Privacy and cookies
How personal information is used by Midlothian Council
Here at Midlothian Council, we take your privacy seriously. As we collect and process personal information about you we are registered as a ‘data controller’ under the Data Protection Act (ICO registration Z6284453). Under the Data Protection Act, you have a right to know how the Council collects, uses and shares your personal data. The information below provides a general description of the kinds of personal data we collect, and how we might use and share it.
More specific Privacy Notices for each of our services:
- Adult Social Care Services
- Customer and Housing Services
- Children’s Services
- Communities and Economy
- Commercial Services
- Finance and Integrated Services Support
- Property and Facilities Management
- For cookie information visit our cookies page.
Our privacy promise
We promise to collect, process, store and share your data safely and securely.
What kinds of personal data do we collect?
The personal data we collect may include your name, date of birth, address, National Insurance number or other information that identifies you.
If necessary, we might also collect what is called ‘special category’ data – that is, sensitive information such as medical/health information, racial or ethnic origin, sex or gender, religious beliefs, political opinions.
We will always make it clear what information we are collecting, how we will use it, and why and with whom we will share it.
How do we collect your personal data?
We collect your personal data through many different ways. You might give us your personal data yourself, by entering your information in a form on the Council website or by contacting a Council officer in person, in writing or over the phone. We might also receive your personal data from other agencies or local authorities.
How do we use your personal data?
Your personal data may be used so that the Council can deliver its main functions. These functions include:
- Children’s Services
- Community Safety and Emergencies
- Consumer Affairs
- Council Property
- Cemeteries and Crematoria
- Criminal Justice
- Economic Development
- Education and Skills
- Environmental Protection
- Health and Safety
- Health and Adult Social Care Services
- Human Resources
- Information Communication Technology (ICT)
- Information Management
- Legal Services
- Leisure and Culture
- Planning and Building Standards
- Risk Management and Insurance
- Transport and Infrastructure
- Waste Management
- Welfare Rights
We may process your information for reasons such as:
- For a service you requested, and to monitor and improve the councils performance in responding to your request
- To allow us to communicate and provide services and benefits appropriate to your needs
- To ensure that we meet our legal obligations
- To prevent and detect fraud or crime
- To process financial transactions including grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies, for example, Department of work and Pensions
- Where necessary to protect individuals from harm or injury
- To allow the statistical analysis of data so we can plan for the provision of services.
Why do we share your personal data?
We might share your personal data in order to effectively deliver our services. This might be because another agency has been contracted to provide a service, or because responsibility for particular services is shared across multiple agencies or authorities, such as health and social care. If we share information regularly with another organisation, the conditions for sharing your personal data are set out in an Information Sharing Agreement.
Your personal information will not be transferred outside of the EEA.
With whom do we share your personal data?
If necessary, we might share your personal data with other agencies and authorities, depending on the service being provided. We will only share your personal data if it is necessary to do so, and the appropriate conditions have been met.
In general, the external bodies with whom we share information might include:
- Other Local Authorities
- Central government or government agencies
- Insurers and external claim handlers
- Professional forums
- Charities and advice organisations / third sector partner organisations
- Associations, such as Housing Associations
- Landlords, hostels and accommodation providers
- Foster carers
Personal data also might be shared between Midlothian Council services, including schools.
How long do we keep your personal data?
We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. Your personal data is kept in line with Midlothian Council’s Retention Schedule. The retention schedule sets out the kinds of information the Council creates and uses, how long it should be kept, and what should be done with it at the end of its ‘life’.
Using personal information to detect and prevent fraud or crime
Midlothian Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of fraud.
We may also share this information with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud. This includes the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police.
Information collected through our website
Recorded telephone calls
We will inform you if we record or monitor any telephone calls you make to us. Calls made direct to, or from, our Contact Centre are recorded and kept for 6 months from the date of the call. We do not record any financial card details if you make a payment over the phone. If the call is transferred to another department outside the contact centre, the recording stops.
Calls are recorded for staff training purposes and for our record keeping of the transaction.
Recordings constitute the personal data of you, the caller, as well as the Contact Centre operator. Therefore they will be managed in such a way that the rights of callers and operators can be protected, and all the Council’s obligations as data controller are observed, as per the Council’s data protection policy.
CCTV systems are installed in some areas used by members of the public, for the purpose of safety and crime prevention and detection. CCTV is also installed outside some of our Council buildings for the purposes of monitoring building security and crime prevention and detection.
In all locations, signs are displayed notifying you that CCTV is in operation. Images captured by CCTV will not be kept longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.
We operate CCTV and disclose in accordance with the codes of practice issued by the information Commissioner.
Marketing and research
From time to time Midlothian Council conducts surveys using online and paper questionnaires. We do this in order to develop new services and improve of delivery of existing services. We will only use your personal information collected through this method for the above stated purposes.
Your personal information may be passed to third parties, for example Scottish Govt and its departments for research purposes. Where this is the case we will ensure that you are made fully aware of this prior to you submitting personal information. We will never sell your personal information.
Requesting access to your personal data
You may have the right to request access to the personal data we hold about you.
Letting us know if your personal information is incorrect
If you believe the personal data we hold about you is inaccurate or incomplete you may have the right to rectify this. Please email us at firstname.lastname@example.org or call us on 0131 270 7500 and we will take reasonable steps to check its accuracy and correct it.
What if you want us to stop using your personal information?
You may have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if you think there is no need for us to keep it. There may be legal obligations or other official reasons why we need to keep your data.
We may sometimes be able to restrict the use of your data. You can ask us to restrict the use of your personal information if:
- It is not accurate
- It has been used unlawfully but you don’t want us to delete it
- It is not relevant any more
- You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it.
If you want to object to how we use your data, or ask us to delete it or restrict how we use it, please email us at email@example.com or call us on 0131 270 7500.
You may have the right to get your personal information from us in a format that can be easily re-used and transferred to another local authority. Please email us at firstname.lastname@example.org or call us on 0131 270 7500 for more information.
You have a right to ask if any of your personal information is being subjected to automatic profiling or decision making. We do not use profiling or automated decision-making processes. Some processes are semi-automated (such as anti-fraud data matching) but a human decision maker will always be involved before any decision is reached in relation to you.
You can find more information on your rights under data protection on the Information Commissioner's website.
Contact information and more advice
For any more questions regarding how long your personal data is kept, or how and why your data is used by Midlothian Council, contact the Data Protection Officer using the contact details below.
You can contact the Data Protection Officer in writing, by telephone or by email at:
Data Protection Officer
Dalkeith EH22 1DN
Telephone: 0131 270 7500
You can also contact Council offices, or individual Council services.
We will continually review and update this privacy notice to reflect changes in our services, and to comply with changes in law.