Council surveillance/CCTV - privacy notice
Who we are?
Derby City Council is the local government unitary authority for Derby City. Our address is The Council House, Corporation Street, Derby, DE1 2FS. You can contact our Data Protection Officer on 01332 640763 or by email at firstname.lastname@example.org.
How do we collect information from you?
We collect information from you when you visit www.derby.gov.uk, when you fill in any forms using our customer portals or on our website, including myAccount; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.
What types of information do we collect from you?
We collect different categories of information about you, depending on the service you want from us and/or the reason why we need to process information relating to you. This could be personal information (for example your name and address), or other more sensitive data that we would only collect and use in very particular circumstances that are set out in law.
Details of information obtained from third parties?
We may receive information from third parties relating surveillance or CCTV. This will usually be other public bodies or statutory agencies such as the police or legal representatives.
How is your information used?
The Council or its partners may use footage to investigate incidents that have happened on or in the vicinity of Council premises. The nature of such investigations may include but is not limited to:
- disciplinary investigations
- health and safety investigations
- technical equipment assessments
- criminal investigations
We process CCTV footage in accordance with:
- Council's legitimate interests
- Health and Safety legislation
- The Protection of Freedoms Act 2012
- The Surveillance Camera Code of Practice
- The Data Protection Act 2018
- The General Data Protection Regulations
- Employment legislation
- Legal claims
- Human Rights Act 1998
- Regulation of Investigatory Powers Act 2000
Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. Under the Public Health (Control of Disease) Act 1984 and associated Regulations; the Council has a legal duty to store, process and share personal information. The information will be stored, processed and shared as part of investigations into COVID-19 cases and outbreaks and issues of non-compliance with the Acts and associated Regulations. The information will also be used; interrogated and mapped to inform the Councils actions and decision-making processes. Any such storage, processing or sharing of information will be done in the public interest in order to promote health and wellbeing.
During the investigation of cases and/or outbreaks of Coronavirus, information which is gathered may be shared between departments within Derby City Council; with other Councils associated with an outbreak; other health services or with other government bodies associated with the control of the Coronavirus. The Council has a duty to notify national Government bodies, such as the UK Health Security Agency and the relevant local authority where an individual resides (if different), where there are suspected Coronavirus cases. The Council will disclose the information under Article 9(2)(j) of the UK GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential information may be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the individual’s and the public interest in maintaining the confidentiality of such data.
The Council may contact staff, service users, residents, patients, businesses and premises with messages relating to Coronavirus by text, phone, letter or e-mail. This contact is not direct marketing; therefore we do not need your Consent before contacting you. There is more information available on the Information Commissioners Office's website.
Research and statistics
Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.
Who has access to your information?
We may share your information with:
- Statutory agencies for the prevention or detection of crime.
- Insurance companies in the event of insurance claims or liability
- Parties to proceedings in the event of legal claims
- Maintenance providers in the event of a health and safety incident
- Internal departments – such as HR in the event of disciplinary investigation
- IT or system suppliers – in the event of a technical issue or a specific need for technical support.
We may share your information with statutory agencies; to prevent or detect crime, where there is a legal obligation, or in the course of legal proceedings.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
What are your rights in relation the personal data we process?
- Access – you can request copies of any of your personal information that is held by the Council.
- Rectification – you can ask us to correct any incorrect information.
- Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
- Portability – you can ask us to transfer your personal data to different services or to you.
- Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
- Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.
How long will we keep your information for?
We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.
What security precautions are in place to protect the loss, misuse or alteration of your information?
We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.
Keeping your data up to date
We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.
Details of any automated decision processes
There are no automated decisions is relation to Council surveillance or CCTV.
If you are accessing online services and are under the age of 13‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.
Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.
Internet Protocol (IP) addresses are collected when our site is used:
- for statistical/analytical purposes
- to identify any malicious activity
If you would like to make a complaint regarding the use of your personal data you can contact our Data Protection Officer;
- By post: Information Governance, The Council House, Corporation Street, Derby, DE1 2FS
- By phone: 01332 640763
- By email: email@example.com
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):
- By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number