- How will we use the information about you
- Personal data we collect
- How we use personal data
- Reasons we share personal data
- How to control your personal data and your rights
- Cookies and similar technologies
- Your Enfield account
- Other important privacy information
- Specific purposes
- Privacy notice for councillors
How will we use the information
To process your requests to us, provide you with services and personalise our service to you. If you agree, we will also use your information to tell you about other services and events.
Your information may be shared with other parts of government, other councils and our delivery partners to deliver you services or if required by law.
We will not share your details with 3rd parties for marketing purposes unless you agree.
You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the supervisory authority.
This notice was last updated February 2021.
Personal data we collect
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it.
We collect your personal data for a variety of purposes. Please see specific purposes for more details. You provide some of this data when you create an Enfield Connected account, when you fill in a form (online or paper), when you speak to us on the phone or face to face. We get some of it from automatic recording, for example cookies.
When we no longer require your personal data, it is deleted according to our retention policy (PDF).
The data we collect can include the following:
Name and contact details: we collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services. If you have given permission, we also use these for marketing purposes for services/events provided by us or by others in the local area. If you have given permission for third party marketing, we additionally may pass this data to third parties for carefully selected marketing relevant to
Demographic data: this includes age and gender. We may collect more sensitive characteristics such as nationality, race, religion, sexuality and ethnicity in order to fulfil our obligations under the Equalities Act 2010. These sensitive characteristics are only used for the purposes of the Equalities Act or those defined and to which you consented at the time we collected them. Where practicable, these data are managed separately from other data.
We additionally receive demographic data including aggregated data from other services to inform our planning of services. This data is not personally identifiable – we cannot identify individuals from the data, but will include matters such as health, police information and financial information.
Device and Usage data: when you connect to us online, we collect data about pages you have visited, completed actions, error messages, IP address details, device operating system, region and language settings. These are used to provide services to you, and to improve our services.
Preferences and account data: our systems include the ability to create an account using a username/password. The username is stored to allow us to retrieve your account; the password is NOT stored, but a “hashed” version of it is stored. This “hashed” password cannot converted back into your password, but allows our systems to confirm the correct password has been entered.
If you have created an account, we will store data in all the categories referenced elsewhere in this document with your account. This allows us to retrieve this data to auto-fill forms for you and present you with data about your past requests to us.
As an alternative, you may use a guest logon. This allows you to create a request to us, but the data given is only held in respect of that request. You cannot add more requests or retrieve history under a guest logon. Guest logons are valid only for the creation of a request and cannot be reused.
Financial Data: we collect data about income, outgoings, savings and assets owned in order to provide services to you. These include matters such as benefits and provision of social care.
We additionally receive financial data about you from third parties, for example, credit rating agencies.
Health and Care Data: we collect data about your health, including medical conditions, disabilities and information from your healthcare providers where needed to provide services to you.
We additionally receive health data about you from third parties, for example, NHS and police under a series of multi-agency sharing agreements. Data about you is used to inform our services to you and is only shared with practitioners in those services.
How we use personal data
We use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.
In carrying out the purposes listed above, we reuse your data to improve your experience and ensure you are provided with the best possible service. For example, if you tell us you have changed your name, you only need to tell us once for it to be changed over most of our services (some, like Electoral Registration, we can't change without other information by law).
We use your personal data in the following ways:
- To provide services to you. This is generally the primary purpose for most information we hold. This also involves charging for services and collection of taxation - for example, payment for car parking, collection of Council Tax. This commonly involves data sharing with our partner organisations (see reasons we share personal data)
- To communicate with you. We will communicate to you regarding your requests, your services and as required by legal responsibilities. If you specifically permit it, we will communicate with you about other service and local events we think you may be interested in. We will not pass your data to third parties to advertise services unless this is specifically permitted by you.
- To plan our services. Your data is used to plan our current and future services. For example, if you make a request of us, then that will be used to decide when to deliver the service. Anonymised data - that is, data from which you are not personally identifiable, is used to plan future services. For example, the number of people living in an area may be used to plan where school provision is needed.
- To personalise your experience. Your data is used to show you services of relevance to you, to ensure we address you by your preferred name. We also use data in other legal ways, governed by the law of the UK. Examples include for the prevention and detection of crime, such as fraud.
Reasons we share personal data
We share your personal data with a range of organisations to provide you with services, plan services and to ensure that crime is prevented or detected. These include:
- Third party organisations delivering services on our behalf
- Central government
- Health and Social Care
We share your data with your consent or as necessary to provide any service.
We share with third party organisations delivering services on our behalf. This sharing is covered by agreements to maintain your privacy to the same level as we require of ourselves, and data shared is strictly restricted to that necessary for delivering services.
We also share data with Central Government and its agencies, including police and health, as required by law, for the delivery of service, prevention and detection of crime, public health, safety and service planning. This sharing, where not required by law, is again covered by agreements about your privacy.
Information we collect from you will be shared with fraud prevention agencies who will use it to:
- verify your identity
- prevent fraud and money laundering
If fraud is detected you could be refused certain services, finance or employment. To find out more, see fraud detection and prevention.
How to control your personal data and your rights
You can access your data online via your Enfield Connected account. You have a right to require us to make changes to your data if it is wrong. You can make changes to incorrect data on the website, but if you find data you cannot correct email email@example.com.
You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it. You can do this by emailing firstname.lastname@example.org.
You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You may do this by making an online request.
If you have a privacy concern, complaint or question for the Enfield Council Data Protection Officer, please email or contact via post as detailed in our other important privacy information page.
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner.
You can change your preferences in marketing and use of your data at any time. Please visit your Enfield Connected account and go to preferences.
For more details on your rights in processing data, visit ICO.
Enfield Council is registered with the ICO as a data controller and processor. Our registration number is Z5492012.
The Electoral Registration department of Enfield Council is registered with the ICO separately, with registration number Z4938916.
Cookies and similar technologies
What are cookies?
Cookies are small text files that may be placed on your device by websites that you visit. Cookies are used to recognise and remember you when you visit a website again.
What cookies do we use?
We use the following types of cookies:
Strictly necessary cookies
The Enfield Council website uses essential cookies to deliver basic website functionality. These cookies are necessary for enabling the core functionality of the site. The website cannot function properly without these cookies.
Performance and analytics cookies
3rd party cookies
Enfield Council makes use of different 3rd party applications to enhance the experience of our visitors. These include embedded content from YouTube or Vimeo. Cookies may be set on your device and used to track your activity by these services. Enfield Council does not have direct control over the information collected by these cookies.
How to manage and opt-out of cookies on our website
You can opt-in or -out of analytics cookies by using our cookie control widget when you first visit our website. You can activate the cookie control widget at any time during your visit and change your preference. If you choose to opt out of accepting cookies, strictly necessary and some 3rd party cookies essential for the functioning of our website will still be set on your device, but analytics cookies and some non-necessary 3rd party cookies will not.
You can also accept or decline cookies using settings in your browser. Some website functionality may not work correctly if you choose to opt out of accepting cookies.
Your Enfield account
Your Enfield account is used to simplify your access to our services. By storing your personal data in the account we are able to automatically fill in basic data about you and your circumstances so you don’t have to do it more than once. By linking your accounts from our internal systems to your Enfield account we can show you information from these systems and make it easier for you to manage your relationship with us.
Your Enfield account initially stores a small amount of information about you that you supply when you register for the account. This information is used to fill in forms on the web for you, and to allow us to link our internal systems to your Enfield account. Once internal systems are linked, you can access data from these systems online, and request a wider range of services online. The Enfield account doesn’t store this information - only the link is stored with the account - but retrieves it on request.
Whenever you log on to the website and use online services the interactions are logged. We keep these logs for one year for security purposes.
When you make a request to us (for example, ask for a service) this is recorded with your Enfield account and will be visible to you for up to five years. If you did not use an Enfield account (a guest logon) this is again kept for five years but is not associated with any account. Transactions on a guest logon do not appear on Enfield accounts.
Other important privacy information
Below you will find additional privacy information you may wish to know. Enfield is committed to maintaining the privacy of your personal information. If you have any issues with our privacy, please contact Complaints and Information via the website or via email.
Legal basis for processing
We collect and use information under various legal basis which depend on the purposes; we evaluate each use to ensure that we have a legal basis for use.
Our most common reasons for use are:
GDPR Article 6 1(c) and (e) - Legal basis or performance of task in public interest, exercise of official authority. The majority of our information use is based on these clauses - legislation enabling local government services covers many areas. For example, we have a legal obligation to ensure that planning processes are implemented.
GDPR Article 6 1(a) - Consent. We use a consent basis for some information e.g. using your email address to inform you of events. You can always withdraw consent and we will cease to process for that purpose
GDPR Article 6 1(b) - Contract. Some of our use, for example bulky waste collection, is based on a contractual agreement.
GDPR Article 6 1(d) - Vital interest. Some of our services can result in serious harm if we do not deliver them, and therefore vital interest is occasionally used; however in most cases the use is covered by law and therefore falls into GDPR Article 6 1(c) or (e).
We additionally use special category personal data. This is most commonly under GDPR Article 9 2(b) - employment, social security and social protection; or GDPR Article 9 2(g) - substantial public interest.
We maintain a Register of Processing Activities supplying individual justifications for use.
Storage and processing of personal data
Data collected by Enfield Council is generally processed within the UK. These uses all comply with the requirements of the UK law and UK government security policy. Some purposes use EEA storage, this is covered under the ICO's assessment of adequacy and contractual agreements. For some limited purposes, we process in the USA; this use is covered by contractual agreements with an assessment of adequacy.
Typically, our data is stored in Southern England. Backups of data and resilient services are generally in Northern England.
Security of personal data
We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems.
Retention of personal data
Enfield Council operates a data retention and disposal scheme based on legal and operational requirements. Data is disposed of securely when it is no longer required for processing purposes. View the retention scheme (PDF).
Changes to the privacy statement
We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top page how will we use the information about you?. If there are significant changes we will notify you either by a pop-up notice when you logon or directly sending you a notification. We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.
How to contact us
For general issues, please contact us via your Enfield account.
If you have a privacy concern, complaint or question for the Enfield Council Data Protection Officer, please email email@example.com.
You can also contact the Council’s Data Protection Officer directly at firstname.lastname@example.org or by post:
Data Protection Officer
Enfield Council Civic Offices
The council has a wide range of purposes for which we gather data, all aimed at providing you the best possible service. To find out how we collect data, view our specific purposes.
Privacy notice for councillors
Councillors represent constituents as part of their work in the community. They contact officers of Enfield Council and other organisations on your behalf to investigate your concerns and respond to your enquiries. For this part of their elected representative functions they are Data Controllers under the United Kingdom General Data Protection Regulation (UK GDPR).
As Data Controllers, councillors are responsible for looking after the personal information they process about you.
The Councillor Privacy Notice sets out how councillors will process this data in line with the requirements of data protection legislation.