We keep this privacy notice under regular review and it was last updated on 10 September 2020.
Chorley Council respects your privacy and is committed to protecting your personal data. This privacy notice is supplemental to our corporate privacy statement, and will inform you as to how we will process, share and look after your personal data in response to and during the Covid-19 (coronavirus) pandemic. This privacy notice will be kept under review as the pandemic develops.
For information about who we are, please read our corporate privacy statement.
Information collected by us
In the course of responding to the COVID-19 (coronavirus) pandemic and providing you with the support you need, the personal information we will collect about you will include:
We will also collect 'special category data' (personal data which is more sensitive and is treated with extra care and protection) about you, including information about your health, care and support needs.
We will obtain personally identifiable data from other sources in order to identify people who are vulnerable to the coronavirus, or may require support as a result of the coronavirus. This includes personal information about individuals who do not meet our normal support criteria, but have had their normal support from family or friends reduced or interrupted.
We will obtain information from the Government Digital Service (this may include data from the NHS and other departments), and we will also obtain it from providers of care homes, nursing homes, and domiciliary care services. We will additionally receive information from district and borough councils, and voluntary organisations.
We will use your personal information to:
This list may change depending on the needs of the response efforts. However, any use of data will be proportionate and necessary for the delivery of those efforts.
We rely on the following as the lawful bases on which we collect and use your personal data:
However the above is not limited to and we may need to comply with any legal obligations imposed by statute.
Additionally, for the collection and use of special category data during the pandemic, we rely on the following legal bases:
Some of the information being used will already be held by us and will be kept in line with our retention schedules.
However, we will be collecting new information as a result of the response to the pandemic. We will not keep this information for any longer than necessary. We do not yet know how long the pandemic will continue for, so the requirement to keep this information will be kept under review.
We are working with partners and organisations locally and nationally to make sure we deliver a co-ordinated and good service to you. We will share personal information where it is necessary and proportionate in responding to the pandemic and providing you with care and support. We will, where applicable, share your personal information, including health information, with the following:
This is not an exhaustive list and may change as the situation with the pandemic does. Please also refer to the main corporate privacy statement for further examples of third parties who we may need to share your information with, if appropriate and necessary. However the above is not limited and we may need to comply with any legal obligations imposed by statute.
Under GDPR you have rights which you can exercise free of charge which allow you to:
Depending on our reason for using your information you may also be entitled to:
We will always seek to comply with your request, however we may be required to hold or use your information to comply with legal duties.
Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under GDPR.
If you would like to exercise a right, please email email@example.com.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
For information on who to contact if you wish to exercise any of your rights or have a complaint about how your personal data has been used, please refer to the corporate privacy statement.
The council is identifying alternative ways of delivering its services during the pandemic, for example, replacing face-to-face visits with telephone or video-conferencing. You will be provided with a more specific privacy notice by those services, where relevant. You can also refer to other service specific privacy notices via our corporate privacy statement.