How different services use your information
We collect more information for some services, less for others.
Here's how each service uses your information.
Adult Care Services
We're responsible for providing social care assessments and support services to adults who:
- have care and support needs as a result of a physical or mental impairment or illness; and
- because of those needs, they can't achieve 2 or more of the outcomes specified in the regulations; and
- as a result, there is, or there is likely to be, a significant impact on their wellbeing.
Whether you're eligible or not, we'll always give you advice and information about what support is available in the community to help you.
Use of your NHS Number in Adult Care Services
The Care Act 2014 places a duty on us to work closely with Health colleagues to ensure the best level of care is delivered to our citizens.
If you're receiving support from us (Adult Care Services) then the NHS may share your NHS Number with us. This is so we use the same number as the NHS to identify you whilst providing your care. By using the same number, we can work together more closely with the NHS to improve your care and support
We process personal data to meet our statutory duties and, in line with our official authority for Public Health In Hertfordshire, to monitor and improve the health of our citizens, including pupils in our schools, regardless of where they live.
This includes provision and commissioning of services which are delivered by other agencies and organisations such as:
- sexual health clinics
- drug and alcohol treatment
- pupil measurement (part of the National Child Measurement Programme)
- health visitor services
- school nursing and healthy child services
- local healthy living initiatives
- health protection and emergency response services to public health incidents.
The Director of Public Health has a statutory duty to publish a report on the health of Hertfordshire. In order to report on public health, the Public Health Evidence and Intelligence team use data and information from a range of sources including information collected at the registration of a birth or a death and information recorded at hospitals.
This helps us to understand more about the nature and causes of disease and ill-health in the area. This data can contain person identifiable data which may identify people such as home address, date of birth, date of death and / or NHS Number.
The legal basis for the flow of data for the above purposes is set out in Section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social care Act 2012 (PDF 417kb) Opening a new window and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The public health intelligence team has access to the following data:
- Primary Care Mortality Database (PCMD) – the PCMD holds mortality data as provided at the time of registration of the death along with additional GP details (GP code and GP practice code), geographical indexing and coroner details (coroner name, coroner inquest area and date of inquest) where applicable. Information held includes date of birth, date of death, place of death, address of deceased, causes of death, age, sex, GP and practice, occupation and place of birth. More information on this dataset is at www.content.digital.nhs.uk/pcmdatabase.
- Births – information held includes date of birth, sex of child, birth weight, a birth in marriage indicator, country of birth of parents, occupation of parents, address and postcode of mother, place of birth, a still birth indicator and age of mother.
- Hospital Episode Statistics (HES) – a data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. This data is collected during a patient's time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data. The HES data accessed by the public health intelligence team does not contain person identifiable data.
How your data is used
All information accessed, processed and stored by public health staff will be used to measure the health, mortality or care needs of the population; for planning, evaluating and monitoring health; protecting and improving public health. It's used to carry out and support:
- commissioning and delivery of services to promote health and prevent ill health
- health equity analysis
- health needs assessments
- health protection and other partnership activities
- identifying inequalities in the way people access services
- joint strategic needs assessment
- public health surveillance.
Statistics are presented in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.
In relation to births and deaths, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.
How we keep information secure
Any information we hold about individuals is held securely and in compliance with the Data Protection Act 1998. Information will not be held for longer than required and will be disposed of securely.
Information is stored in secure systems within the council network, in line with the NHS Information Governance framework and guidance from national NHS and Local Authority data services.
These systems are access controlled, so only relevant analytical employees have access to them. All staff are regularly trained to understand the importance of and their duty towards protecting data and good information governance procedures.
You have the right to opt out of Hertfordshire Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data is and what programme it relates to.
For further information, please contact the Public Health team by email on PH.firstname.lastname@example.org or by phone on 01992 555137 or by post at Public Health, Hertfordshire County Council, County Hall, Pegs Lane, Hertford SG13 8DN.
Children's Services and schools (except admissions)
Schools and education
Schools are responsible for their own compliance with Data Protection legislation. However, there are areas of education where we have a statutory responsibility – in these cases we share some pupil data with schools (and vice versa) to ensure that services are provided and reporting responsibilities are met. This includes:
- school place allocation and appeals processes
- pupil census and achievement data
- Education, Health & Care Assessments and/or Plans
- where there are safeguarding or wellbeing concerns.
We share contact data for pupils in years 12 and 13 (age 16/17) with the relevant Electoral Roll Registration Services, as we're obliged to assist in the compilation of the electoral roll. The pupil will be invited to register to vote.
Children in our care, or subject to other social work intervention
Where we are caring for children or we're taking action to ensure they are appropriately cared for (in accordance with the Children Act 1989 and related legislation), we'll keep detailed records relating to their needs and circumstances. That includes information about the wider family and action we have taken.
We'll keep these records for a considerable amount of time to ensure they're available to the child when they become an adult and to identify that actions taken were in their best interests at the time.
Where we act as parent to children in our care, we're entitled to information in the same way as a birth parent. That includes information about:
- their health
- any involvement in crime (as a victim or alleged perpetrator)
- education progress and attainment.
We will share information about children with other organisations involved in their care where it's considered to be in the best interests of the child, or where the law requires us to. Organisations might include:
- health providers
- housing authorities
- the police.
We'll keep personal data relating to the care of children throughout the period they receive a service from us. That might range from 15 to 75 years (from date of birth) depending on the contact and responsibility we've had.
It can be 118 years for key adoption records.
This is so we can provide information on history of care after a child has reached adulthood and is ready to access their early history.
We'll keep personal data relating to the education processes we're responsible for 3–35 years depending on how involved we've been in providing education support.
We have a statutory responsibility to coordinate the allocation of school places under the provisions of the School Standards and Framework Act 1998 and the School Admissions Code 2014. The Education and Inspections Act outlines our responsibilities regarding the provision of home-school transport for 5-16 year olds.
What we will do with your information
Our Admissions and Transport team will hold the information you give us and will use it for admissions and transport purposes. In order to deliver this service, we'll share your information with:
- schools within Hertfordshire for which you have made an application
- other local authorities, if a school you have applied for is outside Hertfordshire
- our Appeals team and members of the Independent Appeal Panel, if your application for a school is unsuccessful and you submit an appeal
- the Environment department and transport contractor, if your child is entitled to home-school transport
We'll also share your data and it may be used:
- to cooperate with our partners in health and youth justice to improve the wellbeing of children in Hertfordshire, as required by the Children Act 2004. Information shared between partner organisations is proportionate and only given when it's necessary to help those partner organisations
- provide statistical data to other organisations (for example, the Department for Education, academic institutions or independent researchers with a legitimate need for information for their research, or for our own internal research, statistical analysis or statistical surveys)
- to consider the effectiveness of alternative admission arrangements to improve the service provided.
We may share information with third parties if we're legally obliged to do so, for example, if it's necessary to safeguard or protect a child.
We may share information with the police or other agencies if it's necessary for the following purposes:
- the prevention or detection of crime
- the apprehension or prosecution of offenders
- the assessment or collection of any tax or duty or any imposition of a similar nature.
Where children are currently attending primary schools in Essex, but have a Hertfordshire residential address, we will receive contact information from Essex County Council for pupils in Year 5. That's so that we can write to inform you of the Hertfordshire secondary school transfer arrangements.
All admissions application data is stored securely and maintained in accordance with data protection legislation.
Hertfordshire online systems that are publicly available for entry of personal application data are regularly independently tested to assess risk of penetration and to guard against unauthorised entry for access to personal or any other data. This includes ensuring that the username and password access meets industry level 3 standards.
We'll enter details directly into the online system for applicants who choose to make their applications on the paper form.
We won't share personal data for admissions and transport applications with anyone except schools and other admissions authorities that require the data in order to process applications for schools within their own authority.
How long we will keep your information
For the majority of pupils, we'll keep the information you supply us for 3 years after the end of compulsory education.
For pupils with an Education, Health and Care Plan, we'll keep the data for 35 years after the child’s date of birth.
Your legal rights
Births, deaths and marriages
Personal information collected from you in order to register an event is required by law. The main legislation which governs the collection of registration information is the Births and Deaths Registration Act 1953, the Marriage Act 1949 and the Civil Partnership Act 2004.
You may be legally obliged by these acts, and other legislation, to provide certain pieces of information. If you fail to provide information you are required to give us, you may be liable to a fine or we may not be able to provide the service you are applying for (for example, a marriage or a civil partnership).
Personal information may also be collected from you if you apply to us, for example, for a certificate or to correct information contained in a register entry.
The information you provide will be held and processed by registration officers for this registration district.
Registration information is retained indefinitely, as required by law. Any other personal data will be held for no longer than 2 years.
We'll provide a copy of any register entry to any applicant, provided they supply enough information to identify the entry concerned and pay the appropriate fee. The copy may only be issued in the form of a paper certified copy (a “certificate”). You can also apply for a certificate to the General Register Office.
Indexes for events registered with us are publicly available to help members of the public identify the registration record they might need. Indexes are available in paper format.
A copy of the information collected by a registration officer will also be sent to the Registrar General for England and Wales so that a central record of all registrations can be maintained.
We may share registration information with other organisations in the course of carrying out our functions, or to enable others to perform theirs.
We'll only share information where there is a lawful basis to do so for the following reasons:
- statistical or research purposes
- administrative purposes by official bodies e.g. ensuring their records are up-to-date in order to provide services to the public
- fraud prevention or detection, immigration and passport purposes.
Contact the Registrations service for further information about the data we hold and a list of the organisations we share registration data with (along with the purpose and lawful basis for sharing the data).
You have the right:
- to request access to the personal information we hold about you
- to be informed about the collection and use of your personal information
- for incorrect information to be corrected (where the law permits)
- to request us to restrict the processing of your personal information.
In certain circumstances you have the right to object to the processing of your personal information. Your information will not be subjected to automated decision-making.
The superintendent registrar is the data controller for birth, marriage and death registrations and can be contacted at:
The Old Courthouse
St Albans Road East
Hertfordshire County Council is the data controller for civil partnership registrations and can be contacted at:
Hertfordshire County Council
The Registrar General for England and Wales is the joint data controller for birth, marriage, death and civil partnership registrations and can be contacted at:
General Register Office
The Data Protection Officer is:
Highways, roads and pavements
We process personal data to meet our statutory obligations and public task as Highways Authority (Highways Act 1980 and subsequent legislation) including duties for Rights of Way such as Footpaths and Bridleways, and the maintenance of the Definitive Map.
- maintenance of highways met at the public expense and the avoidance of obstruction on all highways and rights of way
- consultation on new traffic schemes and improvements or changes of route
- granting licences for temporary and permanent changes which affect the highway or pavement including skips and scaffolding, street cafes and street parties, approving and constructing dropped kerbs.
We'll share data with our third party contractors where it is necessary to provide a service to you, or to respond to your enquiries or complaints about our services.
We'll retain data as identified in our retention scheme according to the business purposes. Routine highways fault reports are held for 2 years but permit applications, including dropped kerbs, will be held for 7 years.
We collect information about you so that you can use the services libraries offer. We keep your membership data safe and secure – we'll delete it if you don’t use our services for 2 years.
Data we collect
- Date of birth (optional for adults) – so we can apply any age-related concessions and restrictions
- Email address
- Gender (optional)
- Phone number(s)
Who we share your data with
We'll only share your information with third party organisations who provide services on our behalf. Our contracts require them to treat your personal information with the same care that we do. Those organisations include:
- BorrowBox – supplier of our ebook and e-audiobook service
- RB Digital – supplier of magazines online
- PressReader – supplier of newspapers online
- Universal Class – supplier of online learning
- Hoonuit – supplier of online learning
- Bibliotheca – supplier of library kiosks
- Netloan – supplier of the public PC booking service in libraries
- Solus – supplier of the library app
- Unique Management Service – your library account may be referred to this debt collection agency if you have outstanding charges relating to your library membership for more than 12 weeks.
We may share your data with partner organisations where it will improve your service. We'll ask you for your consent before sharing though. That includes:
- SELMS (South East Libraries Management Services) – consortium of library authorities who inter-lend books
We'll also share your data with organisations such as the police and security services where we are legally required to do so.
Contacting you about services and events
We’ll ask for your consent to contact you about library services and events. If you agree, we'll sign you up for our monthly e-newsletter. You can unsubscribe at any time.
Environment, recycling and waste
We process personal data to meet our statutory obligations and public task as:
- Waste Disposal Authority
- Planning authority for Minerals Waste and the council’s other statutory responsibilities
- Lead Local Flood Authority
- Transport Authority.
- planning processes
- provision and management of Household Waste Recycling Centres, including operation of ANPR and CCTV cameras.
- investigation of flooding incidents and associated risk management
- investigation of complaints relating to our services
- issue and management of concessionary and SaverCard bus passes.
Some of this data is collected directly by third party contractors on our behalf. We will also share data with our contractors where it is necessary to provide a service to you, or to respond to your enquiries or complaints about our services.
We will only retain CCTV and ANPR data where there is an incident which requires investigation. We'll delete it once the matter has been fully resolved.
Other data is held as identified in our retention scheme according to the business purposes.
Fire & Rescue and Trading Standards
Our activities cover the council’s responsibilities and authority under both fire-related legislation and as a Trading Standards authority, including weights and measures.
Most registration data will be held for 2 years. We'll hold data longer:
- where it is likely to have a significant impact on land underlying premises. In those cases, we may hold the data for up to 60 years (for example, diesel, petroleum and explosives licences)
- if the data relates to inspection, investigation or prosecution. In those cases, we'll hold data for 10 years after the final resolution of the matter.
Fire – types of data we hold
Fire & Rescue Services Act 2004, Regulatory Reform Order (Fire Safety) 2005; Civil contingencies Act 2004 and related legislation
- We hold data in relation to properties where fire appliances have been called out, and some details of people affected by emergencies (if they've been provided).
- We hold data relating to businesses where premises are required to be inspected or licensed for flammable and explosive materials.
- We hold personal data where adults and young people have been offered or have taken up fire prevention checks or training courses. This includes safe and well visits and prevention programmes.
- We use statistical analysis of data, both manual and automated, to understand our local population, its safety risks and future needs.
- We'll request personal data from other organisations, and share personal data with them where necessary, when we need to manage incidents covered by the Civil Contingencies Act.
- Where we offer training on a commercial basis to employees of other organisations, we process data under our legitimate interests as a training provider.
Trading Standards – types of data we hold
We process personal data to investigate, regulate and enforce a wide range of legislation which aims to protect consumers. That includes the restriction of age-related products, which may include processing young people's data.
We receive personal data from a number of other agencies who provide enforcement or advice services to enable us to take action on complaints or enquiries.
We also share data with organisations where we believe they have the correct authority to act on your behalf. That includes (but is not limited to):
- other Trading Standards services
- central government
- local district or borough councils
- National Trading Standards Scams team
- National Fraud Intelligence Bureau
- Citizens Advice (local or national offices)
This is work carried out in the public interest and in the exercise of our official authority
Cameras – CCTV, ANPR and bodycams
We use surveillance cameras in a variety of situations and forms to protect our property and staff. This includes:
- CCTV inside and outside some public buildings
- CCTV on and inside fire appliances (fire engines)
- CCTV on roads to identify congestion by recording number plates and the time taken to travel between points. We don't continuously track vehicles and we can't identify who is within a vehicle. We only hold this data for 30 days – after that the data is overwritten. This data is processed in Canada which meets the EU standard for adequate Data Protection Legislation.
- CCTV outside household waste recycling centres to show customers if there's a queue. These are set to ensure no personal data is captured.
- ANPR at our recycling centres to avoid them being used for commercial use and permits are issued where vans or trailers are used.
- Some staff or contractors' staff wear bodycams.
Where CCTV is used on school transport, the transport operator is the Data Controller.
Profiling for service planning
We analyse our existing service data to make sure we can provide the services needed in the future.
Sometimes we may compare or combine this data with population data from other sources, official data from Office for National Statistics, NHS Digital or commercial sources.
We don't use this to identify individuals – only to forecast future demand (for example, demand for school places, social care and health trends.
We also profile to identify people who might be interested in supporting our work in specialised areas (for example, as foster carers or adoptive parents). We might also use profile data to identify people who would most benefit from a targeted service.
Whenever we do this it is to support our official authority and in the public interest. We would also make the opportunity available through other methods.
Shared Anti Fraud Service (SAFS)
We process personal data for the prevention and detection of crime and to protect public funds. This includes, but is not limited to, the investigation of
- council tax fraud
- blue badge misuse
- payroll and pensions fraud
- procurement and contract fraud
- housing and social fraud.
We receive personal data from a number of other agencies who provide information to enable us to take action against alleged fraud.
We will hold your personal information for 10 years where personal data relates to an allegation, investigation, sanction (including prosecution) or a financial irregularity resulting from fraud. We may also be required to keep data for longer where we have a statutory duty to do so, for example to comply with criminal justice retention schedules or safeguarding.
We also share data with other law enforcement agencies or local authorities if required by law, such as:
- the police and judicial agencies e.g. courts
- district and borough councils
- the Department for Work and Pensions
- government agencies.
The prevention of fraud is an activity in the public interest, and is undertaken within the exercise of the official authority of the SAFS' partners.
Corporate Policy team
Our mailing list privacy notice
Hertfordshire County Council is the Data controller. The data we hold is for the purpose of partnership communications. Hertfordshire County Council will use this information to communicate with organisations on partnership matters including promoting key engagement events and conferences.
We consider that it is in the legitimate interests of Hertfordshire County Council to process your information for these purposes. The information you have provided to us will be used alongside additional information obtained from partnership organisations themselves.
The information you give us will be held by the Corporate Policy team of Hertfordshire County Council and will only be used to communicate with organisations on partnership matters.
We will only share information with third parties if we are legally obliged to do so, for example if it is necessary to safeguard or protect a child. We may also share information with the police or other agencies if it is necessary for the following purposes:
a) The prevention or detection of crime
b) The apprehension or prosecution of offenders
c) The assessment or collection of any tax or duty or any imposition of a similar nature
Website testing panel
Feedback from our website testing panel helps us improve things on the website for everyone.
We want our website to be as simple, clear and quick as possible for you to use.
It’s important that we test the website whilst we develop it to ensure we’re improving things for our customers.
Joining the panel
- You can join our website testing panel through our secure online form. We'll ask for your name and email address so that we can send you our surveys.
- We’ll keep the personal information we collect extremely safe.
- We won’t share the information outside of Hertfordshire County Council. We won’t share your personal information with any other team within the council.
- We plan to keep your personal information on an ongoing basis, as long as you're happy for us to do so.
- Email the web team if you’d like to leave the website testing panel at any time.
When we email you, we'll send you a link and ask you to complete a survey/task using one of these online products:
When you complete a survey:
- We won't directly ask you for any personal information. This means we won't be able to link your responses back to you.
- We’ll only use the information we collect to see where improvements can be made on our website.
- We may share the information collected within the survey with other teams in the council. However, your response will not be personally linked back to you.