Places of worship and community groups data privacy notice

The identity and contact details of the company

Reading Borough Council

Contact details of the Data Protection Officer

Nayana.george@reading.gov.uk
Ricky.gill@reading.gov.uk

What Personal Data is held?

In the course of responding to the COVID-19 (coronavirus) pandemic and providing you with the support you need, the personal information we will collect about you will include:

A list of community groups who provide support to the Reading’s Black and Minority Ethnic (BAME) Communities.

A list of places of worship supporting Reading residents.

We hold the following information:

  • Name of the organisation
  • Name of an individual (where this is incorporated into an email address)
  • Telephone number
  • Contact details e.g. a phone number or email address
  • Address of the organisation

How will the data be stored?

In secure electronic management database systems, spreadsheets stored on internal secure folders and accessed on secure encrypted laptops. All data is stored on secure servers.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Internal teams with access to the data spreadsheet:

  • Public Health and Wellbeing Team
  • Neighbourhood Initiatives Team
  • High Risk Settings Team
  • CV19Notifications Team
  • Communications Team
  • Staff Members representing a specific BAME community

What is the legal basis for the collection, use and storage of the data?

We rely on the following as the lawful bases on which we collect and use your personal data:

  • ‘Vital Interests’ (the processing is necessary to protect someone’s life), Article 6(1)(d)
  • ‘Public Task’ (the processing is necessary to perform a task in the public interest or for our official functions), Article 6(1)(e). The legislation which underpins this lawful basis includes:
  • Care Act 2014
  • Children’s Act 1989
  • Health and Social Care Act 2012
  • Localism Act 2011

Give details of how long the data will be stored and criteria used to determine this?

Some of the information being used will already be held by us and will be kept in line with our retention schedules.

The Generic Retention schedule for section 1. Administration / Distribution lists reads:

How long kept: until updated

Action at the end of that period: Destroy

Updates to address and contact details are carried out on a regular basis, as and when required.

If the distribution list is no longer needed for its intended purpose, it will be destroyed.

We will not keep this information for any longer than necessary. We do not yet know how long the pandemic will continue for, so the requirement to keep this information will be kept under review.

Who will it be shared with and for what purpose?

We are working with partners and organisations locally and nationally to make sure we deliver a co-ordinated and good service to you. We will share personal information where it is necessary and proportionate in responding to the pandemic. We will, where applicable, share your information with the following:

  • community hubs
  • voluntary organisations and any other providers where we feel they can help meet your service needs

This is not an exhaustive list and may change as the situation with the pandemic does. Please also refer to the main corporate privacy statement for further examples of third parties who we may need to share your information with, if appropriate and necessary.

How can the service user get access to it?

Make a Subject Access Request

State whether any data is to be transferred outside the EU?

N/A

Is processing based on consent?

You have a ‘right to be forgotten’ so you can ask for your personal information to be deleted where:

  • It is no longer needed for the reason why it was collected in the first place
  • You have removed your consent for us to use your information and we do not have to keep your information for legal reasons

If we have shared your personal information with others, we will do what we can to make sure those using your personal information comply with your request for erasure.

We may not be able to delete your personal data if it is needed for legal reasons, for reasons of public health, public interest or for medical purposes.

What other rights does the service user have that we have to make known to them?

The right to have their data corrected, the right to have their data deleted and their right to put a complaint to the Information Commissioner’s Office (ICO)

State if there will be any automated decision making

N/A