will be blocked, even if the site is allowed on your exceptions list.
We also use Silktide for website analytics. Silktide Analytics works without cookies and uses IP addresses. None of the data can be used to identify users.
Our privacy notice will be reviewed every two years, or when significant changes occur in related legislation or in Council strategy. When this happens we will update the date at the top of this page so it is visible.
If you wish to raise a complaint about your personal data privacy or information rights please view our complaints and feedback information.
If you wish to make a complaint direct to the Data Protection Officer please email: firstname.lastname@example.org
You have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO). Contact details for which are on the ICO website.
Please also see our contact us page for all ways to contact us.
If you have any concerns or comments please contact the Council’s Data Protection Officer directly on the following email email@example.com.
- Action on Energy privacy notice [PDF, 0.2MB]
- Community Lifeline privacy notice [PDF, 0.2MB]
- Democratic services privacy notice [PDF, 0.2MB]
- Electoral Services privacy notice [PDF, 0.2MB]
- Housing privacy notices [PDF, 0.2MB]
- Monitoring Officer privacy notice [PDF, 0.2MB]
- Ukraine Homes privacy notice
- Planning privacy notice [PDF, 0.2MB]
- Planning Policy privacy notice [PDF, 0.2MB]
- Revenues and Benefits privacy notice [PDF, 0.2MB]
- Environmental Health privacy notice [PDF, 0.2MB]
- Website user research privacy notice [PDF, 0.1MB]
The South Cambridgeshire District Council portal "My South Cambs" enables you to:
- Register an account
- Log into your account securely
- Access submitted eForms
- View history
- Track queries and/or enquiries
Once registered you have the choice to enter the required fields manually or to use social media to sign up.
The social media will auto populate your personal data with the following fields:
- Date of Birth
The above information is only used to verify your account.
Please note that your social media account is not managed by the council and any data breaches pertaining to your social media accounts should be directed to the third party.
If you have any queries regarding your personal data in the customer portal please email: firstname.lastname@example.org