Data controller and purpose
This privacy notice applies to you (“the service user”) and the London Borough of Tower Hamlets (“the council”). The council takes the privacy of your information very seriously. This privacy notice applies to the council’s use of any and all of the data provided by you or collected by the council in relation to your use of this service. It is important that you understand that sometimes we will need to share your data with other agencies where necessary or appropriate and by engaging with our service you understand that that your data may be shared.
The information you provide will be used by the London Borough of Tower Hamlets’ VAWG, Domestic Abuse and Hate Crime Team, to enable us to support and signpost effectively.
We process your data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 and if you have any concerns the council’s Data Protection Officer can be contacted on DPO@towerhamlets.gov.uk.
Condition for processing personal data
It is necessary for us to lawfully process your personal data (which includes but not limited to name, address, contact details and housing tenure, under GDPR Article 6; and more personal (special category) data (such as gender, sexual orientation, ethnicity, faith, health, personal and household circumstances) under GDPR Article 9 of the GDPR and DPA 2018 (Schedule 1, Pt 1):
- 6(1)(a) consent
- 6(1)(b) performance of a contract
- 6(1)(c) compliance with a legal obligation
- 6(1)(e) task in the public interest or official authority vested in the controller
- 9(2)(a) explicit consent
- 9(2)(b) employment, social security or social protection law, collective agreement
- 9(2)(h) preventative or occupational medicine, working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management
- 9(2)(i) public interest in the area of public health,
- 9(2)(j) archiving in the public interest, or scientific and historical research purposes or statistical purposes
Your information is also processed under Schedule 8 of the DPA 2018
- Statutory etc purposes.
- Administration of justice
- Protecting individual’s vital interests
- Safeguarding of children and of individuals at risk.
And the specific legislation and reasons for processing information
- Prevention and detection of crime (Crime and Disorder Act 1998)
- Prevention/detection or crime and/or apprehension or prosecution of offenders (DPA, s. 29)
- To protect vital interests of the data subject; serious harm or matter of life or death (DPA, Sch.9 Part 4 & Sch.10 Part 4)
- For the administration of justice (usually brining perpetrators to justice (DPA, Sch. 9 Part 4 & Sch.10 Part 4)
- For the exercise of functions conferred on any person by or under any enactment (police/social services) (DPA, Sch.9 part 4 & Sch.10 Part 4)
- In accordance with a court order
- Overriding public interest (Common law)
- Child protection – disclosure to social services or police for the exercise of functions under the Children Act, where the public interest in safeguarding the child’s welfare overrides the need to keep the information confidential (DPA, Sch. 9 Part 4 & Sch.10 Part 4)
- Right to life (Human Rights Act, Art. 2 & 3)
- Right to be free from torture or inhuman or degrading treatment (Human Rights Act, Art. 2 & 3)
- Pressing need
- Respective risks to those affected
- Risk of not disclosing
- Interest of other agency/person in receiving it
- Public interest in disclosure
- Human rights
- Duty of confidentiality.
A delay in you providing the information requested may result in a delay in providing appropriate services.
How long do we keep your information?
We will only hold your information for as long as is required by law and to provide you with the necessary services. This is likely to be for six years after the case is closed. For further details, you can view our retention schedule.
We may also anonymise some personal data you provide to us to ensure that you cannot be identified and use this for statistical analysis of data to allow the council to effectively target and plan the provision of services.
Information sharing
Your personal information may be shared with internal departments or with external partners and agencies involved in delivering services on our behalf. As stated above this will include statutory, non- statutory, public and private organisations [such as Police, Victim Support, Probation, Courts].
The council has a duty to protect public funds and may use personal information and data-matching techniques to detect and prevent fraud, and ensure public money is targeted and spent in the most appropriate and cost-effective way. Information may be shared with internal services and external bodies like the Audit Commission, Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. This activity is carried out under Article 9(2)(b) of the GDPR, under social protection law.
We have a duty to improve the health of the population we serve. To help with this, we use data and information from a range of sources including hospitals to understand more about the nature and causes of disease and ill-health in the area. This data would normally be anonymised and never used to make decisions on a specific individual or family.
Your Rights
You can find out more about your rights on our data protection page and this includes details of your rights about automated decisions, such as the ranking of housing applications, and how to complain to the Information Commissioner.
If you are dissatisfied with our handling of your data or how we have dealt with your data subject rights, you can complain to our data protection officer, at dpo@towerhamlets.gov.uk and also to the Information Commissioner's office at casework@ICO.org.uk.