Christmas opening times 2024: We are closed to all but essential services over the Christmas period. You can still use our online services to report, apply and pay 24/7.
Privacy notice
We process personal data to provide public services.
Personal data is information about living identifiable individuals This could include, but is not limited to:
- someone's name
- address
- contact details
- photograph
- sound recording
- details of someone’s behaviour
- lifestyle
- physical or mental health needs
- unique number (such as a vehicle registration plate or National Insurance number)
We decide what personal data we need and how to use it. This means we are a Data Controller. We are registered as such on the Information Commissioner’s Register of Data Controllers.
When we collect personal data, we are required to make sure:
- you are clear what data we need and why
- what we intend to do with it
- what your individual rights are
- who you can contact for enquiries or concerns about the use of your personal data
This is called a privacy notice. We can do this verbally or in writing.
This page is our general privacy notice. We have included specific privacy notices below for the services that process large amounts of personal data.
Why we collect and use personal data
We collect and use personal information to:
- provide, plan and manage our services
- carry out our regulatory, licensing and enforcement roles
- carry out any other tasks which we have to do by law
- make and take payments and grants and spot fraud
- listen to your ideas about our services
- tell you about our services
- evaluate and improve services
We might collect your personal data directly from yourself, from someone acting on your behalf, or from another third party. We might collect this data in person, over the telephone, in writing, or captured as an image, audio or film recording.
We can only use your personal data if we have a lawful basis for doing so. The lawful basis will be recorded on the Council’s Record of Processing Activity and, where appropriate, on relevant service area privacy notices.
If we rely on consent to process your data, you have the right to withdraw that consent at any time. To withdraw consent, either contact the Service that you provided the consent to or contact the information management team.
Sharing your information
We share personal data internally within the council and also with external third parties so we can carry out our work. Internal sharing might include checking your eligibility for a service (eg free school meals) or keeping accurate records, whereas external sharing might be to ensure you receive the right service (eg social care support).
Who we share information with depends on the service we are providing and your circumstances, but may include:
- healthcare, social and welfare organisations and professionals
- providers of goods and services
- financial organisations, including debt collection, tracing and credit referencing agencies
- elected members
- local and central government
- ombudsman and regulatory authorities
- professional advisors and consultants
- police forces, other law enforcement and prosecuting authorities
- voluntary and charitable organisations
- Disclosure and Barring Service
- Courts and Tribunals
- utilities providers
- managers within your service area, department, section or team
When personal data is shared, only the minimum amount is shared and relevant contracts and / or agreements will be in place.
Fraud prevention and detection
We are required by law to protect the use of public funds and for this reason we share information with internal services and other bodies responsible for auditing or administering of public funds to detect and prevent fraud. This sharing includes, but is not exclusive to the Council’s external auditor, Department for Work and Pensions, other local authorities, HM Revenue and Customs, the Police, credit reference agencies.
We also share personal data with the Cabinet Office for the National Fraud Initiative. This is a national data matching exercise, which takes electronic data from the private and public sectors to identify potential fraudulent claims and payments.
The Cabinet Office stipulates the data that they need and subsequently provides us with details of the cases where the matching indicates an inconsistency or potential for fraud, so that we can investigate further. This data matching is carried out under the Local Audit and Accountability Act (part 6, Schedule 9) and does not rely on your consent.
How long we keep information for
This varies depending on the type of information, as well as the legal requirements and reason we are keeping the information. In some instances the law sets the length of time information has to be kept. We also have retention and disposal schedules which give details about how long we need to keep different types of information.
Your data rights
You have the following rights in regard to your personal information, to:
- access copies of any records we hold about you
- have any information we hold about you corrected
- have any information we hold about you deleted or destroyed
- restrict how information we hold about you can be used or shared
- object to information about you being held
- have any information we hold about you transferred to a third party
- challenge decisions relating to you made using automated decision making and profiling (currently we have no services that use automated decision making or profiling for decision making)
Please note there may be times that we cannot fulfil these rights fully because of legal reasons, for example we cannot delete your data if we still need it.
If you want to exercise any of the above rights, please make a subject access request.
Who to contact about the way your personal data is handled
If you have any queries, concerns or complaints about the way we process your personal data, including the way we handle information requests, you can contact our Customer Services or the Data Protection Officer.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to contact the Information Commissioner’s Office.
Adoptions
How we use your information
Sheffield City Council’s Adoption Service works to promote adoption across Sheffield, assess the suitability of adopters, match children and young people to the right adopter, and provide support and guidance to the adopter and adoptive family.
To carry out these activities we need to collect and process personal data about the prospective (or approved) adopters and the children, including:
- name, address, contact details, date of birth, gender, language
- ethnicity, disability, religion and medical information
- family network and relationship information
- education, employment and financial information
- assessments and approvals for suitability to adopt children
- criminal history
We collect and use this information to comply with our legal obligations under the Adoption and Children Act 2002 and 2006, Adoption Agencies Regulations 2005, and Children’s Act 1989.
When we process special category (sensitive) personal information, we rely upon reasons of the provision of social care. The relevant GDPR references are articles 6(1(e) and 9(2)(h).
How we share your information
As part of the application process, we share information with third parties to assess the prospective adopter’s suitability, which will include:
- our internal services
- other local authorities
- past and present employers
- schools, friends and family members
- health agencies
- adoption agencies and the Adoption Panel and Agency Decision Maker
As an approved adopter, information may be shared to help us fulfil our activities mentioned above with the Adoption Panel, adoption agencies, Inland Revenue, OFSTED, health agencies, schools, other local authorities and Adoption UK.
We will also share information with law enforcement or other authorities where permitted by law and provide data to the Cabinet Office for the National Fraud Initiative, which matches data to detect fraud and error.
How long your information will be kept
We create a case record for each adoptive applicant (including approved adopters, unsuccessful applicants and applicants that withdraw from the process) which holds the information obtained as part of the application, background checks and assessment, decisions and outcomes.
We keep adoption files for 100 years from the date of the Adoption Order.
We keep the records of adopter applications that were not approved or the individual withdrew from the process for at least 15 years.
However, we are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual Abuse (aka the ‘Goddard Inquiry’). When the Inquiry concludes and we are no longer required to retain all records, our usual data retention rules will be applied.
Adult Care and Wellbeing
What types of information do we collect from you?
We collect information from you when you visit our website; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.
We collect different types of information about you depending on the service you want or need from us. This could be basic personal information (for example your name and address), or more sensitive information, for example, information about your health.
We need to process this information to meet our statutory duties to you as outlined in legislation such as the Care Act 2014, Mental Capacity Act 2005, and Human Rights Act 1998.
How will we use your information?
We use the information we have about you to:
- consider your need for care and to draw up a plan of support with you
- to manage and monitor the quality of our services
- to make our statutory statistical returns to government
The information provided to us will be used to agree the right type and level of support for you. The support may be provided by the following teams/service:
- Equipment and Adaptations
- City Wide Care Alarms
- First Contact and the Multi Agency Safeguarding Hub (MASH)
- Future Options
- Living and Ageing Well
- Care Homes Team
- Continuing Health Care Team
- Health and Housing
- Sensory Impairment team
- Hospital and Out of Hours
- Learning Disability Provider
- Shared Lives
- Short Term Intervention Team
- Services commissioned by the Council
- Mental Health Social Work Teams
Who do we share your information with?
We will only share your information with people and agencies to ensure you receive the appropriate and/or required care. This may include:
- health agencies (Integrated Care Board (ICB))
- care home providers/home care providers
- education providers
- other Councils
- others in the local authority, to monitor spending, help with research and planning, and to help to investigate any worries or complaints you may have about your care
- Sheffield Carer’s Centre, to ensure carers needs are met
- other appropriate professionals where necessary, to support a person’s wellbeing when in safeguarding episodes
We may share your information with the Care Quality Commission (CQC) so they can monitor the quality of services we are providing. The CQC Privacy Notice provides more information about this.
You can ask us not to share your personal information with other individuals or organisations at the very start of our contact with you, or at any other time. If you do not want your personal information shared then you should speak with the social care worker known to you and tell them of your decision.
It is important to remember that if we are not able to pass your information to other organisations, this may then reduce the options available, delay, or on occasion prevent you from getting the help you need.
In certain circumstances your personal information may need to be shared against your wishes if there is a legal requirement for us to do so. We must give information to courts if there are legal proceedings or a court order, to prevent crime, or if there is a risk of harm to you or another person.
We have a senior person responsible for protecting the confidentiality of your information and enabling appropriate information sharing. This person is called the Caldicott Guardian and Dawn Bassinder is the Caldicott Guardian for Adult Social Care.
How long do we store it and is it secure?
We only keep information for as long as it is needed. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice. For most records this will be for eight years after we have ceased to work with you.
Our IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care.
Where can I get advice?
For further information about your rights in relation to the personal data we process you can call First Contact on 0114 273 4908.
You can also obtain a copy of this privacy notice if you phone First Contact.
Adult Social Care: Canary Care Assistive Technology Care Assessments
How we use your information
Under the Care Act 2014, the Council are under an obligation to provide you with the best possible care. To do so, we will need to carry out an assessment of what level of care you need.
As part of this assessment, we will use Canary Care assistive technology to gather information about your needs at night time. This will involve placing motion sensors in your home which will collect information about your movement in the home at night time, the movement of entrance doors and level of room temperature to ensure that you are safe. This information will then enable us to determine the best level of care and support that you need through the night.
The technology helps us to gather enhanced data about movements to inform your support plan and it can help to identify where you require more care. Examples, of where the technology has provided great benefit, are:
- picking up sleep problems and identifying where someone requires more care through the night
- fall sensors or epilepsy sensors which can enable the support team to respond quickly
- temperature sensors to monitor whether someone’s home is at a suitable temperature
Under Data Protection Law, the information collected by the Canary Care technology is being processed to help assess your needs and to provide assurance that we are providing the best care possible, tailored to your needs and to fulfil our statutory duties under the Care Act 2014.
Who we will share your information with
The Canary Care Technology will be installed by our contractor Tunstall who professionally analyse the information and provide the Council with a care report based on your needs. Tunstall will only have limited personal information about you to carry out this assessment. We may also share this information with Care Providers who provide care to you on the Council’s behalf.
How long we will keep your information
The information that the Canary Care technology collects and the assessment report provided to us by Tunstall will be kept with your social care file and will be destroyed with your care file when we have no legal reason to keep it. Tunstall will not keep a copy of your information and will destroy it as soon as the findings and recommendations have been reported to the local authority.
Allotments
Sheffield City Council processes personal data to lease allotments across the city.
We have to collect information to:
- assess your suitability to take on an allotment tenancy
- allocate allotments fairly
- enable the effective management of allotment tenancies
- investigate and respond to enquiries and complaints
- invoice and collect payments
The information we need includes your name, address, contact details (telephone and e-mail), date of birth and any relevant health or financial information to provide the most appropriate plot and charge the correct rent.
We use your contact details to notify you of available allotments and to arrange plot viewings. If you choose to take on a plot, your information is used to draw up a tenancy agreement. We then use your information for billing purposes and for communications relating to the allotment service.
Under data protection law, we need to have a lawful basis to process personal data. The lawful bases we use are:
- Article 6(1)(e) processing is necessary for the performance of a public task to provide allotments under the Allotment Act 1908, modified by the Allotment Act 1950
- Article 9(2)(a) processing of special category data, for instance health information, is done with your consent to help ensure we allocate a suitable plot
In some circumstances, we might rely on Article 6(1)(a) and ask you for your consent if you want to take part in allotment related competitions or publicity or to join local allotment societies and interest groups.
Who we will share your information with
We share some contact information (title, name, e-mail address, phone number) with allotment site volunteers who assist in the running of the sites, including in the organisation of plot-viewings for prospective tenants.
If you enter into an allotment tenancy, your information is shared with the internal Council department concerned with invoicing for allotment rent payments. Your information may also be shared with the environmental health department in relation to environmental matters such as bonfires, noise, requests for pest control service, dog control orders, and waste disposal. Your information may be shared with the police if we need to report theft or criminal damage at an allotment site or if we suspect that an allotment is being used for criminal purposes.
We might also share your contact details with Allotment societies, but only if you have given us consent to do so.
How long we will keep your information
The information you provide is kept for 6 years from the date you cease to be an allotment tenant or are taken off the allotment waiting list.
Anti-social behaviour services
Sheffield City Council has three teams/services that investigate reports of anti-social behaviour (ASB) from residents across Sheffield:
- the Housing and Neighbourhood Service investigate reports of anti-social behaviour made against Council tenants and leaseholders.
- the Anti-Social Behaviour Team investigate reports of anti-social behaviour involving other types of housing tenure, including owner-occupied and private rental properties. They may also investigate more complex cases of anti-social behaviour involving Council tenants.
- Environmental Protection Services investigate certain reports of anti-social behaviour that include noise nuisance.
The purpose of these teams/services is to investigate and take action to resolve ASB. This can include taking enforcement action.
The type of information we collect
We collect personal data in order to provide these services, which may include:
- contact details (name, address, telephone number and email address)
- personal identifiers (date of birth, nicknames, national insurance number)
- household data (details of who you live with)
- your ethnic origin, religious or philosophical beliefs, gender and sexual orientation (but only where this is relevant to your ASB case)
- your disability or any other medical or health information (but only where this is relevant to your ASB case)
- criminal offence data, if an incident of ASB represents criminal activity, or if you have previous criminal convictions that are relevant to your ASB case
- property tenure (owner-occupier, private rental, Council tenant, social housing tenant, Council leaseholder) and details of the landlord/owner (if you rent)
- details of each ASB incident (such as when and where it occurred, who was involved, what happened, were there any witnesses, and who the incident has been reported to)
- customer interaction (records of contact between you and our staff)
- customer feedback (surveys, complaints, compliments)
We may collect this information directly from you. However, we also obtain or receive information from:
- the individual(s) that you are complaining about
- the individual(s) that have complained about you
- the police
- your housing provider
- other Council teams and services
If necessary, information may be collected using covert or overt surveillance. Covert surveillance can include CCTV, sound recording equipment and plain-clothed patrols. Overt surveillance can include CCTV and high-visibility patrolling.
How we use your information
We use your personal data to:
- record, investigate and resolve complaints of anti-social behaviour
- identify breaches of conditions specified within tenancy agreements
- take tenancy enforcement action
- take civil and criminal law action
- keep neighbourhoods in Sheffield safe
- undertake enquiries into allegations of subletting to prevent fraud
- identify any individual support needs
- inform you about our services
- provide services you have requested from us
- to ensure we meet other legal obligations e.g. Health & Safety
- monitoring tenant and resident satisfaction and informing future service delivery
- obtain statistical information to help us make decisions, such as the future allocation of resources.
Under data protection law, we need to have a lawful basis to process personal data. The Anti-Social Behaviour Services will rely on one of the following conditions:
- processing is necessary for the performance of a contract (Article 6(1)(b) of UK GDPR). This will be the case if you have a tenancy agreement with us, or are a Council leaseholder.
- processing is necessary for compliance with a legal obligation, such as those set out in the Crime and Disorder Act 1998 and the Anti-Social Behaviour, Crime and Policing Act 2014, which require us to do all we reasonably can to prevent crime and disorder in our area and to investigate incidents of ASB (Article 6(1)(c) of UK GDPR).
- processing is necessary for performance of a task carried out in the public interest (Article 6(1)(e) of UK GDPR)
Special category personal data is processed for reasons of substantial public interest (Article 9(2)(g) of UK GDPR), for statutory and government purposes (Schedule 1 Part 2 Paragraph 6 of the Data Protection Act 2018).
Any criminal offence data is processed in compliance with Article 10 of UK GDPR, for statutory and government purposes (Schedule 1 Part 2 Paragraph 6 of the Data Protection Act 2018).
Who we share your information with
The Anti-Social Behaviour Services may need to share your personal data with other Council services, or with partner agencies, in order to investigate complaints and take action to resolve the ASB. These can include:
- the police
- adult and children’s Social Services
- health services
- registered housing providers
- education providers
- probation and youth justice services
- fire and rescue Services
- substance misuse agencies
- domestic abuse agencies
- other local authorities
- other voluntary organisations or charities
On occasion, we may have a duty to share your personal data with:
- Sheffield Safeguarding Hub, the Sheffield Adult Safeguarding Partnership or another statutory agency for safeguarding purposes or where safety may be at risk
- emergency services and healthcare professionals for your vital interests and safeguarding
- the police and other law-enforcement services for the prevention and detection of crime, or where we are required to do by a Court Order
- our regulators, such as the Regulator for Social Housing, the Housing Ombudsman or the Information Commissioner’s Office
How long we keep your information
We hold personal data in line with the Council’s retention schedule. If you are a tenant of Sheffield City Council, we will keep your personal data until the end of your tenancy, and then for a further 6 years.
We will keep ASB records about other property tenures for seven years after the case has been closed.
We will keep records about noise complaints for three years after the last action. However, if an abatement notice has been served, we will keep the records for six years from the end of the enforcement action.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
Your rights
If you have any queries, concerns, or complaints about the way we process your personal data, you can contact our Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner’s Office. For further details, please see https://ico.org.uk/make-a-complaint/.
Bereavement Services
Purpose of the privacy notice
This privacy notice explains how your personal data is processed. This includes what personal information we will collect, how this this used and who it is shared with. The notice also explains why the Council requires your data, and the legal basis on which it does this. This privacy notice relates to the Council’s Bereavement Services.
How we will use your information
The information provided to us will be used when processing a cremation, burial or memorial request. When we process your personal data we will comply with the data protection legislation and enable you to exercise your rights contained within the legislation.
Legal basis for processing
We may process your personal data to comply with legal obligations to which we are subject, such as regulatory or statutory requirements.
In certain circumstances, we may process your personal data to fulfil tasks carried out in the public interest or in the exercise of official authority vested in us.
Processing of your personal data may be necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
If applicable, we may collect payment details, such as credit card numbers or bank account information, to process transactions.
This is collated in accordance with The Cremation (England and Wales) Regulations 2008 and Local Authorities Cemeteries Order 1977.
For further information visit the Information Commissioner's Office website.
The data we collect
We collect personal information from you, including your name, contact details, address and other identifying information necessary for the provision of our services.
Who we share your information with
Your information will only be used by the Council. We do not share it with any third party.
How long we will keep your information
The information you provide will be retained for a specific period of time. Where information is stored electronically this will remain on our systems in accordance with The Cremation (England and Wales) Regulations 2008. Paper copies of this information will be stored for a period of 2 years before being disposed of. Where there is not an electronic record of this information it will be kept for 15 years before being disposed of.
Further information can be found under The Cremation (England and Wales) Regulations 2008, Section 7 and The Local Authorities' Cemeteries Order 1977, Section 11.
Your rights under data protection law
You have rights under data protection law. For details about your rights, the contact details of our Data Protection Officer, and how to make a complaint, please visit our general Privacy Notice at the top of this page.
Changes to this notice
We reserve the right to update or modify this notice at any time. Any changes will be reflected on our website and will become effective immediately upon posting. This privacy notice was last updated on 17 May 2024.
Blue Badge Service
How we use your information
We process personal data to manage the applications for a blue badge (new or renewals), assess eligibility, issue and distribute blue badges, take payments, monitor their use and take enforcement action if necessary.
To do this, we need to collect information about the person requesting the blue badge, which includes the following:
- full name, title, address and contact details
- date of birth, gender
- proof of identification and residency
- photograph National Insurance Number
- disability benefits details
- health and medical information
This information is processed in accordance with the General Data Protection Regulations, article 6(1)(e) in performance of a public task to fulfil our obligations under the Disabled Persons (Badges for Motor Vehicles) (England) Regulations 2000, and, for special category data, article 9(2)(g) substantial public interest for the provision of health and social care.
How we share your information
The information you provide in your application form will be uploaded to the BETA national database owned by Valtech. BETA is commissioned by the Department for Transport.
United Kingdom enforcement authorities will have access to all Blue Badge records via BETA where only the necessary information will be made available for the detection or prevention of fraud.
We are obliged to share your information with other local authorities, the government, the police and parking enforcement officers for the detection or prevention of fraud.
Your name, address, date of birth, contact information and blue badge details will be shared with the Cabinet Office for data matching under the National Fraud Initiative.
How long your information will be kept
We keep information about blue badge applications on our Customer Relationship Management system (for a period of 6 years) and the electronic or physical documents in a separate case file.
Unsuccessful paper applications are kept for up to 1 year after the decision not to award a badge; successful paper applications are kept for 3 years from the badge issue date.
Records created as part of an investigation into the misuse of a blue badge will be held for 6 years after the case is concluded.
What are your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Building Control
How we will use your information
The Council’s Building Control Service is required to assess the design, construction, alteration and demolition of buildings to ensure building work complies with the Building Regulation Act 1984.
We are required by law to collect and maintain records, such as:
- building regulations applications, initial notices and final certificates
- demolition notices
- dangerous structure assessments
- sports stadia certificates
- work completed by competent persons
- building Control Public Register
These records will often contain personal data about the applicant requesting a service or the details of the persons completing the work (eg name, home address, contact details, business address and contact details, professional qualifications, etc). This processing is necessary to fulfil our statutory duties and the performance of a public task.
How we will share your information
We may share your information with the following third parties as part of a statutory consultation dependent upon the type of work you are undertaking:
- Yorkshire Water
- Severn Trent Water
- South Yorkshire Fire and Rescue
We may also need to share information on a case-by-case basis with other Sheffield City Council colleagues, the Valuation Office and for new dwellings only, the LA Building Control Warranty.
How long will your information be kept
The information you provide will be kept for a minimum of 15 years as stated in the Building Act 1984.
Channel
How we use your information
We have a statutory duty under Sections 36 to 41 of the Counter Terrorism and Security Act 2015 to provide support for people vulnerable to being drawn into any form of terrorism. We process personal information to support vulnerable individuals through the Channel process to safeguard them from being drawn into terrorism.
In the course of delivering our statutory responsibilities under the Channel process, we need to process personal data such as:
- name, address, contact details, date of birth, gender
- ethnicity, disability, physical, emotional and mental health status, and drug and alcohol use
- personal identifiers (eg NHS number)
- details of family and personal relationships
- educational and employment history
- care and safeguarding services provided and reasons for support (eg issues, challenges)
- living arrangements
- offending history and data relating to relevant criminal convictions and offences
- lifestyle and online activity
- political and religious beliefs
- primary language or any other spoken
- immigration status
We process this information to comply with our legal obligations and carry out public duties under the Counter Terrorism & Security Act 2015, The Crime and Disorder Act 1998, Childrens Act 2004, Care Act 2014, Human Rights Act 1998 and Equalities Act 2010.
These legal obligations require us to:
- identify individuals at risk of radicalisation, assess the nature and extent of that risk and develop the most appropriate support plan for the individuals concerned.
- safeguard and support vulnerable individuals, and to monitor their progress
- enable a multi-agency approach to safeguarding individuals
- support access to relevant support and advice
- implement a Channel panel
- ensure accurate records are kept detailing support, agreed actions and decision-making, and outcomes
- identify local trends and patterns to inform future practice and support
Under Article 6(1)(e) GDPR and section 8 of the DPA 2018 data may be shared if it is necessary for the purpose of a statutory function. Channel is a statutory function as per section 36, Counter Terrorism and Security Act 2015.
If we need to collect special category (sensitive) personal information (eg health, ethnicity, religious beliefs, etc), we rely upon reasons of substantial public interest (safeguarding of children and of individuals at risk, prevention of crime, national security and equality of opportunity or treatment) for the implementation of the Channel process.
Under Article 9(2)(g) GDPR and paragraph 6 of Part 2, Schedule 1 DPA 2018, information may be shared where there are reasons of substantial public interest, and for the discharge of a statutory function, which is set out in section 36 of the Counter Terrorism and Security Act 2015.
Information regarding Channel will be recorded on the Home Office-owned Case Management Information System. The Home Office uses this data to publish national Channel statistics, policy development and quality assure case management. You can read the Home Office Channel Data Privacy Notice.
How we share your information
We collect information from you or your representatives, but we also get it from / share with other people or organisations to help safeguard you from radicalisation. Information is shared securely and only when it is necessary to do so.
- partners of the local Channel Panel under Schedule 7 of the Counter Terrorism and Security Act 2015 (Channel referrals, Risk assessments, Meeting notes, support plans, and referrals to other sources of support)
- NHS Trusts, CCG and GPs
- local authority Adults and Children’s Social Care services
- schools, further education colleges and universities
- youth offending services
- other local authority services including Early Intervention, Safeguarding, Substance Misuse services
- Home Office Immigration Service
- housing providers
- prisons
- probation services
- Home Office
- Home Office approved Intervention Providers
- third sector or voluntary commissioned service providers
- other local authorities (transfer of cases)
- your family members
We will share personal information with law enforcement or other authorities if required by applicable law.
How long your personal data will be kept
Your data will be kept for 6 years from the closure of your Channel case after which it will be deleted.
Keeping your personal information secure
We have security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We manage access to those that need it for business purposes and such users are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected information security incidents and personal data breaches and will notify you and any applicable regulator if there is a data breach that we consider would cause harm.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Children Missing Education
Purpose for processing your information
The Children Missing Education (CME) Team is responsible for fulfilling the legal duty to ‘make arrangements to identify, as far as it is possible to do so, children missing education (CME)’ (Section 436A of the Education Act 1996). The duty relates to children who are of statutory school age, from 5 to 16 years of age.
The work of the team is divided into two distinct areas:
- to identify children who have moved to Sheffield (or living in Sheffield) and are not registered at a school or being electively educated at home by their parents (Elective Home Education). The team provides direct advice and support to these parents/carers to secure education provision. This also includes referral to other agencies
- to track children who have left Sheffield or a Sheffield School and a destination school is not confirmed
With regards to data protection, we process your personal data under articles 6 and 9 of the General Data Protection Act 2016: article 6(e) processing is necessary for the performance of a public task in accordance to the Education Act 1996; article 9(2)(g) processing for substantial public interest (statutory purposes).
We collect the following information
In order to carry out our statutory duty and support children to secure education provision the CME team will contact, receive and share information with a range of agencies which will include, but not limited to: a parent/carer for the child, the child’s previous school(s), health professionals, Social Care Youth Offending teams, Housing services, Family support services (including Voluntary Community and Faith sector), social care and alternative education providers etc.
The personal information that we receive and process in relation to parent/carers and children includes:
- personal details such as name, title, addresses (current and previous), contact numbers, and personal email addresses, National insurance numbers (where applicable). The details will relate to the family members
- personal demographics including date of birth, gender, ethnicity
- education information including any Special Educational Needs and Disability (SEND) and previous or current school details and information eg attendance, exclusions, education and development levels, subjects being studied and expected grades
- involvement with any statutory services such as Social Care, Access and Early Help, School Admissions, Exclusions, Data Team, Housing, SEN, and Youth Justice Service
- involvement with health services including school nurses, doctors, consultants, psychologists, Child and Adult Mental Health Services
- involvement with housing, voluntary/community and faith sector organisations, personal and family support services eg drug and alcohol support services, domestic violence refuges etc
- involvement with the Police and/or probation
- enquiries made with Council tax, housing services
We also obtain personal information from other sources including personal details, characteristics, educational history and professional involvement from previously attended schools, NHS, other local authorities.
How we collect your information
The initial CME notification may come from a range of sources including other local authorities, your child’s current or previous school, NHS, other professionals such as Social Services, CME Officers in other authorities. We may also be notified by anonymous referrals made by members of the public.
We will collect and check the information that we have been given at the initial appointment with the CME team, if you are applying for a school place.
Who the information is shared with
We will share you and your child’s details with relevant organisations and agencies to enable us to secure and provide education provision to your child, or support to you/your family. We will inform you when we will share your information, with whom and for what purpose. Sometimes we may ask you to sign a consent form, for example, if we are referring to another agency eg education psychology, alternative education providers.
The Children Missing Education Team may also use your information for other legitimate purposes and may share (where necessary) with other Council departments and external bodies responsible for administering services to children and young people. Reasons for sharing information with the internal and external bodies will be: to enable the tracking and monitoring of children missing education who were previously residing in Sheffield, to fulfil the council’s safeguarding duty and comply with the Prevent Strategy, the Home Office to notify of potential illegal immigration, the Police may request information at any time as part of a criminal investigation, and HMRC to detect and prevent fraud.
Internal bodies are, but not limited to: Admissions and Access to Education that covers Children Missing Education (CME), Elective Home Education (EHE), Exclusions and Child Licensing, Education Psychology Service, Hearing and Visual Impairment Service, the Data Team, the Early Help Service, the Safeguarding Service, Governance and Legal Services, Complex Casework Panel, and Every Child in Education Every Day (ECIEED).
External bodies are but not limited to; schools/academies, including independent and boarding, Alternative education providers commissioned by the council to provide services to Sheffield children, Sheffield Futures, other Councils/boroughs and the Police. The Home Office, Her Magistrates Revenues, and Customers and the Department of Work and Pensions. External organisations commissioned by the authority to provide services for Sheffield Children which include Alternative Education providers, and other 3 party organisations.
We may use your information for another purpose if there is a legal duty to do so, to provide a complete service to you, to prevent and detect crime, or if there is a risk of serious harm or threat to life.
Changes in your circumstances
You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.
How long we keep your information
When we collect your information, we update the child’s record on Capita One and also create and maintain a separate case file (currently a physical file).
Capita One is the educational database that processes information about children and young people that have been or are eligible for education services in Sheffield. This information is kept until the child’s date of birth + 25 years, unless the person is subject to specialist educational services in which case the retention is date of birth + 32 years. The family case files are kept for the same periods.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Children’s Social Care Privacy Notice
How we use your information
We process personal information to provide social care services to children and young adults and families.
This privacy notice refers to the children’s social care services including safeguarding and looked after children, but not Fostering and Adoption Services as they are covered in separate privacy notices.
To provide social care services, we need to process personal data such as:
- name, address, contact details, date of birth, gender
- ethnicity, disability, physical and mental health status, and drug and alcohol use
- personal identifiers (eg NHS number)
- details of family relationships, including those of extended family and friends
- educational and or employment history, care plans and achievements
- reasons for support (eg issues, challenges)
- assessment and plan information for children in need
- information gathered during child protection processes (during Section 47 enquiries/ investigations and Child Protection Conferences)
- episodes of being looked after (eg dates, assessments)
- information on care leavers, including their education and employment status and the type of accommodation they are living in
We process this information to comply with our legal obligations and carry out public duties under social care legislation, such as the Children and Social Work Act 2017; Homelessness Reduction Act 2017; Children and Families Act 2014; Children Act 1989.
These legal obligations require us to:
- safeguard and support children, and to monitor their progress
- enable integrated working with other teams and organisations to ensure you receive the right support at the right time
- plan and provide the most appropriate level of support to you and your family
- support access to relevant support and advice, services and groups, including supporting parents with parenting and with their drug and alcohol use
- prepare information for the courts as required
- evaluate and quality assure the services we provide, and improve our policies on children’s social care
- inform future service provision and the commissioning of services
- analyse service provision and effectiveness, and model patterns of service involvement to support future service delivery planning (see the pupil Information privacy notice for more details)
- undertake our statutory duties to refer families as required to local housing authorities to reduce homelessness
- inform you about forthcoming events/activities in Family Hubs or other multi-agency services that may be of interest to you, if you have consented for us to do so
- participate in programmes such as the Building Successful Families
- compile statistical returns
If we need to collect special category (sensitive) personal information (eg health, ethnicity, religious beliefs, etc), we rely upon reasons of substantial public interest (safeguarding of children and of individuals at risk, and equality of opportunity or treatment) for the provision of social care, or the management of social care systems or services, for social security or social protection law, and for the establishment, exercise or defence of legal claims whenever courts are acting in their judicial capacity.
How we share your information
We collect information from you or your representatives, but we also get it from other people or organisations:
- the police or probation (eg referrals, missing young persons)
- schools (eg attendance, exclusions, educational needs or safeguarding referrals)
- children’s charities (eg safeguarding)
- other local authorities (eg children in care placed in Sheffield)
- NHS and health agencies, particularly unscheduled health care visits via Child Protection Information Sharing Project by looked after children or people with child protection plans
- we may also share your information with other parties to support you or to deliver the appropriate care and services:
- internal social care service teams
- commissioned providers of local authority services (Children’s Homes, supported living, and secure accommodation)
- educational settings and providers
- partner organisations such as NHS, health visitors, midwives, local authorities, housing providers, police, probation, school nurses, doctors and mental health workers
- voluntary and charitable agencies
- Her Majesty's Courts and Tribunal Service
- government departments such as Department of Education, Department of Work and Pensions, and the Home Office (eg looked after children or children in need)
- Ofsted (in the event of a local authority inspection of children’s services)
We will share personal information with law enforcement or other authorities if required by applicable law.
How long your personal data will be kept
We create an electronic case file for every social care referral or case and my also hold a physical case file. We keep children and young people’s social care files for 32 years from date of birth, but this retention will be extended for the following records or social care involvement:
- Child Safeguarding Practice Review, 32 years from date of birth
- Child Protection Plans, 75 years from data of birth
- Children in Care files, 75 years from date of birth
- Child Safeguarding Risk Assessments, 100 years from date of birth
- Local Authority Designated Officer (LADO) notifications, 100 years from case closure
- Safeguarding - persons posing a risk to children and those cautioned or convicted of offences against children, 100 years from the date of the caution/ conviction
If a child/young person dies before the age of 18 records will be retained for 15 years from their date of death
However, we are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual Abuse (aka the ‘Goddard Inquiry’). When the Inquiry concludes and we are no longer required to retain all records, our usual data retention rules will be applied.
Keeping your personal information secure
We have security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We manage access for those that need it for business purposes and these users are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected information security incidents and personal data breaches and will notify you and any applicable regulator if there is a data breach that we consider would cause harm.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Clean Air Zone
What is a Clean Air Plan
Sheffield and Rotherham are jointly mandated by central Government to address illegal levels of nitrogen dioxide (NO2) concentrations across the two local authority areas.
The local authorities are jointly directed to implement their local Clean Air Plan (CAP) to achieve compliance within 2023. The local CAP includes the introduction of a charging Clean Air Zone in central Sheffield. Data gathering for evaluation of the CAP interventions will take place from November 2022 and is predicted to continue into early 2026.
What is a Clean Air Zone
A Clean Air Zone (CAZ) is an area where targeted action is taken to improve air quality, by discouraging the most polluting vehicles from entering the zone.
No vehicle is banned in the zone, but those that do not have clean enough engines will have to pay a daily charge if they travel within the area.
Sheffield City Council will be introducing a Class C chargeable zone for the most polluting large goods vehicles, vans, buses and taxis that drive within the inner ring road and city centre.
Private cars and motorbikes will not be charged.
Sheffield’s CAZ website has more details.
The CAZ privacy notice
This CAZ privacy notice supplements the Council’s general privacy notice here. This supplemental notice explains how the Council processes and shares your personal data for the purposes of the CAZ as joint data controller with the Joint Air Quality Unit (JAQU). JAQU is a joint unit of the Department of Transport (DfT) and the Department for Environment, Food and Rural Affairs (DEFRA) established to oversee the UK plan for tackling roadside NO2 concentrations.
This CAZ privacy notice deals only with personal data in respect of which the Council is a joint controller with JAQU. For information on how JAQU processes and shares your personal data with organisations other than the Council please refer to JAQU’s own privacy notice.
To enable the Council to operate its CAZ, JAQU is delivering the CAZ Central Service, a digital service that allows the Council to:
- determine whether a vehicle entering a CAZ is compliant with the CAZ framework, and if the vehicle is not compliant, whether it is liable to be charged and, if so, how much: and
- provide a first point of contact for the resolution of queries and to support assisted digital users
The CAZ Central Service also allows individual motorists and fleet operators to pay for entry into the CAZ.
To monitor the CAP scheme JAQU is undertaking a central evaluation of the Nitrogen Dioxide (NO2) programme.
The NO2 programme sets out to tackle NO2 roadside exceedances. Local authorities with the most persistent NO2 problems are required to develop and implement Local Clean Air Plans to achieve compliance within statutory limits in the shortest possible time.
The central evaluation is being run within JAQU to understand the impact of the Local Plans, both on NO2 concentrations, as well as the populations in the areas where they are being implemented. This evaluation involves the processing of vehicle registration numbers to provide a picture of the changing fleet composition in Local Plan areas. This fleet composition data is also used in the programme’s national compliance reporting.
What personal data is being collected and how is it used
JAQU and the Council will be using the Council’s automatic number plate recognition (ANPR) cameras to record your number plate, also known as a vehicle registration number (VRN).
The cameras will be supplied and operated by Yunex as a data processor for the Council. Your VRN will also be collected if you use the vehicle checker to check if you’ll be charged to drive in a CAZ. This service is accessible on the GOV.UK website. JAQU and the Council treat your VRN as personal data.
For the purposes of the CAZ Central Service customer contact centre, through which you can make any enquiries concerning the operation of the CAZ, and to enable resolution of any queries you may have, JAQU and the Council may share your:
- first name
- surname
- phone number
- email address
- number plate (VRN)
For evaluation purposes only VRN data will be captured.
How we will use your personal information
We collect your personal information for the following purposes.
After the CAZ has gone live
If your vehicle is liable to be charged and travels in the CAZ once it is in operation, you will be able to pay using a credit or debit card, or by Direct Debit. When you enter your bank details to make payment, they will be processed by the CAZ Central Service (using GOV.UK Pay and GoCardless acting on behalf of JAQU, which will store the payment transaction). The payment data is exchanged with the CAZ Central Service but will not be stored.
An email address will be requested from you to allow a payment transaction receipt to be sent by GOV.UK Notify or GoCardless. The Council will be sent confirmation of the payment including the VRN that has been paid for. The payment information in the CAZ Central Service is matched with the ANPR feed from local authorities to exchange payment status.
The Council will share the VRN data captured by Yunex (as Data Processor for the Council) with JAQU and DVLA for the purpose of determining whether your vehicle meets the CAZ charging criteria and, if so, with JAQU as part of the payment, charge settlement and refund processes.
Sheffield City Council may use a third party resilience contract to provide additional resource capacity for back office enforcement activities using Yunex’s Metro software. Sheffield City Council may also instruct GoCardless or GOV.UK Pay to refund funds to the account from which payment was made.
How long your personal data is kept
We will hold your personal information in line with Sheffield City Council’s retention schedule.
At its expiry date, the information will be reviewed, and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this your personal information will be securely destroyed.
JAQU will retain your payment transactions for a period of 7 years in the service. These include the number plate(s) against which the payment is made. Users will be able to view transaction payment history for up to 18 months of account creation or from when a payment is completed.
The email data is retained on the GOV.UK Notify platform for a period of 7 days and then deleted.
The lawful basis for processing the personal data
The lawful basis for the processing of your personal data is that this is necessary for the performance of a task carried out in the public interest and in the exercise of official authority vested in:
- DfT and Defra, as partners in JAQU; and
- the Council as operator of the CAZ
The lawful basis on which we collect and use personal data is that:
- Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
In relation to the processing of VRNs, using the ANPR camera, the following lawful basis applies:
- Article 6 (1) (c) - processing is necessary for compliance with a legal obligation
For special category personal data that may be processed, the lawful basis is:
- Article 9 (2) (g) of the UK GDPR – processing is necessary for reasons of substantial public interest and is authorised by domestic law (See Section 10 of the DPA 2018)
We hold the information in line with the following legislation:
- Transport Act 2000
- The Road User Charging Schemes (Penalty Charges, Adjudication and Enforcement) (England) Regulations 2013
Who we share your personal information with
We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. It may be necessary to share information with the Police and/or other law enforcement agencies for the purpose of crime prevention or detection
We may share information with the following for these purposes:
NO2 Plan Evaluation data
To understand the extent to which the programme is meeting its stated aim of reducing nitrogen dioxide concentrations to within legal limits in the shortest possible time, a clear understanding of fleet composition (with reference to Euro Standards) before, during and after implementation of Local Plan measures, is needed.
We will be sharing VRM details with JAQU before the CAZ goes live, and then quarterly for the duration of the evaluation. DfT will match this data with vehicle type and emissions data which will be anonymised, before being sent back to the local authority and 3rd parties (Ricardo Energy and Environment and Ipsos MORI) for further evaluation and reporting.
Neither the Council nor JAQU will retain the VRN data, but DfT will retain pseudonymised data (where identifying details are replaced with a key) for no longer than 12 months.
How we will keep your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
JAQU has an access management process that controls who has access to all systems and audits user access on a regular basis to update access rights. Security arrangements are in place to ensure that only authorised personnel can access the data eg log in accounts for licensing authorities.
We also have procedures in place to deal with any suspected data security incidents and we will notify you and the appropriate regulator of any incident where we are legally required to do so.
Will your data be sent to other countries?
Data will not be transferred outside of the UK and the European Economic Area.
Who can I contact with any concerns about the CAZ?
Please contact Sheffield City Council’s Data Protection Officer to exercise your processing rights in relation to the Council as joint controller. You can also use this email address if you wish to make a complaint about how your information has been collected, stored or used.
dataprotectionofficer@sheffield.gov.uk or write to:
Sarah Green, Data Protection Officer, Sheffield City Council, Town Hall, Pinstone Street, Sheffield, S1 2HH
JAQU is main point of contact regarding the CAZ.
Please contact the Data Protection Officer for JAQU by email at: data.protection@defra.gov.uk if you have any questions about how your personal data is processed in relation to the CAZ Central Service.
Along with your query, you will need to give your name and email address, which will be used to respond to you. The information you provide will be sent by GOV.UK Notify to JAQU (or their agents acting on their behalf) for the sole purpose of replying to you. Your personal information will be deleted after a year.
What is the arrangement between the joint controllers regarding other matters concerning my personal data?
The joint controllers have agreed the following arrangement to determine their respective obligations under the UK GDPR:
- they have jointly prepared this privacy notice
- they will cooperate with each other in responding to any request each receives from data subjects exercising their rights under data protection legislation in relation to their personal data (a ‘data subject request’). The party which receives the data subject request will fulfil the obligations of the controller to respond to the request in accordance with data protection legislation
- they will provide reasonable assistance to each other to enable a data subject request to be dealt with in an expeditious and compliant manner
- each shall be responsible for fulfilling the controller’s responsibilities under data protection legislation as to security of personal data when that personal data is processed on systems controlled by that party
- if one joint controller discovers a data breach, that party (the ‘reporting party’) will be responsible for assessing whether the breach constitutes a personal data breach that is required to be notified to the Information Commissioner’s Office and (where applicable) to the data subjects under Articles 33 and 34 of the UK GDPR. The reporting party shall fulfil the obligations of the controller to give such notice, if it is required, in accordance with data protection legislation
- they have agreed to provide reasonable assistance to each other in order to facilitate the handling of any data breach in an expeditious and compliant manner
- in the event of a dispute brought by a data subject or a data protection authority concerning the processing of personal data against either or both of them, the joint controllers will inform each other about any such disputes or claims and will cooperate with a view to settling them amicably in a timely fashion
Irrespective of the above arrangement, you can exercise your rights under the UK GDPR in respect of and against each of the joint controllers if you wish.
Where can I find further information about my rights?
A list of your rights under the General Data Protection Regulation, the Data Protection Act 2018 (DPA 20182), is accessible here on the ICO website.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) the UK’s independent body set up to uphold information rights) at any time. Should you wish to exercise that right full details are available on the ICO website.
Review
We review our privacy policy regularly. By doing this we will make sure you are always aware of what information we collect, how we use it and under what circumstances (if any) we will share it with other parties
Closed Circuit Television (CCTV) and Body Worn Video Cameras Privacy Notice
How we will use your information
We operate CCTV in the city centre and on the outside of entrances and some of the communal areas of some of our buildings, including Housing sites and Council offices. Some of our staff involved in enforcement activities (including Parking and Environmental Protection) and our City Centre Ambassadors wear body-worn video cameras to enable them to complete their activities safely.
The footage we record is used for the primary purposes of prevention and detection of crime, protecting public safety and traffic management. Data processing is necessary for us to perform a task in the public interest or for our official functions (GDPR Article 6(e)) in line with the Section 163 of the Criminal Justice and Public Order Act 1994, the Crime and Disorder Act 1998 and the Protection of Freedoms Act 2012).
Where fixed CCTV cameras are operating, there will be signs clearly displayed explaining that CCTV is in use.
Body-worn video camera footage is used for the purposes above and may also be viewed to resolve any complaints against our staff. Body-worn video cameras are activated by staff in certain situations, such as when they feel at risk of harm and in accordance with our body-worn video devices policy. The video cameras are clearly visible, we always warn members of the public when recording is in operation and a light will show on the video camera when it is active.
We also use mobile cameras in fly-tipping hotspot locations where previous attempts to stop it hasn’t worked. These are placed so they cannot be spotted by the public to enable us to catch those individuals illegally dumping waste. Footage is used to identify and prosecute the people involved. In order to make the camera work successfully we do not place signs in the exact location of the camera, but they are in place nearby so people are aware that filming is happening in the area.
We are allowed to use Covert Surveillance, but it has to be authorised by a magistrate. For further details go to our surveillance and investigation page.
Who we will share your information with
We will only share CCTV, body-worn camera and mobile camera footage where we are legally required to do so, or where we are permitted to do so under the Data Protection Act 2018 - for example to support the prevention or detection of crime.
You have the right to request access to the footage you appear in. You can make a subject access request via our website.
How long we will keep your information
Footage used for the purpose of investigating potential criminal acts may be held for up to 6 years after the end of the investigation, in accordance with our Retention Schedule.
City Centre CCTV not required for an investigation or other purposes is stored digitally on a secure server and overwritten after 14 days.
Body worn video (audio and visual) footage is stored securely and will be destroyed after 14 days unless required for an investigation, complaint or other legal purpose.
Communications Team
The Communications Team at Sheffield City Council provides information, alerts and communications about public services and our work with partner organisations. Our communications cover many channels and forms including, digital (such as social media, websites, apps and email) or offline (such as print, direct mail, media – newspapers, radio or television).
Why we collect and use personal data
We collect and use personal data to:
- provide, plan and manage our service
- carry out any other tasks which we have to do by law
- listen to your ideas about our services
- tell you about our services
- evaluate and improve services
We might collect your personal data directly from yourself, from someone acting on your behalf, or from another third party. We might collect this data in person, over the telephone, in writing, electronically, or captured as an image, audio or film recording.
The information we collect is:
- name
- the names of any individual you are acting on behalf of (for example a parent of a child, a carer of a vulnerable adult)
- address
- contact details; names, email and phone number
- photograph/ video
- sound recording
- cookies/ web based technical data
Where communication justifies it, we may collect details of someone’s behaviour, lifestyle, physical or mental health needs.
Lawful basis
In most cases, we rely on “public task” as the lawful basis for processing your personal data. That is, a specific task in the public interest which is laid down by law; or exercising official authority (for example, where the council’s tasks, functions, duties or powers) is laid down by law. We state the specific law, such as on our council’s Records of Processing Activity and, where appropriate, on the privacy notices of relevant services.
Where we process special category personal data, such as information about health, racial or ethnic origin, we do so mostly under reasons of substantial public interest set out in Part 2 of Schedule 1 of the DPA 2018.
Where the lawful basis for processing your personal data is “consent”, we will ensure that we ask for your consent. This may be for the use of your image or a sound recording or to send certain information through email which you have subscribed to receive. You have the right to withdraw that consent at any time by contacting the Communications Service.
Sharing your information
We share personal data within the council and also with external third parties so we can carry out our work. Internal sharing might include checking information with officers to provide an accurate response to enquiries or ensuring availability for location shooting.
External sharing might be to ensure you receive an appropriate response to an enquiry or distribution of communications, such as media releases or social media posts.
We will ensure that only the minimum amount is shared.
How long we keep information for
Information is kept for the minimum period we need to use it for and varies depending upon use.
For example, information held on our email subscriber system GovDelivery is managed by the user and held as long as the subscriber maintains it. Images of people and accompanying consent forms are kept for 2 years. We can provide information on time periods for holding specific data in the service.
Your data rights
You have the following rights in regard to your personal information, to:
- access copies of any records we hold about you
- have any information we hold about you corrected
- have any information we hold about you deleted or destroyed
- restrict how information we hold about you can be used or shared
- object to information about you being held
- have any information we hold about you transferred to a third party
- challenge decisions relating to you made using automated decision making and profiling (currently we have no services that use automated decision making or profiling for decision making)
There may be times that we cannot fulfil these rights because of legal reasons, but we will always explain why and you can appeal to the Information Commissioner if you are dissatisfied with our decision. Also once data has been shared publicly, e.g. media release, social media post, then we can remove that data from our own channels but it will not be possible for us to remove it from third parties.
If you want to exercise any of the above rights, please make a subject access request.
Who to contact about the way your personal data is handled
If you have any queries, concerns or complaints about the way the Communications Team process your personal data, including the way we handle information requests, you can contact the Communication Service (communications@sheffield.gov.uk) or the Sheffield City Council Data Protection Officer.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to contact the Information Commissioner’s Office.
Complaints
This privacy notice tells you what information we will collect and use when you contact us by phone, in person or through any electronic means such as email or online web form.
The categories of personal information that we process include:
- personal information (name, address, phone number and email address)
- financial details
- special categories of personal data which may include information about your health, social care, sexual life or sexual orientation, racial or ethnic origins, religious or philosophical beliefs
- photos / videos and sound recordings where you have provided these
We record telephone calls for training and monitoring purposes.
How we use your information
The information you provide will be used to respond to your enquiries or problems, provide a service you have requested or to investigate a complaint you have made. We will also use your data, without identifying you, to manage our performance and internal service planning.
Our legal basis for collecting and sharing personal data
We collect your personal data because you're asking us to do something on your behalf. We may not be able to do what you've asked us to do if you don't provide us with your personal data.
The legal basis for processing your information for complaints is because it is necessary for the performance of a public task carried out by the Council in the public interest. As a local authority we exercise ‘official authority’ under Article 6(1)(e) of the UK General Data Protection Regulation and Section 8 of the Data Protection Act 2018 because of functions and powers set out in law.
Who we share your information with
Your information will only be used by the Council to respond to your complaints. If we need to share with your information with a third party like the NHS, police or contractors in order to investigate your complaint and provide a resolution, we will seek your consent before doing so.
Sheffield City Council is listed as an authority which can be investigated by the Local Government and Social Care Ombudsman (LGSCO) under section 25 of the Act. We are required under Section 29 of the Act to furnish the LGSCO with any information they may require. This may include the Council producing documents which will process your information to assist with the LGSCO investigation.
Why we share this information
We may share Statutory Complaint data with Investigating Officers, Independent Persons, Designated Persons, NHS or the LGSCO/ Housing Ombudsman, where appropriate. This helps to fully understand a customer’s situation and allows for an independent assessment and decision on the complaint where we have been unable to offer an acceptable response at stage 1 of the process.
We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy.
This does not happen often, but we may share your information:
- to protect a child
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
- in order to find and stop crime and fraud, or if there are serious risks to the public, our staff or to other professionals
Your information will not be used for marketing purposes.
How long we will keep your information
Our complaint record retention schedules are:
Corporate investigation and reviews
- summary/register we will retain for 10 years from the date of closure
- investigation/review documents and correspondence we will retain for 6 years from the date of closure
Statutory Children’s social care
We create an electronic case file for every social care referral or case and may also hold a physical case file. We keep children and young people’s social care files for 32 years from date of birth. This retention will be extended for the following records or social care involvement:
- Child Safeguarding Practice Review, 32 years from date of birth
- Child Protection Plans, 75 years from data of birth
- Children in Care files, 75 years from date of birth
- Child Safeguarding Risk Assessments, 100 years from date of birth
- Local Authority Designated Officer (LADO) notifications, 100 years from case closure
- Safeguarding. Persons posing a risk to children and those cautioned or convicted of offences against children, 100 years from the date of the caution/ conviction
If a child/young person dies before the age of 18 records will be retained for 15 years from their date of death
We are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual. When the Inquiry concludes and we are no longer required to retain all records, our usual data retention rules will be applied.
Statutory Adult Social Care Service investigation response follow up/informal review
- summary/register we will retain for 10 years from the date of closure
- investigation/review documents and correspondence we will retain for 6 years from the date of closure
Ombudsman
This includes premature decisions/referrals, decisions not formally investigated, formal investigations not upheld and formal investigations upheld (including reports):
- summary/register (access database) we will retain for 25 years after the date of closure
- LGO decision letter/statement (no need to save premature decisions) we will retain for 25 years after the date of closure
- background documents/correspondence we will retain for date 3 years unless the outcome includes remedy/local settlement or report in which case we will retain for 25 years from the date of closure
Information security
We have processes in place to ensure the confidentiality of our data and there are controls in place regarding access and use of the data.
Automated decisions
No automated decisions will be taken regarding personal data that is processed for any of the purposes outlined in this privacy notice.
International transfers
We will not transfer any personal data to countries outside of the territorial scope of UK data protection laws for any of the processing activities outlined in this privacy notice.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Concessionary Travel
How we use your information
We process personal data on to our public transport providers such as First and Stagecoach. We do this to issue travel passes for certain school children and disabled persons, and customers have to reach an eligibility threshold for which we need enough information to assess the application to decide if a travel pass can be issued.
The personal data we need depends on whether an application has been made for a school child or a disabled person, but it may include:
- full name, title, address and contact details
- date of birth
- gender
- a photograph and proof of identification
- details of attending school
- evidence of eligibility including any benefit details
- health and medical information
- National Insurance number
In accordance with the General Data Protection Regulations, we process your personal data under Article 6(1)(e) in performance of a public task to fulfil our obligations under the Transport Act 2000 (as modified by the Concessionary Bus Travel Act 2007), and for special category data, Article 9(2)(g) substantial public interest for statutory purposes (Data Protection Act 2018 Schedule 1(6)).
How we share your information
We will share your information with the following parties as part of the process to check your eligibility and issue your travel pass:
- internal council services to check eligibility
- South Yorkshire Passenger Transport Executive to provide and issue the travel passes
- Schools where the travel passes are for school children
We will also share data with enforcement agencies where lawful to do so, for instance to detect or prevent crime. We also share your personal data with the Cabinet Office as part the National Fraud Initiative data matching exercise to detect potential fraud or error.
How long your information will be kept
When you apply for a travel pass, we log your details onto our Customer Relationship Management System and also create an electronic file. The information collected as part of the paper application is held in these files for 3 years or 6 months depending on whether your application is successful or not. Electronic information on your application is kept for 6 years.
What are your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Coroner's Office
The Sheffield Medico-Legal Centre is available to HM Coroner for South West Yorkshire District, for the investigation of sudden, violent or unexplained deaths.
Sheffield City Council supports the Coroner in their judicial duties and provides Reception, Mortuary and Coroner’s Support Services.
The personal data processed under these judicial activities fall under the management and control of the Coroner. The Courts and Tribunal Judiciary has subsequently published a privacy notice to explain how the judiciary of England and Wales processes personal data.
Information held by the Coroner
The Coroner collects information solely for the investigation of deaths that have been referred to them. They hold personal data on two different categories of people:
- The deceased person: In relation to a deceased person, living people can often be identified from the data which is held on a deceased person, for example, the deceased’s next of kin or their doctor or solicitor. It should be noted that the personal information and records directly relating to the deceased are not covered by the Data Protection Act which relates only to living individuals
- Others: We also hold information on many other people that we are in contact with in the course of the Coroner’s work and investigations. This includes family members and next of kin, police officers, NHS staff, solicitors, ambulance staff, pathologists, witnesses and expert witnesses, specialists, jurors, other local authority officers, members of the public and others who are recognised as having a legal interest in a specific case
In both categories personal information including contact details are held. Some of this information may include special personal data. All of this information is held securely.
We manage the electronic case management system that provides the means by which data is processed within the Coroner’s office. Deaths referred to the Coroner are recorded in this case management system. In addition, and where required by the Coroner, a paper record may also be created.
Information shared by the Coroner
At the conclusion of the Coroner’s investigation, next of kin information is shared with the relevant registration service to support the death registration procedure.
The Coroner may also share information and data with various bodies, organisations and agencies, such as safeguarding, law enforcement and suicide prevention services.
The Coroner may occasionally share information with bona fide researchers and academics. Where possible information will be anonymised but, if that is not possible, consent will be requested from the next of kin.
The Coroner may share information with public inquiries set up by HM Government, such as the Fuller Inquiry. It is our duty and intention to cooperate fully with public inquiries and supply information that will assist them.
Retention of information by the Coroner
The Coroner investigation or post mortem records are kept for at least 15 years. In exceptional cases, such as undetected homicides, this can be indefinitely extended.
After this period information relating to inquest cases may be kept in the City Council archive for longer periods if it is considered to be of historical interest. Sheffield City Archives keep information, such as:
- selected inquest case papers, including Treasure Trove
- census year post mortem files – under the guidance of the National Archives Operational Selection Policy OSP 6 (section 6:21) “Records Created by and Relating to Coroners 1970- 2000”
- non census year post mortem files, information of interest eg evidence of industrial disease, accidents or disaster
- registers of Death and Indexes
The Coroner decides on the content of any case file. Information relating to inquest cases is retained in written and electronic format. Information relating to cases that do not require an inquest is only stored electronically.
Data Protection Rights
The Coroner processes personal data for judicial purposes, so the rights of access are limited. If you wish to request information you must write to the Coroner, who will make the decision about disclosure.
If you wish to appeal the Coroner’s decision, you can contact the Judicial Data Protection Panel.
Council Tax
As a Billing Authority for Sheffield, we collect, process and store personal information about you in order to administer and enforce Council Tax. We are authorised to do so under the Local Government Finance Act 1992 and the Council Tax (Administration and Enforcement) Regulations 1992. The processing of your information is necessary for compliance with our legal obligations contained in these Acts.
To carry out our duties, we will use information that you provide directly to us and also information that we are given by third parties (for example, previous house owners, landlords, estate agents etc).
We will usually only collect basic personal data about you, including your name, address and contact details. However, if you apply for a discount or exemption, or there is a dispute about the Council Tax liability for your property, we may need to collect additional information such as details of your household circumstances, or medical information.
If you choose to pay by Direct Debit, or we have obtained a liability order from the Court, we may also collect some financial information from you.
Failure to supply information to us within 21 days of us requesting it, or to notify us of a change which may affect your Council Tax, or to knowingly supply inaccurate information, could constitute a criminal offence for which we may take legal action against you.
Who we will share your information with
The Revenues and Benefits service in Sheffield is run by our third party contractor Capita plc, who process Council Tax data on our behalf. We may also share your information with other Council Services where the law allows us to.
If you owe us money, we will always try to contact you first to make an informal arrangement to pay off any debt. However, where this is unsuccessful, or if you have a history of late payments, we may pass your information onto Enforcement Agents or instructed Solicitors to recover any money owed.
The legislation also allows us to share your information (where appropriate) with other Billing Authorities, the Courts, the Valuation Office and the Valuation Tribunal Service, Employers and the DWP.
We participate in the Cabinet Office’s National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise. This data may then be passed on to other public bodies to investigate any matches.
We also carry out data matching exercises with credit reference agencies to ensure that discounts and exemptions are awarded correctly.
We will not share your information with any other organisations unless required to do so by law.
How long we will keep your information
We will only keep your information for as long as it is required by us or other regulatory bodies in order to comply with legal and regulatory requirements or for other operational reasons. In most cases, this will be a minimum of six years, and we are required to keep some data indefinitely.
What are your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Democratic and Member Services
How we will use your information
In order to provide our Democratic and Member Services, it is necessary for us to collect, store and process personal data relating to members of the public and councillors. This includes:
- publishing agendas, reports and minutes for all council decision making meetings, and background information that informs decision making
- processing petitions submitted to the Council electronically and in writing
- administering school admission appeals on behalf of schools
Member Services and the Lord Mayor’s Office provide support to elected members and the Lord Mayor. You may provide personal information to us so that we can help with enquiries, casework and complaints and respond to the issues accordingly. We also webcast and make audio recordings of decision making meetings.
In order to provide these services we may need to process some or all of the following categories of personal information:
- name
- address
- telephone number
- email address
Under data protection legislation, we are permitted to use your information because we have a statutory duty to make a record of council meetings and decisions available to the public and to process petitions and complaints about elected members.
Information concerning school admission appeals is required to ensure that all appeals and reviews are administered and decisions taken in accordance with the statutory guidance.
Who we will share your information with
Most council meetings are held in public. Agendas and reports for Council and committee meetings are published on our website five clear working days before the meeting.
Minutes and details of decisions are also published on our website as are webcasts and audio recordings. If you have asked a question, presented a petition, or made a representation such as at a Licensing or Planning Committee, some information about you will be included in these records.
The Openness of Local Government Regulations 2014, which apply to England, give rights to members of the press and public to use a range of communication methods such as filming, photography, audio-recording and social media to report the proceedings at the meetings of the Council.
If you create an e-petition on our website, you will be required to provide personal information so that we can contact you about your petition. The information will only be used for this purpose. We may need to pass your details to the relevant service or elected member so they can respond to the issues you raise.
For e-petitions on our website, you will be required to provide personal information either as a lead petitioner or if you wish to sign an e-petition. A schedule of petitions and the action taken is published on our website.
The information collected for school admission appeals will be used to arrange an appeal hearing and will be shared with the Independent Appeal Panel, the Panel Clerk to the Appeal Panel, the School Admissions Team and the school you are appealing against.
Information collected to answer an enquiry or in relation to elected members’ casework will be used to investigate and respond to your enquiry or request.
Information submitted as part of a complaint about the conduct of a member of the Council will be used in the complaints process and the procedure for dealing with complaints about members.
How long we will keep your information
We will keep your information for as long as it is required by us in order to comply with legal and regulatory requirements and in accordance with the retention schedule for Democratic and Member Services.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Electric Van Trial
How we use your information
We process personal data to progress the Electric Van Trial. It enables us to contact business owners or representatives to:
- help them book a timeslot for the trial and
- assist them along the process with regards to owning and operating an Electric Vehicle (EV)
The personal information that we receive, and process may include:
- your personal demographics including your name and contact details
- your role as a business owner/representative
- previous driving history ie mileage
- information about your current fleet of vans
- your opinions on experience of using the electric van
- pre-telematics may also be installed on the organisations existing van before they start the trial, however this is still to be confirmed with the third-party provider upon formal appointment
- telematics data from your use of the vehicle during the two-month trial will also be collected by the third-party provider, this will include:
- - access to ‘Big Change’ Journey Watch telematics data from the vans. The same telematics will be installed in the Organisation’s vans prior to the trial. The data captured will include:
- - live data (map), recording stop start, vehicle speed, usage and idling time
- - reports
- - Journey Report (mileage, driving time, stopped time and idling time)
- - Driver Behaviour Report (vehicle infringements as above, issues a score out of 10)
- - Journey Cost Report (needs a cost per mile entering against the vehicle)
- - Daily Vehicle Utilisation Report (% driving time, total driving hours, idling time, mileage)
- the third-party provider shall be responsible for all monitoring, analysis and reporting of the data generated by the telematics
- case studies on the scheme may also be produced by the third-party throughout the trial at different stages, however this is still to be confirmed upon formal contract award
Under data protection law, we need to have a lawful basis to process personal data. The lawful bases we use are:
- GDPR Article 6(1)(e) processing is necessary for the performance of a public task to increase awareness of greener transport options and thus tackle the climate emergency and protect the health of everyone in Sheffield from the effects of air pollution
- GDPR Article 6(1)(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose. If you wish to provide your views on your experience of using the van, this will be done voluntarily
Who we share your information with
Due to the nature of the scheme and the involvement of an external third-party provider to advise and assist organisations during the duration of each individual van trial, we will share your information with the following third party who has been successfully appointed for the van trial scheme following tender:
- Electric Blue
After each organisation has completed the web-based application form and passed the required eligibility criteria checks, we will then forward the contact details of each eligible organisation to the appointed third-party provider (Electric Blue). This will then allow the third party to contact each business to begin the engagement and advising process on the following items:
- information on their electric van, including the spec, size and telematics
- benefits of using and operating an Electric Vehicle (EV), both environmentally and economically (cost benefits) as opposed to a petrol/diesel
- information of their current van fleet
- the different types of charging available, how to charge and where to charge their vehicle
- all paperwork that the driver/organisation will need to complete ahead of starting the trial, including booking timeslots
- overview of all terms and conditions, including vehicle risk ownership, insurance, accidental damage
- anonymised data findings from the project will be shared with both Sheffield City Council (monthly, mid-trial and end of trial reports) and Highways England (end of trial report) at the end of the two-year scheme via a report
How long your information is kept
The information you provide will be kept for a period of 2 years (the duration of the van trial scheme) after which it will be deleted.
Education: School admission, appeals and exclusions
How we will use your information
We process personal data in order to allocate a school place and to review the admission decisions made that parents or carers are not happy with (eg a child not being placed at a preferred school).
The personal data we process will include the child's:
- name
- address
- age
- gender
- ethnicity
- details of any other siblings at the school
- additional information that may support the application or appeal, eg education attainment, behaviour, medical or health conditions, special educational needs, religious beliefs, etc
We process this information to comply with our legal obligations under the School Standards and Framework Act 1998, School Admission Appeals Code 2012 and School Admissions Code 2014; the Education Act 2002 concerning exclusions.
How we will share your information
The information you provide on your school admission form is shared with:
- the school of choice
- the Department for Education
- other English Local Authorities
- School Transport Service – to assist with determining transport eligibility
- other council departments, health partners and law enforcement agencies to verify information and ensure that the appropriate services are engaged
The information you provide on your school admission appeal form is shared with:
- the school for which you have appealed
- members of the independent appeal panel
- the School Admissions Team
- in the event of a complaint, the Local Government Ombudsman
In the event your child is excluded from school, their information will be shared with:
- Sheffield Inclusion Centre
- allocated school following reintegration back into mainstream
- Independent Review Panels (Appeals)
- Schools Adjudicator, Ombudsman
How long your information will be kept
We keep school admission applications, appeals and exclusions for 2 years from the date the matter is resolved.
Electoral Services
Electoral Services assist the Electoral Registration Officer and the Returning Officer (at an election) or Counting Officer (at a referendum) with their statutory duties.
The Electoral Registration Officer/Returning Officer and Sheffield City Council are registered separately as ‘data controllers’ on the Information Commissioner’s Register of Data Controllers.
This Privacy Notice sets out how the Electoral Registration Officer, the Returning Officer and Electoral Services use your personal data.
Electoral Registration Officer
The Electoral Registration Officer is responsible for compiling and maintaining the register of electors. Together with the Returning Officer, they are the data controller for the personal data collected by Electoral Services. The Electoral Registration Officer for Sheffield is Kate Josephs, the Chief Executive of Sheffield City Council.
The type of information we collect
The Electoral Registration Officer processes personal data about potential and actual electors, building managers/accommodation providers, and staff employed for the purpose of electoral canvassing, including:
- contact details (name, address, telephone number and email address)
- personal identifiers (date of birth, national insurance number)
- nationality
- identity documents and other documentary evidence (if you have applied for a voter authority certificate, if you have applied to be an anonymous voter, if we have asked for more evidence when you register to vote, or if you are employed as an electoral canvasser)
- a recent photograph (if you have applied for a voter authority certificate)
- bank details, national insurance number, tax information and proof of right to work in the UK for staff employed for the purpose of electoral canvassing
- whether you wish to be included in/excluded from the open register
- applications for postal and proxy votes
- business names and contact details for providers of residential care, nursing homes and student accommodation
How we use your information
The Electoral Registration Officer has a legal duty to create and maintain an accurate electoral register. Your information is processed to enable eligible electors living in Sheffield to vote and to administer the electoral nominations and subsequent elections and referendums.
Our lawful basis for processing personal data is because it is necessary for the performance of a task carried out in the public interest (Article 6(2)(e) of UK GDPR) under the Representation of the People Act 1983 and Representation of the People Regulations 2001 (as amended).
Special category personal data is processed for reasons of substantial public interest (Article 9(2)(g) of UK GDPR), for statutory and government purposes (Schedule 1 Part 2 Paragraph 6 of the Data Protection Act 2018).
We occasionally process criminal offence data, for example, if you send us a bail decision record as part of your application for a voter authority certificate, or if you send us court documents as part of your application to be an anonymous voter. Any criminal offence data is processed in compliance with Article 10 of UK GDPR, for statutory and government purposes (Schedule 1 Part 2 Paragraph 6 of the Data Protection Act 2018).
Who we share your information with
The Electoral Registration Officer uses the information you provide to maintain two registers - the electoral register (also called the full register) and the open register.
The electoral register is published once a year and is updated every month and can only be supplied to the following people and organisations:
- British Library and Sheffield Local Studies Library
- UK Statistics Authority
- Electoral Commission
- Boundary Commission for England
- Jury Summoning Bureau
- Elected Representatives (such as MPs, City and Parish Councillors, the Police and Crime Commissioner) and candidates standing for elections
- local and national political parties
- the City Council and Parish Councils within Sheffield City Council’s area
- Police forces, National Crime Agency
- Government departments or bodies
- Credit Reference Agencies
- National Fraud Initiative
- Returning or Counting Officers at an election or referendum
Your information will be shared with the government’s Individual Electoral Registration (IER) Digital Service and the Department of Work and Pensions to verify the identity of applicants for registration and/or a voter authority certificate.
We also need to share your information with our software providers and contracted printers to print household canvass forms, application forms for postal or proxy votes and invitation to register forms.
It is a crime for anyone who has a copy of the full register to pass information from this register on to others, if they do not have a lawful reason to see it.
The full electoral register is available for inspection under supervision by anyone at Howden House. Photocopying/photographing the register is not permitted, but handwritten notes can be made.
Information from the electoral register must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open register. Anyone who fails to observe these conditions is committing a criminal offence. The penalty is an unlimited fine and/or up to six months in prison.
The open register is an extract of the full register, which does not contain the names of anyone who has asked for their details to be removed. It is not used for elections or referenda. It is updated and published every month and can be sold to any person, organisation or company. It can be used by businesses and charities for checking names and address details. Users of the open register include direct marketing firms and also online directory firms.
You can choose whether or not to have your personal details included in the open version of the register. However, they will be included unless you ask for your details to be removed. Removing your details from the open register will not affect your right to vote.
How long we keep your information
We hold personal data in line with the Council’s retention schedule. The retention period varies, depending on the type of record. For instance, we keep election-related records for 12 months, whereas the electoral registers are kept indefinitely.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
A key resource to do this is the electoral register to identify people over the age of 70 years old. It follows that the Electoral Registration Officer, James Henderson, will provide Sheffield City Council with an extract of data from the full electoral register that provides the name, address and post code and date of birth of all the people aged over 70 years old residing in Sheffield.
Sheffield City Council will use the data to make contact with the individuals to determine if they need support during the pandemic for example deliveries of food, essential supplies or medication.
The Electoral Registration Officer shares this data under regulation 107(4)(a) of the Representation of the People (England and Wales) Regulations 2001 (as amended), as necessary for law enforcement.
Law enforcement applies because under the Health Protection (Coronavirus, Restrictions) (England) Regulations 2020 Regulation 6 imposes various legal restrictions on movement outside of the home.
Who we will share your information with
The information you provide is also held in electoral registers which are managed by the Electoral Registration Officer who, using information received, keeps two registers – the electoral register (also called the full register) and the open register.
The electoral register is published once a year and is updated every month and can only be supplied to the following people and organisations:
- British Library and Sheffield Local Studies Library
- UK Statistics Authority
- Electoral Commission
- Boundary Commission for England
- Jury Summoning Bureau
- Elected Representatives (e.g. MPs, City and Parish Councillors, the Police and Crime Commissioner) and candidates standing for elections
- local and national political parties
- the City Council and Parish Councils within Sheffield City Council’s area
- Police forces, National Crime Agency
- Government departments or bodies
- Credit Reference Agencies
- National Fraud Initiative
- Returning or Counting Officers at an election or referendum
We also have to disclose (share) your information with our software providers and contracted printers to print your poll cards, postal vote packs and other electoral material. Your information will be shared with the government’s Individual Electoral Registration (IER) Digital Service and Department of Work and Pensions to verify the identity of new applicants.
It is a crime for anyone who has a copy of the full register to pass information from this register on to others, if they do not have a lawful reason to see it.
The electoral register is available for inspection under supervision by anyone at the Town Hall and Howden House. Photocopying/photographing the register is not permitted, but hand written notes may be made.
Information must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open register. Anyone who fails to observe these conditions is committing a criminal offence. The penalty is an unlimited fine and/or up to six months in prison.
The open register contains the same information as the full register, but is not used for election or referendums. It is updated and published every month and can be sold to any person, organisation or company for a wide range of purposes. It is used by businesses and charities for checking names and address details. Users of the open register included direct marketing firms and also online directory firms.
You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.
How long we will keep your information
We hold personal data in line with the Council’s retention schedule. The retention period varies, depending on the type of record. For instance, we keep election-related records for 12 months, whereas the electoral registers are kept indefinitely.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
Returning Officer
The Returning Officer is responsible for overseeing elections and referenda. Together with the Electoral Registration Officer, they are the data controller for the personal data collected by Electoral Services. The Returning Officer in Sheffield is Kate Josephs, the Chief Executive of Sheffield City Council.
The Returning Officer for local elections is also the (Acting) Returning Officer at a UK Parliamentary election, the Local Returning Officer for Police and Crime Commissioner and Combined Authority Mayoral elections and the Counting Officer at a referendum.
For this privacy notice, Returning Officer means any of the different Returning/Counting Officer titles mentioned above.
The type of information we collect
The Returning Officer processes personal data about electors, subscribers to a nomination paper, candidates and agents, managers of venues used for polling and the verification/counting of votes and staff employed at elections, including:
- contact details (name, address, telephone number and email address)
- chosen voting method
- personal identifiers (date of birth and signature, or waiver status) of postal and postal proxy voters
Information about who has voted is collected, at polling stations and at postal vote opening sessions, to prevent someone voting more than they are entitled to and to provide turn out information.
A person’s vote is not recorded anywhere other than on the ballot paper. At the close of polling, this information is sealed and is not shared with any other person or body unless it is subsequently required as evidence by an Election Court due to an election challenge, which is extremely rare.
Any ballot paper that contains information that identifies a voter is rejected.
How we use your information
The Electoral Registration Officer has a legal duty to share information from the electoral register with the Returning Officer to enable them to run an election, referendum or other official poll. Your information is processed to enable eligible electors living in Sheffield to vote, and to administer the electoral nominations and subsequent elections and referenda.
Our lawful basis for processing personal data is because it is necessary for the performance of a task carried out in the public interest (Article 6(2)(e) of UK GDPR) under the Representation of the People Act 1983, the Representation of the People Regulations 2001 (as amended) and the relevant elections rules and regulations.
Who we share your information with
We need to share your information with our software providers and contracted printers to print your poll cards, postal vote packs and other electoral material.
The Returning Officer is required under electoral legislation to publish an election agent’s name and address in the notice of election agents.
It is a crime for anyone who has a copy of the full register, or any part of the full register, to pass information from this register on to others, if they do not have a lawful reason to see it.
How long we keep your information
The Returning Officer returns all poll documents to the Electoral Registration Officer, who keeps your information securely for 12 months from the date of the poll, as is required by law. Following this period, all poll related documents are securely destroyed.
Recruitment of casual election staff
The Returning Officer is responsible for overseeing elections and referenda. Together with the Electoral Registration Officer, they are the data controller for the personal data collected by Electoral Services. The Returning Officer in Sheffield is Kate Josephs, the Chief Executive of Sheffield City Council.
The Returning Officer for local elections is also the (Acting) Returning Officer at a UK Parliamentary election, the Local Returning Officer for Police and Crime Commissioner and Combined Authority Mayoral elections and the Counting Officer at a referendum.
For this privacy notice, Returning Officer means any of the different Returning/Counting Officer titles mentioned above.
The type of information we collect
If you express an interest in being employed as casual election staff, the Returning Officer will process some personal data about you, including your name, contact details, national insurance number, the role you are interested in, and whether you need any reasonable adjustments.
If a suitable vacancy is found for you, the Returning Officer will need to process more personal data about you, including your nationality, bank details, tax details and proof of your right to work in the UK.
How we use your information
The Returning Officer employs casual election staff to work in polling stations, open postal votes and undertake the count. If you express an interest in being employed as casual election staff, we will use the information you provide to determine whether we have a suitable vacancy for you.
If you are appointed to a role, we will use your information to contact you about the position and let you know any necessary arrangements ahead of the election and on polling day.
We also use your information to ensure that you are paid for the work you do for the Returning Officer.
Under data protection law, we need to have a lawful basis to process personal data. Our lawful basis for processing is because it is necessary for a task carried out in the public interest (Article 6(1)(e) of the UK General Data Protection Regulation). Any special category data is processed for reasons of substantial public interest (Article 9(2)(g) of UK GDPR).
Who we share your information with
If a suitable vacancy is found for you, the Returning Officer will need to share your personal data with Sheffield City Council’s Payroll Service, so that they can pay you.
If you are appointed to a polling station roll, the Returning Officer will also need to share your name and telephone number with the other polling staff you are assigned to work with.
How long we keep your information
Your information is securely stored within the Returning Officer’s electoral software, which is password protected. It can only be accessed by those involved in the appointment of election staff.
If you are appointed to a role, your information will be retained and, subject to there being sufficient vacancies and your performance in the role, you will be offered a job at future elections up to the point when you no longer wish to undertake the role. You can also ask for your name to be removed from our pool of casual election staff at any time by emailing electoralservices@sheffield.gov.uk.
If you are unsuccessful, your information will be retained for a maximum of two years. At that point we will contact you to ask whether you want your information to be retained for a further two years or removed.
Your Rights
If you have any queries, concerns, or complaints about the way we process your personal data, you can contact us at electoralservices@sheffield.gov.uk or 0114 2736 910. You can also contact the Council’s Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner’s Office. For further details, please see ICO: Make a complaint.
Energy Bills Support Scheme Alternative Funding
How we will use your information
As the cost-of-living crisis continues to impact fuel bill and inflation generally, The Department for Business, Energy and Industrial Strategy (BEIS) are providing funds to help with energy costs and to assist those in hardship. Sometimes they ask Local Authorities to deliver these funds on their behalf which means that the Government will share details of those who are eligible for support with us. This is for the purposes of carrying out address verification by comparing the data to our local records such as Council Tax and for providing verification checks.
Personal Data may extend, without limitation, to the following:
- application reference number
- applicant’s name (and any contact details for any third party individual supporting or making the application on behalf of the applicant)
- date application received
- outcome of application and reason for decision-making
Personal Data is made available by BEIS to us in order for us to effect payment to applicants, this includes:
- the applicant’s name
- address
- date of birth
- email address
- phone number and bank details
- relevant contact details of any third party individual supporting or making the application on behalf of the applicant
- other relevant data that may be provided by the applicant (or third party individual supporting the applicant) to any call contact centres operated to support applications to the Scheme
Personal Data provided by us to BEIS as part of our reporting obligations under the Scheme as anticipated in the Guidance includes, without limitation, the following:
- application reference number
- applicant’s name (and any contact details for any third party individual supporting or making the application on behalf of the applicant)
- date application received
- outcome of application and reason for decision-making
- assurance evidence in line with the Guidance (such as bank account details, Council Tax records, UK Driving licence, utility bill, care home invoice, tenancy agreement)
- payment fraud or error, money recovered and subsequent fraud and error reporting
We will obtain information from you if we need to carry out further address verification checks or need to check your bank details.
The BEIS will pass data, including Personal Data, in the form of applications made by eligible domestic energy consumers to us, which we may download from the electronic portal made available to Local Authorities for secure communication of the data. This is in order for us to process payments for the alternate funds.
The Department for Work and Pensions Searchlight system where we need to check qualifiable benefits.
Within the Council, we also hold a number of datasets with personal information, such as Council Tax records and Council Housing records.
Data Matching
We are carrying out data matching for combining, comparing or matching personal data obtained from multiple sources. We are doing this to complete any gaps in information from any one source so that we can accurately identify individuals to support them.
Lawful Basis for Processing
Under data protection law, we have to have a lawful basis for processing personal data:
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Sheffield City Council is a local authority which the BEIS has nominated to distribute crisis funds.
Article 9(2)(g) – processing is necessary for reasons of substantial public interest and fulfils the condition in Schedule 1, Part 2, (6) Statutory etc and government purposes of the Data Protection Act 2018. Sheffield City Council is a local authority which the BEIS has nominated to distribute crisis funds.
Who we will share your information with
Your personal data may be shared with council officers responsible for delivering crisis funds related to the cost of lviing and with BEIS to allow them to:
- conduct quality checks
- monitor and evaluate effectiveness of the Scheme
- prevent fraud
- publish anonymised information for transparency on the use of public funds
Information security
We recognise that the information we are processing is sensitive, and we will store and process your information securely.
We will ensure access to the data is managed, auditable and restricted to those needing to process the data.
How long we will keep your information
We keep your information for as long as necessary, in connection with the subject matter of Processing outlined above, until termination of the Data Sharing Agreement with BEIS, or earlier notification by BEIS, and subsequent completion of the activities anticipated.
Where we have made payments to people, this information is held for seven years.
Family Hubs Privacy
How we use your information
We run Family Hubs across Sheffield to provide services to children, young people and families for the purpose of:
- helping parents and carers develop their parenting skills
- helping parents and carers develop their personal skills, access training and education, and improve their chances of employment
- helping children in their early years to develop and thrive
- promoting the development of healthy lifestyles for children and families (such as the Start Well Programme)
- providing support and maternity care to expectant mothers
- engaging with customers and the community to help us understand what services are needed in the local area to offer best help and advice
- evaluating the work we do to understand how effective and relevant our services are
- working with other organisations to support the health and wellbeing of children, young people and families
We need to process personal data to carry out these activities, which will include your information and, where appropriate, your child’s:
- name, address, contact details, age and date of birth
- ethnicity, language, disability, health and lifestyle information
- employment information about parents and carers
- general health information like GP, dentist and allocated health visitor details
We process this personal data to fulfil our legal duties in accordance with the Children’s Act 1989 and Children’s Act 2004, the Childcare Act 2006, Children and Families Act 2014, and the Education Act 1996. For the purposes of the General Data Protection Regulation, the Article 6 condition is necessary to fulfil a public task. The Article 9 condition is 9(2)(g) substantial public interest for statutory purposes.
How we share your information
We may share your information, to ensure that you and your family are being offered the services you are entitled to. We will only ever share personal information with third parties who are legally entitled to it.
We may share your information with:
- internal Sheffield City Council departments (such as providing education, health and support services)
- NHS Children and Maternity Services (including Health Visitors, Perinatal Mental Health support services, Speech and Language services)
- contracted organisations who deliver services on our behalf (such as LIGHT, ZEST)
- anonymised data will be shared with Government departments – Department for Health and Social Care, Department for Education and Department for Work and Pensions
There are times when we have to share information about you if you are at risk from others or you are a risk to others.
How long your information will be kept
We collect this information from you when you register with us or we get your information from someone who refers you to us for support. This could be from Health Visitors and Nursery Nurses, which can be by email, post, telephone or online.
When we get this information, we create a customer record.
In terms of the personal details provided as part of the Family Hub registration process, these will continue to be held by SCC as the Local Authority, until the child is 25 (or 26 if they started receiving our support aged 17) or their 32 birthday if they have Special Educational needs.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint, contact our Data Protection Officer.
Finance: Business Rates
How we will use your information
We collect and process personal data to collect and administer business rates and, where eligible, the assessment and application of business rate exemptions and rate relief.
The personal data needed to do this includes the account holder’s name, property details, contact details and evidence to support exemptions and rate relief.
This processing is necessary as part of our legal duty to collect business rates under the Local Government Finance Act 1988 (and any subsequent legislation).
Who we will share your information with
We will share your information with:
- Capita, who we have contracted to help collect and manage business rates
- Business Improvement District, for the purpose of setting up and administering such districts
- other local authorities and government departments to validate rate relief and exemptions
- enforcement agencies and debt recovery agents to prevent, detect and prosecute crime and recover arrears and debts
We may also obtain information from third parties, such as an agent, a former occupier, Companies House or Land Registry.
How long we keep your information
We will keep your personal data for as long as we are required to do so under relevant legislation or in accordance with our operational requirements. Financial records are held for 7 years, however, where there are debts or arrears we keep the records until they have been paid in full.
Finance: Housing Benefit, Council Tax and Discretionary Housing Payments
How we will use your information
We process personal data to provide Housing Benefit, Council Tax Support Discretionary Housing Payment and assistance from the Council Tax Hardship Scheme.
The information we process includes data about you, anyone who lives with you, and your financial circumstances and sometimes health information.
This processing is necessary, so that we can comply with our legal obligations under the Social Security Administration Act 1992, Local Government Finance Act 1992, Council Tax Reduction Schemes (England) 2012 and the Discretionary Financial Assistance Regulations 2001 (and any subsequent legislation which applies).
Who we will share your information with
We will share your information with:
- third parties we contract to support our Housing Benefits and Council Tax Services
- with internal council services to provide better customer services, check entitlements (ie free school meals), and keep our records up to date
- government bodies such as the Department for Work and Pensions (DWP) and HM Revenues and Customs (HMRC), other local authorities, enforcement agencies and debt recovery agents, where necessary
We also share data with the Cabinet Office for the purposes of the data matching exercise called the National Fraud Initiative. The purpose of the exercise is to detect fraud and error. The Council is legally required to participate in this exercise.
Information received from third parties
We may obtain information about you from other third parties such as DWP, HMRC, your landlord/ letting agent or a support worker.
We sometimes need information about people other than the person who has applied for a benefit to work out what that person is entitled to. For example, where a person makes a claim for Housing Benefit or Council Tax Support, we need information about other people who live in the same household to work out how much the person will be paid, and we may obtain information about them from other third parties such as DWP or HMRC.
How long we will keep your information
We will keep your personal data for as long as we are required to do so under relevant legislation or in accordance with our operational requirements. Benefit claims, entitlements or reductions are generally held for 7 years after a claim has finished, however, where there are debts or arrears we keep the records until they have been paid in full.
Finance: Insurance and Risk
Why we are collecting and processing your Information
We collect the personal data of individuals who have submitted compensation or insurance claims. This is required to manage the claims handling process, including the detection and prevention of fraud. We are also required to keep records of claims for the purposes of purchasing insurance.
What information we will collect
The information we collect may include names, addresses, dates of birth, medical / health data and contact details eg telephone numbers and email addresses, Financial Information, Human Resources Records, and Social Care Records.
If we are unable to collect and process this data we would not be able to accept and deal with compensation or insurance claims submitted to us.
How we will use your information
As part of our claims investigations we may contact other organisations who are able to provide us with information to support this process.
The Council has a Legitimate Interest in processing your personal data in order for us to assess your claim and for the prevention and detection of fraud. This is the legal basis on which we process your data. You have the right to object to the processing of your data on the basis of Legitimate Interest.
We will not share your personal data with any third party for the purpose of marketing services or activities.
How will we share your information
Your personal information will only be disclosed to third parties, where we are obliged or permitted by law to do so. This includes use for the purposes of claims administration as well as checking with organisations and third party managed databases used to help prevent fraud / crime, and to regulatory bodies for the purposes of monitoring and / or enforcing our compliance with any regulatory rules / codes.
We may share and receive your information with / from third parties including:
- legal advisors eg solicitors, counsel
- insurance companies
- law enforcement agencies eg police
- courts
- central government gepartments eg Department for Work and Pensions, National Fraud Initiative, DVLA
- medical services eg NHS and GPs
- providers of services to the Council for assessment of insurance claims e.g. loss adjusters or motor engineers
- other central / local Government Departments
All data shared with third parties will be done via secure, encrypted methods and all data will be held securely.
How long your information will be kept
We will retain paper copies of claims records for 7 years from the closure of a claim (or for children, the year in which they reach the age of 21). Electronic records will be kept for up to 60 years.
We will only retain information outside these periods if required to do so eg for the purposes of a public inquiry.
Food Safety and Food Business Registration
Our Food Safety Team and Environmental Health Service process personal information to register food business establishments. The purpose of registration is to provide us with information about the size and nature of food businesses within our area so that we can target our inspection and education activities. It is an offence not to register a food business or to give false or incomplete information.
What data we collect
The personal data we collect includes:
- business name, address and contact details
- name and home address of the proprietor or operator
- manager name and contact details, if different from operator
We process this personal data to help compliance in the food industry, in particular in accordance with the Food Safety Act 1990, the Food Safety and Hygiene (England) Regulations 2013, and the Health and Safety at Work, etc. Act 1974. For the purpose of the General Data Protection Regulations, the personal data is processed as part of our legal obligations and performance of a public task under Article 6(1)(c) and (e).
How we share your information
As a local authority we are required to keep a public register detailing the trading name, address, and type of food business that is registered with us. Apart from this, all the remaining information provided on the registration form is confidential and can only be revealed to an authorised officer from another local authority or to the police or other similar bodies for the purposes of investigating a potential crime.
Food hygiene ratings awarded to most food business establishments and the details of the hygiene rating is shared with the Food Standards Agency. These ratings are publicly available at https://ratings.food.gov.uk/.
How long your information will be kept
We keep a register of all food business establishments and a corresponding case file for all records related to complaints, food hygiene inspections, ratings and enforcement action. Retention varies, but is generally 6 years from the last action.
Fostering Privacy Notice
How we use your information
Our Fostering Service approve, train and support foster carers to take in children in care and provide them with a home.
To do this we have to process personal data about the foster carers to ensure the carers and the children we intend to place are safe and it is a suitable match. As a minimum, we need to process the following information about the prospective carers:
- name, address, contact details, date of birth, gender, language
- ethnicity, disability, religion and medical information
- family network and relationship information
- education, employment and financial information
- assessments and approvals for suitability to foster children (including DBS checks)
- bank details, National Insurance number
We process this information in accordance to our legal obligations under the Fostering Services (England) Regulations 2011, Fostering Services Regulations 2002, and Children’s Act 1989. We process the special category (sensitive) information, to provide social care, which is covered under the General Data Protection Regulations Articles 6(1(e) and 9(2)(h).
How we share your information
As part of the application process, we share information with third parties to assess the applicant’s suitability, which will include:
- our internal services
- other local authorities
- past and present employers
- schools
- friends and family members
- health agencies
- Fostering Panel, external Fostering Agencies
As an approved foster carer, we may share and exchange information with the Fostering Panel, fostering agencies, Inland Revenue, OFSTED, health agencies, schools, other local authorities.
We will also share personal information with law enforcement or other authorities where permitted by law and provide data to the Cabinet Office for the National Fraud Initiative, which aims to match data to detect fraud and error.
How long your information will be kept
We create a case record for each foster carer applicant (including approved carers, unsuccessful applicants and applicants that withdraw from the process), which holds the information obtained as part of the application, background checks and assessment, decisions and outcomes.
The case files for approved foster carer files are kept for 75 years from the date they cease to be a foster carer. Finance records are kept for 7 years from the date they are created.
The case files for applicants that were not approved or who withdrew from the process are kept for 10 years.
However, we are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual Abuse (aka the ‘Goddard Inquiry’). When the Inquiry concludes and we are no longer required to retain all records, our usual data retention rules will be applied.
What your rights are
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Free School Meals
Free School Meals are a statutory benefit available to school-aged children from families who receive certain qualifying benefits. Younger children may also be eligible for Free School Meals if they attend a local authority nursery school or nursery class and attend full days.
Sheffield City Council administers the Free School Meal scheme for eligible children in Sheffield on behalf of the Government. We also provide food vouchers (from the Household Support Fund) to ensure families of children who are eligible for free school meals during term time are able to purchase food during the holidays to replace the meals their child would have received during the school day.
How we will use your information
We need to collect your personal data in order to provide these services, which may include:
- your contact details (name, address, telephone number and email address)
- details about you (date of birth, national insurance number and gender)
- details about your child (name, date of birth, gender, school and year group)
- if you have declared a partner on your claim for benefits we may also use details about them (date of birth, national insurance number and gender) to ensure we have matched the correct family on our systems
If you apply for a Free School Meal online, you provide this information to us directly. Someone else (for example school staff, a social worker, your GP or CAB) can also apply on your behalf.
We also carry out a data matching exercise each year to identify children who might be entitled to Free School Meals. Further information about this can be found here.
We use your personal data to:
- check whether your child is eligible for Free School Meals
- notify your child’s school of their entitlement to Free School Meals
- provide food vouchers to support families during the school holidays
- deal with any complaints or concerns
- detect fraud and protect public funds
Under data protection law, we need to have a lawful basis to process personal data. We are required by law to provide Free School Meals to eligible children in Sheffield under Section 512 of the Education Act 1996. As a result, our lawful bases are:
Processing is necessary for compliance with a legal obligation (Article 6(c) of UK GDPR)
Processing is necessary for performance of a task carried out in the public interest (Article 6(1)(e) of UK GDPR)
Who we share your information with
We will share information with:
- your child’s school or early years provider to let them know that your child has been awarded a Free School Meal
- The Department for Education’s Free School Meals checking service
- if you move to a different local authority, we may also need to share information with them (this is to confirm that your child was awarded Free School Meals in Sheffield)
How long do we keep your information for?
We hold personal data in line with the Council’s retention schedule. We keep your personal data as long as your child remains eligible for free school meals, and then for a further six years. We need to keep your information for this long to comply with anti-fraud legislation.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
Your Rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint, contact our Data Protection Officer through dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to contact the Information Commissioner’s Office.
Freedom of Information and Data Subject Access Requests
How we use your information
We process your personal data to log and respond to information requests under the laws that allow you the right to access recorded information, environmental information and your own personal information.
The information we need varies depending on your request.
A request for recorded or environmental information under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 means we need to collect your name and address (which may be a postal address or email address).
A request for your own personal data, also known as a Subject Access Request, under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 means we need to collect your name and other details that will help us to verify your identify and locate the information held. This may include copies of your identity documents, customer reference numbers, service history, etc.
The legal basis for processing this information falls under GDPR Article 6(1)(c) and, for Subject Access Requests, Article 9(2)(g), because it is necessary for us to comply with our statutory obligations under Freedom of Information, environmental information or data protection laws.
How we share your information
We share your information internally with the services that handle your request to allow searches to take place and to gather the relevant information.
We may have to share your personal data with third parties when handling Subject Access Requests if the information we hold belongs to another organisation and we need to consider if they have concerns about disclosure.
We may also be asked to share information with the Information Commissioner’s Office (ICO) if they investigate the handling of a request. The ICO is legally entitled to obtain unredacted copies of the information we hold.
We produce statistics for the number of requests we receive and the number responded to within the statutory deadline, but this data is not personal data.
Please see our Subject Access Requests webpage for information on using a 3rd party portal to make online subject access requests and the exchange of your data with 3rd party information request portals.
How long your information be kept
When we receive a request from you, we create an electronic case file and log the request on our tracker. We keep Freedom of Information and Environmental Information Regulations requests for 3 years from the end of the financial year the case was closed, unless a request relates to the management of street trees, in which case records are kept for 6 years from the end of the financial year in which the case was closed.
We keep Subject Access Requests for 3 years, unless a request relates to social care records, in which case records are kept for 7 years from the end of the financial year in which the case was closed.
Requests involving the Information Commissioner’s Office are kept for 6 years from the end of the financial year the case was closed.
Gleadless Valley Regeneration Team
The Gleadless Valley Regeneration Team is a council team that falls under Housing and Neighbourhood Services, focused on the delivery of the Gleadless Valley Masterplan. The team has different focuses within the Gleadless Valley Masterplan, looking into Housing, Greenspace, Services and Facilities, and Employment and Skills.
When we collect personal data, we are required to make sure you are clear on what data we need and why, what we intend to do with it, what your individual rights are, and who you can contact for enquiries or concerns about the use of your personal data.
How we collect information from you
Information may be collected when you make contact with us, for example, when you email or telephone.
We will sometimes make contact with you to provide services, to find out what your needs are, to check on how we are doing or to share information. This may be done in a number of ways including by letter, email or making a personal visit.
The information we collect from you
We need to collect and process some personal data about you, such as your name, address and contact details. However, we may also process special category personal data (such as details of your medical conditions or disabilities) if you include this information as part of your query.
How we use your information
We use the information that you have given us in order to:
- provide updates on the Regeneration of Gleadless Valley and the Masterplan, and ensure that you are kept informed on changes in the area
- discuss your queries relating to the Masterplan
- support with advice and options that may be available to you if you are affected by works in the Masterplan
- support referrals to other services where appropriate (with your consent)
- support residents with getting involved with local volunteering programmes
The majority of the personal data we process is provided to us directly by you. However, we may also receive personal data about you indirectly, for example, from a family member or friend, or from other Council services, such as the Neighbourhood Housing and Estates Team.
We may share this information with other Council services where we have a duty to do so, for example, Housing Solutions for homelessness assistance.
Under data protection law, we need to have a lawful basis to process personal data. Our lawful basis for processing is because it is necessary for a task carried out in the public interest (Article 6(1)(e) of the UK General Data Protection Regulation). Any special category data is processed for reasons of substantial public interest (Article 9(2)(g) of UK GDPR).
How we store your information
Your information is securely stored. All personal data provided to the Gleadless Valley Regeneration Team is stored on the Council’s IT system in password protected database. Only staff in the Gleadless Valley Regeneration Team can access this information.
Your personal data will be stored for 6 years after our last contact with you. We will then delete your information from our database.
Your data protection rights
Under data protection law, you have rights in respect of your personal data. For more information, please see the Council’s general Privacy Notice at www.sheffield.gov.uk/privacy.
If you have any queries, concerns, or complaints about the way we process your personal data, you can contact us at enquiregleadlessvalley@sheffield.gov.uk or 0114 273 6369. You can also contact the Council’s Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner's Office. Their contact details can be found at https://ico.org.uk/.
Graves Park Animal Farm
How we will use your information
Graves Park Animal Farm is a small farm park run by Sheffield City Council. The farm also runs several popular events each year, such as Sheffield’s biggest Easter Egg Hunt, Family Fun Days, themed “dinosaur” weeks, Pumpkin Picking, and a Christmas trail.
We process your personal data in order to provide services to you, for example, if you have booked to attend one of our events, if you want to sponsor one of our animals, or if you make a contactless donation.
We collect personal data in order to provide these services, which may include:
- Your name and contact details (if you book to attend an event or if you sponsor one of our animals)
- Your payment card details (if you make a contactless donation)
CCTV cameras are used on site to help ensure the safety of our visitors and our animals. The footage collected may capture sensitive personal data, including:
- Your racial or ethnic origin
- Your political opinions
- Your religious or philosophical beliefs
- Details about your health
- Your sexual orientation
We use this information to:
- Deliver fun and engaging events for our visitors
- Raise additional funds for the farm
- Prevent and detect crime
- Ensure the safety of our visitors and our animals
Under data protection law, we need to have a lawful basis to process personal data. Graves Park Animal Farm will rely on one of the following conditions:
- Processing is necessary for the performance of a contract (Article 6(1)(b) of UK GDPR). This will be the case if you have booked to attend an event with us, or if you sponsor one of our animals
- Processing is necessary for the legitimate interests of the farm (Article 6(1)(f) of UK GDPR. This will be the case if you make an contactless donation to us.
Our lawful basis for processing special category personal data is because there is a substantial public interest (Article 9(2)(g) of UK GDPR), on the grounds of preventing and detecting unlawful acts (Schedule 1 Part 2 Paragraph 10 of the Data Protection Act 2018).
Who we will share your information with
Your personal data is shared internally with staff at Graves Park Animal Farm where this is necessary for the performance of their roles.
If you book an event online, your personal data will be shared with the online ticketing platform.
If you make a contactless donation, your payment card details will be shared with our payment provider.
On occasion, we may have a duty to share your personal data with:
- The emergency services and healthcare professionals for your vital interests and safeguarding
- The Police and other law-enforcement services for the prevention and detection of crime, or where we are required to do by a Court Order
Apart from where previously stated, we do not pass your details to third parties unless we are lawfully required to do so.
How long we will keep your information
We hold personal data in line with the Council’s retention schedule. If you attend one of our events, we will keep your personal data for up to six years. If you sponsor one of our animals, we will keep your personal data for up to two years. We keep records of contactless donations for seven years, to comply with the Charities Act 2011.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
Your rights
If you want to request a refund for an event booked online, you can do this through the online ticketing platform.
If you want to request the refund of a contactless donation, please contact parksandcountryside@sheffield.gov.uk
If you have any queries, concerns, or complaints about the way we process your personal data, you can contact the Council’s Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner’s Office. For further details, please see https://ico.org.uk/make-a-complaint/
Highways: Automatic Number Plate Recognition
How we use your information
Our Traffic and Highways Service use Automatic Number Plate Recognition (ANPR) cameras to capture vehicle registration numbers of vehicles driving in Sheffield to:
- monitor trends in traffic flows in Sheffield
- help assess real time changes to the traffic signal timings on the transport network in Sheffield
- provide traffic count data at key sections of the highway network in Sheffield to aid decision making about future transport schemes.
- provide data on traffic flows to aid decision making about future non transport infrastructure developments
- provide information on journey times to drivers through our Variable Message Signs across the city
As part of the Clean Air Zone Programme, this ANPR data has been used to assess the frequency of vehicles entering Sheffield and the vehicle engine type so that emissions can be accurately modelled and the response to the suggested mitigation.
The ANPR cameras are in fixed locations and read a vehicle’s registration plate as the vehicle passes the camera. Optical character recognition software reads the text and converts it into a text file, which is transmitted to the Council’s Urban Traffic Control network as well as to the South Yorkshire Police network.
The ANPR captures the following data in an unhashed text file:
- vehicle registration Number
- date and time of journey
- physical location and direction of travel can be established with knowledge of the camera location
These ANPR cameras do not take images of the vehicle, the driver or its occupants.
The data collected by ANPR cameras is personal data.
Vehicle registration numbers are unique Identifiers and can be used, with the addition of further information, to identify the Registered Keeper of the Vehicle; however, the Traffic and Highways Service does not have access to information that would enable them to identify the Keeper, the driver or the passengers of the vehicle and has no reason to do so.
Under data protection law, we process the personal data under article 6(1)(e) processing is necessary in the performance of a task carried out in the public interest, that task being to manage highways in accordance with the our obligations under the Traffic Management Act 2004.
We have ANPR cameras to enforce parking and bus lane restrictions, but these are managed by our Parking Services and you should see our Parking Enforcement Privacy Notice on this page.
Who we share your information with
The ANPR cameras were installed as part of an Intelligent Traffic Systems project promoted by the South Yorkshire Integrated Transport Authority (ITA) involving Sheffield City Council, Doncaster Metropolitan Borough Council, Rotherham Metropolitan Borough Council, South Yorkshire Police, and South Yorkshire Fire and Rescue.
ANPR data was originally used by Authorities in the Partnership and Passenger Transport Executive (PTE) for traffic and transport management and planning purposes. The ANPR facility is still used by SCC, and indirectly PTE for same purpose. Rotherham and Doncaster still have access to data but make less use of it. South Yorkshire Police also receive the data and process it for law enforcement and community safety purposes as part of their duties to prevent and detect crime and apprehend and prosecute criminals.
We also shared data from a limited number of cameras with the Government’s Joint Air Quality Unit (JAQU). They have used DVLA database to link vehicle registrations to the Euro Emissions rating of that vehicle as part of the Clean Air Zone Programme.
How long we keep your information
We hold ANPR data for 12 months.
The data is held on a Council Server and is extracted into CSV format and used by Traffic and Highways officers to analyse traffic flows and journey times.
The data held on the server and the data extracts are deleted after 12 months
Housing and Neighbourhoods
How we will use your information
Our Housing and Neighbourhood Service provides a range of housing services to council tenants, prospective tenants on the housing register, leaseholders, social and private landlords.
These services include letting, managing and maintaining council houses, carrying out repairs, inspections and enforcement action, collecting rents and other income, providing temporary accommodation, homelessness service, and supporting independent living though housing provision, advice and guidance. We will also use the personal data of our tenants to test upgrades to our case management systems. This will always be in secure test environments, and we will delete the information when the tests are complete.
We need to process personal data to carry out these services that may include:
- name, address and address history, contact details, date of birth
- ethnicity, religious beliefs
- physical and mental health needs and medical history
- financial circumstances, employment and benefits
- details other householders e.g. dependents or cohabitees
- criminal offence history
We only use your information where it is necessary to do so to comply with our legal obligations, notably under the Housing Acts, Homelessness Acts, Crime and Disorder Act 1998 and the Housing Health and Safety Rating System Regulations 2005. If consent is needed, we will make that clear before we start processing.
Who we will share your information with
Your data within the Housing and Neighbourhood Service may be shared with other council services and some other housing providers, in order to manage our relationship with you and help us to deliver the best services we can.
We share your data with contractors that we engage to maintain your property and partner agencies, and where required we will share your data with children and adult services, and health and medical teams.
We use RentSense software to identify accounts which are in arrears and may require some form of intervention from the staff in our Income Management and Financial Inclusion Team.
We may also share your details externally where we are lawfully required to do so for the prevention and detection of crime, adult and child safeguarding and fraud, or for the collection of taxes or debt owed to this or another authority.
If your household has entered a new social housing tenancy after 1989, social housing providers would have shared your personal information with the Government for research and statistical purposes at the time you entered the tenancy.
We may also share aggregated data for research and statistical purposes.
The information is provided via CORE (COntinuous REcording). CORE was set up in 1989 and initially only recorded data from private registered providers but from 2004 local authority lettings are also recorded. It collects information on the tenants/buyers, tenancy/sale and dwelling itself. The Ministry of Housing Communities and Local Government (MHCLG) has been responsible for the management of CORE since October 2015, including ensuring that all data is processed in line with Data Protection legislation.
How long we keep your information
We shall keep information about you whilst we have a relationship with you and for up to ten years after this, but specific retention periods will vary depending on the services provided.
CORE (Continuous Reading) Privacy Notice
Green Fingers garden competition - privacy statement
The information you provide to enter the Green Fingers Garden Competition will be:
- used to check you are eligible to take part in the competition
- to contact you about the results
- for us to publish your name if you are awarded a prize
Entry is by consent, so the information you provide is processed with your consent and used in accordance with the competition rules. We keep entrant details for two years, after which they are deleted.
If you are a winner and accept the prize, the competition rules require that you take part in publicity, including photography, filming and a press release.
Housing and Neighbourhoods: New Build Tenant Surveys
How we will use your information
The Housing Growth Service are undertaking an evaluation to better understand tenant experience and satisfaction with our new build Council homes. This will help shape our future new build programme, as well as highlight areas where we may need to improve the services we provide.
To support this work, a number of household surveys (both online and face-to-face) will be undertaken. This will provide us with a range of important information which we wouldn’t otherwise be able to collect.
We need to collect and process the following personal data and household information to carry out this activity:
- name, address, postcode and email address of the lead tenant
- household information
- satisfaction, quality and experience of living in their new home
- satisfaction, quality and experience of the service received from the Council
- energy usage (through meter reading information)
Involvement is on a voluntary basis. If you take part in a survey or interview with us, we will ask you to give your consent either electronically, by signing a form or by asking you to tell us that you are happy to take part first. You can change your mind, even after the research has finished.
Who we will share your information with
Your information will primarily be used by us. We will only ever share and publish information in an anonymised form, which means that you and your responses cannot be identified.
On occasions our developer partner(s) may ask us to include question(s) in our surveys. Where this is the case the name of the developer will be clearly stated alongside the specific question(s) in the survey. Responses to these questions will be voluntary and we will only ever share information in an anonymised form.
How long we keep your information
We will retain your personal data which you provide on the survey form for up to 5 years. Anonymised data will be retained for a minimum of 10 years.
Human Resources
We use your information if you are an applicant, offered a job with us, are an employee, casual worker, apprentice, trainee, on a work placement or are a former employee. We also collect and use the personal information of agency workers who work for us.
Recruitment
When you apply for a job with us, we need to collect enough information about you to determine your suitability against the job description and person specification.
We ask for the following information:
- personal details – name, address, email, telephone, date of birth, and national insurance number
- employment history
- qualifications, professional memberships and training
- information to assess your suitability for the job
- equalities information and criminal record information
- declarations and referees
- if you are seconded to another organisation during the course of your employment with us, we will need to share some personal details in order to support your secondment
If you are shortlisted and attend a job interview, you will be asked to provide evidence of your identity, right to work, qualifications and professional registrations. During the interview and any assessment activities, information will be gathered to inform the decision.
If your job application is unsuccessful, we will delete all the identifiable information that you have given us after six months. The equalities information you provide is anonymised and used to create and publish an annual statistical report on recruiting for a diverse workforce.
Working for us
If you are offered a job or when you start working for us, we will collect and process your information to start you in work and for us to meet our legal duties as an employer:
- personal details – name, address, email, telephone, date of birth, national insurance number, emergency contact details, and your nationality
- suitability for the role – your identity documents for eligibility to work in the UK, qualifications which are essential for the role, Disclosure and Barring Service Checks and other checks for roles involving children and vulnerable adults, professional registrations, employment and personal references, declarations of conflicts of interest and memberships of certain societies and, for certain posts, memberships of political organisations
- financial Information – bank account, information on previous employment, student loan for tax purposes, trade union, health subscriptions and other deductions
- terms and conditions of employment – your pay and your benefits - such as pension, your working hours, continuous service
- details of your working patterns - days of work and working hours - and attendance at work, including your whereabouts to support you with lone working and Council vehicle usage etc, health monitoring for specific roles, access and use of Council buildings, property and ICT
- information about medical health conditions including whether or not you need any reasonable adjustments, GP reports and Occupational Health assessments
- details of periods of leave taken by you including holiday, sickness absence, family leave, employee led schemes and the reasons for the leave
- assessments of your performance including appraisals, performance reviews and ratings, learning, development and training you have participated in, performance improvement plans and related notes
- details of any disciplinary or grievance procedures in which you have been involved including any warnings issued to you and related notes
- equal opportunities monitoring information
- if you are seconded to another organisation during the course of your employment with us, we will need to share some personal details in order to support your secondment
Your information will be held as part of your HR personal record for employment purposes.
Why we are allowed to use your information
We will use your personal information for a number of purposes in relation to the performance of your employment contract and when we have a legal duty to provide this information.
Where we are using your information outside of our contractual relationship and where we are not conducting a task in the public interest, then we will consider each data request carefully and make sure that this use of your data has a legitimate purpose or is carried out with your consent.
We have a legal obligation to check criminal records for roles involving or connected to working with children and/or vulnerable adults.
We also collect and use ‘special category’ personal data, which is more sensitive data and needs more protection. This is our equalities monitoring information. We collect this to monitor how well we are recruiting, retaining and developing a diverse workforce, and to ensure that our HR processes are fair and do not have an adverse impact on particular groups of employees. You are asked to complete this information but can select a ‘prefer not to say’ option.
Where your information is collected for any employee well-being programmes or benefit schemes, your explicit consent will be requested at the point that you gain access to the schemes. Please note that you share responsibility for the accuracy of your personal information. Please use our HR system to update your information or notify Human Resources.
How we share your information
Your information will be shared with the Human Resources team, your line manager, other relevant Council staff and Elected Members, and third parties for the legitimate reasons described above and for the following purposes:
- for recruitment, we will routinely share your information with managers and, depending on the role, with third party assessment centre providers and partners such as the NHS or police
- to obtain pre-employment checks such as references from former employers, other organisations or professionals
- to undertake necessary criminal records checks from the Disclosure and Barring Service for eligible roles
- providing payroll services, including providing information to South Yorkshire Pensions Authority for auto-enrolment and for administration of the Council’s pension scheme, or providing information to other relevant pension providers. You will have the choice to opt out of these schemes
- in some cases, it may be necessary for us to share your information with Occupational Health Providers to carry out a pre-employment health assessment and obtain any reasonable adjustments assessments and occupational health reports
- determining eligibility and appropriate level of study for training programmes and courses, such as apprenticeships, and evidencing attendance at training courses and programmes to maintain your Continuous Professional Development
- providing information as legally required to HMRC, pensions agencies, the Student Loans Company, government agencies, the Health and Safety Executive or the courts
- providing statutory government returns for example the Skills for Care National Minimum Dataset Statutory Return, the Children’s Social Work Workforce Return, and the School Workforce Data Return
- prospective future employers, landlords, letting agents, or mortgage brokers where you have asked them to contact the council to seek a reference
- if you are seconded to another organisation during the course of your employment with us, we will need to share some personal details in order to support your secondment
How long your information will be kept
The retention of HR information varies. It is common for HR files to be kept for 6 years after the person has left the Council’s employment, but there are exceptions to this, for example, timesheets and disciplinary records are kept for less time, whereas training and health records can be kept for up to 40 years.
ICELSS: Privacy Statement
Who we are
The Integrated Community Equipment Loans Service Sheffield (ICELSS) is run by Sheffield City Council (SCC) and uses information that you give to us to ensure you are provided with the suitable equipment you have been assessed for in your home.
We collect information from you when you visit our website; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.
How we will use your information
We collect different types of information about you; this could be basic personal information (for example your name and address), or more sensitive information, for example, information about your health to help ensure you receive the correct equipment for your needs and it is serviced and repaired when required.
The information that we collect needs to be processed to meet our statutory duties to you, as outlined in legislation such as the Care Act 2014, Mental Capacity Act 2005, and Human Rights Act 1998.
Who we will share your information with:
- We will share your information with the following:
- NHS Sheffield Clinical Commissioning Group (SCCG) – the CCG jointly commissions and works in partnership with SCC to provide the equipment service.
- Medequip – are the organisation commissioned to provide the equipment and associated activities such as equipment repairs and planned preventative maintenance on behalf of the SCC and SCCG.
- Other NHS organisations – for example, the hospital where you may have been treated, or a District Nurse based in the community.
- Care providers that are or will be providing you with care in your home or another location such as a care home.
- Members of your family
- Other Councils or Clinical Commissioning Groups – for example if you live in Sheffield but were treated in Rotherham, we will share information to ensure equipment is provided appropriately.
- Professionals from third party organisations such as a housing association or charities where they support our work or are supporting you.
- The Council can share information as necessary on a one-off basis where a Data Protection Exemption applies, for example, when sharing information with the Police to prevent or detect crime, or for safeguarding purposes. Where an exemption applies, we do not need tell someone that their personal information is being shared.
How long we will keep your information
Service user records will be kept in line with legislation or as a minimum as follows:
Adults: for eight (8) years after all equipment has been returned by the relevant Customer.
Children: until the child is twenty-five (25) years old if they do not continue being a Customer of the Service.
What are your rights
You have rights under Data Protection law. For further details about your rights, the contact details of our Data Protection Officer and your right to make a complaint please see our Data Protection web page.
or email the Data protection Officer dataprotectionofficer@sheffield.gov.uk
* The Council can share information on an ad-hoc, one-off basis where a Data Protection Exemption applies, for example when sharing information with the Police. Where an exemption applies, we do not need to explain this to the individual.
Infectious Diseases and Food Poisoning Investigations Privacy Notice
How we use your information
Sheffield City Council’s Food Safety Team processes personal data to investigate reports of sporadic cases or outbreaks of infectious diseases and food poisoning. The team work closely with Public Health England (PHE) to try and identify the cause and source of the problem, so as to take appropriate action to prevent others becoming ill.
The personal data we need includes:
- full name, address and contact details
- date of birth, gender
- occupation or school details
- NHS number
- health and medical information
- recent history eg eating, food shopping and food handling experiences to help trace the source of the illness
We process this personal data under our legal obligations under the Public Health (Control of Disease) Act 1984 and The Health Protection (Notification) Regulations 2010. For the purposes of the General Data Protection Regulations the following article 6 and 9 conditions apply:
- article 6(1)(e) processing is necessary for the performance of a public task
- article 9(2)(i) public interest in the area of public health
How we share your information
We will share your information with the following parties as part of the investigation and follow up to prevent a recurrence:
- GPs – in regards to individual patients
- PHE - in regards to individual patients (current and potential future patients)
- local laboratories – in regards to specimen results
How long your information will be kept
When an infectious disease or food poisoning case is reported, we create a case file on our IT system and also a physical file. We keep your information eg notification of illness, follow up questionnaires, analysis and investigation findings, for 6 years after the case is closed.
Legal Services
How we will use your information
We collect and process personal data for the purposes of delivering legal services. This processing is necessary to fulfil our clients' and prospective clients’ duties related to the delivery of public services.
We are the data controller of personal data relating to individuals who are either a named client or through whom we conduct our relationship with you. The personal data may include data about you, anyone who lives with you, and/or related to you and may include names, addresses, dates of birth, gender, nationality, telephone number, job title, financial Information, and Human Resources records.
We may collect and use sensitive information about you such as ethnicity, religious beliefs, medical / health data, social care records and convictions.
As well as obtaining this information from you, we may collect information about you from third parties, such as other local authorities, enforcement agencies and relevant organisations.
Who we will share your information with
We will keep information received from you confidential while acting in connection with any legal matter unless:
- we have your authority to disclose it
- we are required to disclose it by law
- the information is in or comes into the public domain without any breach of confidentiality on the part of Sheffield City Council
- we are required to disclose it by the regulatory or fiscal authorities, in which case, to the extent that we are permitted to do so, we will endeavour to give you as much advance notice as possible of any such required disclosures
Personal information will only be disclosed to third parties via secure or encrypted methods. The third parties may include:
- other council services
- others that we contract, such as medical experts, barristers or debt recovery agents
- government bodies such as the Department for Work and Pensions and HM Revenues and Customs
- other organisations such as local authorities, enforcements agencies, where necessary
In addition to using your personal data for providing legal services, we may use it for marketing, administration, and training, and we may disclose it to our service providers and agents for these purposes. We may retain it for marketing purposes, to contact you about our services, but you can choose not to receive such material at any time.
We may disclose that we are acting for you in our marketing and similar materials and, if in the public domain, the matter on which we have acted or are acting for you. If the matter is not in the public domain, we may only disclose the matter for marketing purposes in a generic form (and without reference to you) unless otherwise agreed between us.
How we will keep your information
All paper and electronic data will be stored securely.
We will:
- take appropriate organisational and technical measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, that data
- provide appropriate training to personnel who process that data on our behalf
We will retain our records for a minimum of 6 years from the completion of the matter, after which they may be destroyed. We will return any of your records which you ask to be returned to you. We will not destroy documents you ask us to deposit in safe custody but we will make a charge to cover our costs.
You can contact the Legal Services Data Protection Liaison Officer Steve Eccleston for more information steve.eccleston@sheffield.gov.uk.
Library Services
How we use your information
How we use your information
We need to process personal data to provide access to our library, archive and information services, which includes:
- applications for individual membership for an adult or a child
- notifying customers of reserved items and overdue items
- provision of home library services
- recording participation in reading challenges and other educational programmes
- providing services to book groups
- receiving payments in relation to chargeable items or donations
- making refund payments and credits in relation to chargeable items
- informing library members of essential service updates
To access the majority of the services we offer (including borrowing books, e-books and other lendable materials, and having free use of our computers), customers need to register as a member of the Library, Archive and Information Service.
When registering as a library member, we have to collect:
- your name
- address
- date of birth
- contact telephone number
- email address
If you are under the age of 16 years old, we also need information about your parent or carer as an emergency contact, eg their name, address and contact details
Under data protection law, we need to have a lawful basis to process personal data. We need to process your personal data to fulfil our legal obligations under the Public Libraries and Museums Act 1964.
How we share your information
We share our library systems and materials with the voluntary organisations and volunteers that help to provide some of the library services in Sheffield. This means volunteers need to have access to our library systems, and library membership information including your name, address and library loans information (and fines, if applicable).
If you do not want your information to be shared in this way, you have the right to ask for your details to be removed from the Library System. However, this will mean that we can no longer provide all libraries, archive and information services to you.
On occasion, we may have a duty to share your personal data with:
- Sheffield Safeguarding Hub, the Sheffield Adult Safeguarding Partnership or another statutory agency for safeguarding purposes or where safety may be at risk
- Emergency services and healthcare professionals for your vital interests and safeguarding
- The Police and other law-enforcement services for the prevention and detection of crime, or where we are required to do by a Court Order
How long your information will be kept
We will hold library membership information for up to two years from your last transaction. After this period, your library record will be deleted. If you want to view or change your details at any time, please contact the Libraries, Archive and Information Service or ask a member of our staff.
Your rights
If you have any queries, concerns, or complaints about the way we process your personal data, you can contact our Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner’s Office. For further details, please see https://ico.org.uk/make-a-complaint/
Licensing
How we use your information
Sheffield City Council uses personal data to process applications for licences, certificates, permits, consents or registrations.
The information we need includes your:
- name
- addresses
- previous names and addresses (for the last 5 years)
- relevant business name and details
- nationality
- date of birth
- identity and right to work documents
- photograph
- declarations regarding physical health and criminal convictions
Licensing officers use this information to ensure licences, certificates, permits, consents or registrations are only issued to appropriate people who are fit and proper to hold one and to maintain records of issue, renewal or rejection.
Your personal data is collected and processed as per Article 6(1)(c) and Article 6(1)(e) of the UK General Data Protection Regulation, in accordance with licensing laws and regulations. Licensing laws vary according to the type of activity but include the Licensing Act 2003 and Gambling Act 2005.
Some information we collect is regarded as special category data, for example your medical history. In order to process this information, we rely on Article 9(2)(g) in that processing is necessary for reasons of substantial public interest. We process criminal offence data for statutory and government purposes, and for the safeguarding of children and individuals at risk (Schedule 1 Part 2 Paragraphs 6 and 18 of the Data Protection Act 2018).
Who we share your information with
We sometimes need to share your information within the Council to provide advice and assistance to you, carry out our legal duties or to safeguard others eg children and vulnerable adults.
We may also need to share your information with third parties, for example: the Police; Fire and Rescue Service; Home Office (Immigration Enforcement); Sheffield’s Safeguarding Children Board; the Health and Safety Executive, to assess licensing applications and the suitability of applicants and to prevent and detect and prosecute crime.
We are required to maintain and publish Public Registers, which includes personal data of licence holders for Hackney Carriages, Private Hire Vehicles and Operators, Combined HC/ PH Drivers, and the sale of alcohol (personal or premises).
We will also share data with the Cabinet Office for the purposes of a data matching exercise called the National Fraud Initiative. The purpose of the exercise is to detect fraud and error. The Council is legally required to participate in this exercise.
How long we keep your information
We keep information for 6 years from the date of the last action or the expiry of a license, certificate, permit, consent or registration. The information will be stored either in paper form and/or electronically on a secure council database.
In the event that your Taxi or Private Hire licence is revoked, or an application refused, information will be uploaded to the NR3 Register and the information kept for 11 years.
Changes to this notice
We reserve the right to update or modify this notice at any time. Any changes will be reflected on our website and will become effective immediately upon posting. We will inform you of any significant changes via gov.delivery email. This notice was last updated on 14 August 2024.
Licensing: Child Work Permits, Children in Entertainment, Body of Persons Approval, Exemptions and Chaperones
Sheffield City Council’s Licensing Team processes personal data to issue Child Work Permits, Child Performance Licenses, Chaperone Licences (to adults), Body of Persons Approvals (to groups) and Exemptions (to individual children). The purpose of these licences is to safeguard children in employment, entertainment, paid sport or modelling, and the Licensing Team will inspect and monitor the use of the licences and investigate concerns.
What data we collect
The personal data we need for Child Work Permits includes:
- name, address, gender and DOB
- nature, place and hours of employment
- school name and contact details
- educational attendance level
- fitness, health and medical conditions
- child’s parent / carer name, address and contact details
The personal data we need for Child Performance Licences includes:
- name, address, gender and DOB
- school name
- fitness, health and medical conditions
- reasons for the application and details of the entertainment and organisation
- child’s parent / carer name, address and contact details
The personal data we need for Chaperone Licences:
- name, addresses, DOB, place of birth and National Insurance Number
- telephone number and email address
- employment details
- health and disability status
- portrait photographs
- names, addresses and contact details of personal referees
- disclosure and Barring Service Checks
The Personal data we need for Body of Persons Approvals:
- name and address of lead applicant and company
- name and address of Chaperones
- details of performance
The personal details we need for Exemptions:
- name, address, DOB of child
- school name
- name and signature of parent/carer
- name, address and contact details of organisation
- name of Chaperones/Responsible Adults
- name and signature of organisation lead
We process this personal data in accordance with our legal obligations, in particular the Children and Young Persons Act 1933 and 1963, the Children (Performances and Activities) (England) Regulations 2014, the Management of Health and Safety At Work 1992, the Children Act 1989 and the Education Act 1996.
For the purpose of the General Data Protection Regulations, personal data is processed under Article 6(1)(c) for legal reasons, and Article 9(2)(g) for substantial public interests in employment, social security and social protection.
How we share your information
Chaperone information such as name, chaperone number and expiry date and Local Authority to which they are registered is shared with production companies and other Local Authorities.
Children’s Performance Licence information (including name, DOB, parent/ carer names and name of school and photo of child) is sent to the applicant of the licence, parent, school and the Local Authority where the performance is taking place.
We only share children’s information (name, DOB, postcode, LA where the child resides and district) as part of BOPAs if the child resides out of Sheffield and this is requested by their Local Authority.
Work permits are sent to the employer, parent and school only. This includes name, DOB, home address, school and year group.
Inspection reports are shared with the Local Authority where the child/children reside and the applicant responsible for the production only. Under a Performance Licence this will include name of child and DOB and Local Authority that issued the Performance Licence and details of chaperones (their name, Issuing authority and expiry date). Under a BOPA we do not share details of children just chaperones unless there are children who reside outside of Sheffield performing and their Local Authority request the information.
We will share personal information with law enforcement or other authorities if required to do so by applicable law.
How long your information will be kept
We create a case file for each licence application and records for inspections and investigations. Retention length varies, but in short applications and supporting information for:
- Employment and Entertainment Licences, 25 years from child’s date of birth
- Body of Persons Approval, 6 years from certificate expiry date
- Chaperone Licence, 10 years from last contact (successful or unsuccessful)
Lifelong Learning and Skills
How we will use your information
We process personal data as part of our work to provide opportunities for children, young people and adults to gain employment, training and work skills. These opportunities vary from vocational courses to employability skills training and apprenticeships. We also help to provide advice and guidance, match people to the right opportunities, monitor and report on their progress, and support them throughout their involvement.
To do this, we need to process information about the people engaged with the service, their parents, carers or emergency contacts, and the education and training providers and local businesses.
The information we process includes: name, address, date of birth, age, ethnicity, nationality, language, physical or health needs, emergency contact details, financial circumstances, educational attainment, lifestyle and interests, criminal history. We also process personal information about attendance, progress and performance throughout the scheme to help evaluate the training or work provider.
We process this information as part of our duty to create and develop learning and employment opportunities across Sheffield.
For the purposes of data protection, this processing is carried under article 6(1)(e) processing is necessary for a public task, and article 9(2)(h) substantial public interest out to meet out, so that we can meet our statutory duties, including the Education and Skills Act 2008 and the Apprenticeships, Skills, Children and Learning Act 2009.
How we will share your information
We share information about our learners to find suitable placements at schools, colleges, commissioned training providers, businesses and organisations offering apprenticeships.
We share information with the Education and Skills Funding Agency, European Social Fund (ESF), DWP and OFSTED to monitor the Council’s performance in supporting people in employment, training and skills development.
How long your information will be kept
We keep a case file on all people we provide opportunities to. The length of time we keep information varies and may be as little as 6 years or up to 12 years depending if the placement is funded by the Education and Skills Funding Agency or ESF and our need to comply with their terms and conditions.
Microsoft Teams: Recordings
We allow the recording and transcription of Microsoft Teams meetings. The main intention for this use is limited to allow staff to watch a meeting they missed, to allow colleagues to write the minutes of meetings and to record training. A transcript is automatically generated for any meeting which is recorded. Transcription is not available in Teams channels.
The recording of meetings applies to internal SCC staff-only meetings as well as meetings with partners or contractors.
No meeting recording is to be shared with any third parties outside the council by meeting organisers (hosts) or participants. The recording should not be emailed, uploaded to a portal or a link provided to it anyone outside the council.
We will ensure that personal data is processed in line with the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).
Your personal data
Personal data relates to a living individual who can be identified from that data.
The categories of personal information held in relation to recordings and transcriptions relate to participant identity, possibly including contact information, and their personal contributions to the meeting. The recording could contain:
- your photo or video stream, if you choose to enable your camera during the meeting
- anything or anyone else that may be in the background could be recorded (you can choose to put up a background in Microsoft Teams meetings to stop any additional pictures of your home being recorded)
- your audio stream (if you choose to enable your microphone during the meeting), which could include any opinions you contribute and anything you say about yourself
- chat within the meeting could also be captured in the meeting recording
- your name
- email address
Anyone attending the recorded meeting may have aspects of their personal information recorded whether they actively participate or not.
Using personal data
If a recording is going to take place, you will be informed both in the invitation and on the day of recording the session (normally verbally) prior to any recording taking place. You will be told the purpose of the recording and any other purposes it will be used for. The red recording button will be on for the duration of the recording.
Our legal basis for using personal data
The legal basis for this processing is the legitimate interests of the council, which is to improve the use of Teams meetings for our business activity. We do not consider that it overrides the rights and freedoms of our staff.
A Legitimate Interests Assessment is available on the council Intranet to support our legal basis.
Meeting organisers (hosts) should consider any objections from participants to have their personal data recorded. We hope that the assurances in this privacy notice will ease any anxieties. It is within the power of the Host to invite the participant to switch off their camera; and even to mute themselves. However, such steps would reduce the effectiveness of the meeting. There is always the option not to record the meeting if it was to cause distress to any participant.
How we share your information
Sharing personal data
Recordings may also be viewed by meeting invitees who were unable to attend. If it is a training recording, your participation may be seen by those who watch it for up to two years later.
In extreme circumstances, we may share the recording (before it is deleted after 30 days in the case of all recordings except training recordings which are kept for two years). Recordings may be shared for health and wellbeing; HR policies, such as dignity and respect, and law enforcement. Wherever possible, we will inform you when this occurs.
How long your information will be kept
A meeting recording will be automatically deleted 30 days after it was created. Teams recordings made for training purposes have a retention period of 2 years. They will then be reviewed to see if the subject matter is still relevant and retention may be extended.
How we protect your information
Recordings are stored within the council’s secure network and will be deleted when no longer required.
Transferring personal data abroad
We ensure your personal data is processed using services hosted inside the UK and the European Economic Area.
What are your rights
Where we process your personal data, you have a number of rights under data protection law.
View the privacy and transparency information for Sheffield City Council.
Move Well Scheme
The Move Well Scheme is an exercise referral programme. Referrals are made (via a healthcare professional or self-referral) into a centralised hub, for people with disabilities and/or long-term health conditions to gain support in finding suitable physical activity provision. The individual will then be referred or signposted to existing physical activity provision, delivered by many providers, in locations across the city.
We are committed to protecting your privacy and ensuring the confidentiality of your personal information. This Privacy Statement explains how we collect, use, and safeguard your data when you consent to participate in our scheme.
Information we collect
When you agree to participate in Move Well, we collect the following types of personal information, which may be provided directly by you or by a healthcare provider:
- contact information ‘personal data’: name, address, email address, phone number
- health information ‘special category data’: information related to your physical activity levels, health status, and any other relevant details necessary for the scheme
How we use your information
We use your personal information for the following purposes:
- to contact you: to arrange appointments, provide updates, reminders, and information related to your participation in the scheme
- to monitor and improve the scheme: to assess the effectiveness of the scheme and make necessary improvements
- for administrative and insurance purposes: to manage and facilitate your participation in the scheme
Data storage and third-party providers
Your personal information is stored in a secure database provided by a third-party provider. This provider is responsible for the secure storage and maintenance of your data. We have contracts and agreements in place with the third-party provider to ensure that your data is handled in compliance with applicable data protection laws and regulations.
Lawful basis for the data processing
We are running the Move Well scheme and collecting personal data under the following lawful bases:
- personal data: UK GDPR Article 6(1)(e) – the performance of a task carried out in the public interest
- special category data: UK GDPR Article 9(2)(g) – substantial public interest: statutory and government purposes, specifically, the Health and Social Care Act 2012
Data sharing and disclosure
The aim of the scheme is to connect people to organisations providing physical activity support. We will only share your personal information with third parties in the following circumstances:
- with your consent: when you have given us permission to share your information
- for legal requirements: when required to do so by law or to protect the rights, property, or safety of our organisation or others
Data security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure.
Your rights
You have the following rights regarding your personal information:
- access and correction: you can request access to and copies of your personal data. You can also ask us to correct your personal information
- withdrawal from the scheme: you can withdraw from the scheme at any time and we will not contact you further. We will need to store your personal data until it has reached its agreed retention date for insurance and monitoring purposes
Additional information
For more detailed information on how your personal data is handled by Sheffield City Council, please read their Privacy Notice on this page.
Contact us
If you have any questions or concerns about this Privacy Statement or how we handle your personal information, please contact us at movewell@sheffield.gov.uk.
Parking, bus lane and Clean Air Zone: Enforcement
How we use your information
Sheffield City Council processes personal data to carry out is civil enforcement duties, which includes the processing of Penalty Charge Notices (PCN) and appeals, for parking (on street and council enforced car parks), bus lane and CAZ contraventions.
This information may include:
- your vehicle details, such as vehicle registration number, vehicle ownership checks (DVLA), vehicle make and colour, location of vehicle and contravention details
- basic details about you, such as your address, telephone number and email address
- contact we have had with you, such as any correspondence, formal PCN documents and Traffic Penalty Traffic Enforcement Centre witness statements
- images of you from our bus lane and CAZ enforcement cameras, or if an enforcement officer has activated their body worn video camera
- hackney carriage and private hire vehicle licence numbers and expiry dates
This processing is necessary for the performance of a task carried out in the public interest to fulfil its obligations as a Highway Authority, the Traffic Management Act 2004, Civil Enforcement of Road Traffic Contraventions (Approved Devices, Charging Guidelines and General Provisions) (England) Regulations 2022 and Road User Charging Schemes (Penalty Charges, Adjudication and Enforcement) (England) Regulations 2013.
How we share your information
We will share your information with other external third parties in the following circumstances:
- the DVLA to trace the Registered Keeper of a Vehicle to pursue a Penalty Charge Notice
- Traffic Penalty Tribunal and/ or Traffic Enforcement Centre as part of the appeals process
- our contracted debt recovery agents to pursue outstanding debts
- Police or security organisations to prevent or detect or prosecute crime
How long your information will be kept
How long we keep your information depends on what type of request or transaction has been made:
- DVLA details are deleted from any cases that have been fully paid 2 years from the date the PCN is closed and from cancelled cases 6 months after the PCN is closed
- PCN correspondence and photos are removed on cases that have been closed for more than 2 years
- complete PCN case removal will happen after 6 years. Once photos, correspondence, letters and DVLA data are removed we will keep remaining information on the case on our system for 6 years
- contact details for drivers supplying evidence of hackney carriage and private hire vehicle licences to add to bus lane exemption lists will be kept for 12 months (if not supplied as part of a PCN appeal)
We keep Body Worn Video camera footage for 14 days, unless a copy is being kept as evidence as part of the enforcement record.
Parking: Permits
How we use your information
Sheffield City Council has created a number of Parking Permit schemes to protect on-street parking spaces outside people's houses or businesses, in areas where parking is limited, and problems are caused by parking by commuters and shoppers, etc.
You need to have a valid permit to park in one of these schemes, so you need to apply providing us with sufficient information and evidence to demonstrate you're eligible for a permit.
This information includes name, address and contact details as well as details of your vehicle: make, model and registration. If you park in one of these areas without a valid permit, you are likely to get a Penalty Charge Notice.
This information is processed to enable us to carry out our public duties, to administer, manage and enforce the permit scheme, under the relevant Traffic Regulation Orders.
How we share your information
Your information is processed by the Council’s Customer Services and Parking Services to award and enforce permits.
If you are issued with a Penalty Charge Notice for parking incorrectly, your information may be shared with the:
- DVLA to identify the registered keeper of the vehicle to pursue an unpaid notice
- Traffic Enforcement Tribunal as part of an appeals process
- Council’s Finance team, or a third party debt recovery agent, to pursue a debt
- Police or security agencies to tackle crime
We will also share data with the Cabinet Office for the purposes of a data matching exercise called the National Fraud Initiative. The purpose of the exercise is to detect fraud and error. The Council is legally required to participate in this exercise.
How long your information will be kept
We keep information about permits for 2 years after the permit has expired.
Parking: Suspensions and dispensations
How we use your information
The information provided by you when applying is required to determine if we can authorise a dispensation or suspension and for the purpose of administration, enforcement and monitoring by Sheffield City Council’s Parking Services and Sheffield City Council’s Highways Team, who undertake activities in line with the Traffic Management Act 2004, Local Authorities (Transport Charges) Regulations 1998 and the Highways Act 1980.
In these cases we need your:
- name, address and contact details
- details of the work being undertaken
- vehicle registration mark (dispensations)
How we share your information
We will share your information with other external third parties in the following circumstances:
- police or security agencies to tackle crime
- details about when and why a suspension or dispensation was authorised may be shared as part of the PCN appeals process
How long your information will be kept
We keep record of applications for up to 6 years from the application
Parking - Temporary Restrictions
How we use your information
We use records of vehicle registration numbers of vehicles parked in Sheffield where temporary parking restrictions are introduced to provide data to aid decision making about parking ticket appeals
The records capture the following data:
- vehicle registration number
- date and time of signs being placed
Vehicle registration numbers are unique identifiers and can be used, with the addition of further information, to identify the Registered Keeper of the vehicle; however, records for temporary signs are not used to access to information that would enable them to identify the keeper, the driver or the passengers of the vehicle and has no reason to do so. However, should a parking ticket (PCN) be issued to a vehicle parked in contravention of such restrictions information about the keeper may be obtained (see Parking Enforcement Privacy Notice information).
Who we share your information with
We will share your information with other external third parties in the following circumstances:
- redacted records with the Traffic Penalty Tribunal as part of the appeals process
- police or security organisations to prevent or detect or prosecute crime
How long we keep your information
Up to 6 years until PCNs issued in that period have been removed.
Planning
We have divided our privacy notice into various sections in order to provide you with quick access to the following explanations:
- How we will use your information
- How we get your information
- How we will share your information
- Redaction (‘blanking things out’)
- How long your information will be kept
- Complaints and problems
How we will use your information
The Planning Service processes personal data as part of our work as a local planning authority so we can:
- make decisions and provide advice on planning applications
- make decisions and provide advice on applications to undertake work to buildings and structures ‘listed’ on the National Heritage List
- make decisions and provide advice on works to protected trees
- respond to allegations of unlawful development
- monitor development
- enter legal agreements, collect the Community Infrastructure Levy (CIL), serve notices and promote the best use of land
- revise the CIL Charging Schedule
- prepare, monitor and revise the Local Plan for the city
- aid local communities in the preparation of their Neighbourhood Plans, Neighbourhood Development Orders and Community Right to Build Orders
- prepare planning guidance for specific sites, topics or areas such as supplementary planning documents or planning briefs
- grant planning permission in principle by placing sites on part 2 of our Brownfield Register
The personal data we process will include your name, address and contact details, but in some cases additional information might be needed such as health or medical information to support an application.
We use the information provided to us to make decisions about the use of land in the public interest. This is known as a “public task” ie the exercise of our official duties as a local planning authority vested in us as a data controller in the public interest. This is why we do not need you to “opt in” to allow your information to be used.
When we consult on planning policy documents we may attach an individual’s name or the organisation they represent to their comments. We will attach the name of an individual representing the local community such as an MP, a local or parish councillor to comments they’ve made on behalf of their constituency or ward. We’ll only use a respondent’s contact details collected during public consultation to seek clarification on their comments.
How we get your information
When processing planning applications, listed building applications and applications to undertake work to protected trees we get applicant information in two ways – it is supplied to us directly (or via a planning agent on their behalf) or we receive it from a third party website, the “Planning Portal”, which provides a transaction service.
We also receive comments, representations, allegations and questions on planning proposals, listed buildings applications, proposed works to trees or planning policy documents via email, letter, and through our online platforms.
How we will share your information
We will make details of planning applications, listed buildings applications and proposed works to protected trees available online so that people can contribute their “comments”.
We will sometimes need to share the information we have with other parts of the council, eg to establish how long a building has been used as a dwelling.
We may share your information with statutory consultees as listed in the Town and Country Planning (Development Management Procedure) (England) Order 2015 as part of a statutory consultation requirement.
We may also share your information with other Sheffield City Council departments and with external third parties so we can carry out our work.
The Local Planning Authority also makes applications available for inspection by members of the public. Some are on the online “Register”, historic applications can be viewed by appointment. Personal information may be redacted or withheld.
We may also send out a follow-up survey to a sample of people using our service to see how we can improve it.
We are obliged under the Town and Country Planning Act 1990, Town and Country Planning (Listed Buildings and Conservation Areas) Act 1990 and the Town and Country Planning (Development Management Procedure) (England) Order 2015 to make some of the information you give us available on planning registers. It is a permanent record of our planning decisions and forms part of a site’s planning history along with other facts that are part of the “land search”.
When processing comments received during public consultation, we will not accept anonymous comments. You can ask to be made anonymous when the consultation report is published. Alternatively, when dealing with a large number of comments, the consultation report may state the number of individuals making the comment alongside the names of any organisations. An individual respondent’s contact details or any other sensitive personal data they provide will not be shared in a consultation report.
We will prepare a consultation report after processing comments received during public consultations on planning policy documents. Consultation reports allow us to share what others have said about a draft planning document and explain how comments have influenced preparation of the published document. Consultation reports will be published alongside the next version of the planning policy document.
In circumstances where a planning application is appealed, we are required to share data from a planning application with the Planning Inspectorate. This includes any comments made by statutory consultees and members of the public.
We do not sell your information to other organisations. We do not move your information beyond the UK. We do not use your information for automated decision making.
Redaction (‘blanking things out’)
We operate a policy where we routinely redact the following details before making forms and documents available online:
- - personal contact details for the applicant eg telephone numbers, email addresses
- - signatures
- - Special Category Data eg supporting statements that include information about health conditions or ethnic origin
- - information agreed to be confidential
Sometimes we might decide it is necessary, justified and lawful to disclose data that appears in the list above. In these circumstances we will let you know of our intention before we publish anything.
If you are submitting supporting information for applications or commenting during public consultation on planning policy documents and you would like to be treated confidentially or wish to be specifically withheld from the public register, please let us know as soon as you can - ideally in advance of submitting the application or publication of the consultation report. The best way to contact us about this issue is either by emailing planningapps@sheffield.gov.uk for an application, or by contacting us using our main contact details published when consulting on the planning policy document in question. Alternatively, you can specify your wish to be kept anonymous when you make your comments on planning policy documents.
How long your information will be retained
The information provided by applicants and appointed agents will be kept indefinitely as required by the Town and Country Planning (Development Management Procedure) (England) Order 2015.
The information provided by neighbouring residents and other interested parties, who comment on applications as part of the Community Consultation process in relation to planning applications, will be retained for four years from the decision.
The information provided in relation to the investigation of unauthorised development will be kept for at least ten years. No personal information is published on any public platform in such cases.
The information collected during public consultation on the preparation of planning policy documents will be kept as long as necessary to carry out our legal duties and responsibilities as a local planning authority.
The majority of information provided as part of the Community Infrastructure Levy process will be retained until the CIL application is complete and payment made in full or for 7 years in the case of Social Housing Relief, and 3 years for Self-Build Relief. Liable Party Information will, however, be kept indefinitely. No personal information is published on any public platform in such cases.
Complaints and problems
Making decisions on planning matters is a public task and you do not have the right to withdraw consent. However, if you think we have got something wrong or there is a reason you would prefer for something to not be disclosed, please ask us by emailing planningapps@sheffield.gov.uk for instances relating to planning applications or enforcement matters. For public consultations on planning policy documents, use the contact details publicising consultation on the planning policy document in question to contact us.
Private Housing Standards
What information we collect about you and why
We collect personal information about you and about your housing circumstances so that:
- we can advise you and your landlord about your occupancy rights
- we can use our enforcement powers under the housing legislation where this is appropriate
We will process your data under Article 6 (1 )(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
How we will use your information
The information you give us, will be kept on a computer record by the Private Housing Standards team in Sheffield City Council. All the information held by the Council is subject to the Data Protection Act 2018 and the UK GDPR and will be treated confidentially. In limited circumstances we may need to disclose personal information:
- to prevent or detect crime
- to protect public funds
- to help us exercise our regulatory duties in relation to the private rented sector, for example, if it seems that your landlord is not managing the property competently or lawfully, under the Housing Act 2004
- tenants, landlords and agents where you have given consent, we will use your personal data to keep you up to date with news and information or to ask for feedback on our service
- if you are wanting advice, information or other help with housing options or rehousing, then we will share the information you give us with the Council’s Housing Solutions Service, and they may use it to assess your entitlement to assistance with housing under the Housing Act 1996 and the Homelessness Reduction Act 2017
- where we suspect your landlord has breached regulations or other legal duties for which we are not the enforcing authority (for example relating to gas safety) we may share the information you give us with the appropriate enforcement authority
- the information you give us may also be used to assist us with contacting your landlord if, we agree this with you, or, if there is reason to think your landlord might try to make you leave unlawfully
How long we will keep your information
We will normally keep your information for 7 years in case any of the advice we provide should become the subject of legal proceedings. However, we may keep the information longer in the case of alleged serious unlawful behaviour by your landlord or where we consider that it is likely that the information will help us with our duties in regulating the private rented sector.
What your rights are
You have rights under Data Protection law. Further details about your rights, the contact details of our Data Protection Officer and your right to make a complaint are on our Privacy notice page.
If you would like this information but you are unable to access information from the website please call us on 0114 273 4567.
Procurement: Trade and non trade suppliers
How we will use your information
The information provided to us will be used for the creation of a supplier record on our primary financial system in order for us to: purchase goods/service, pay grants, loans, make insurance payments, compensation payments, refunds and to make payments for those goods/services provided. The information required includes: full name, address, telephone number, email address and bank details.
Who we will share your information with
We will share your information with the following third parties who use our primary financial system on behalf of or in conjunction with:
- Capita Business Services who provide services on behalf of Sheffield City Council under the Business Services Contract.
- Sheffield City Region Combined Authority who use our primary financial system for their financial transactions; including purchases and payments.
How long we will keep your information
For inactive supplier accounts ie we have ceased transacting with you, the information you provide will be kept for the default standard retention period for HMRC records which is 6 years plus current, otherwise known as 6 years + 1 after which it will be deleted.
Regeneration and Property Services
The following information held by Regeneration and Property services is subject to GDPR:
- personal contact information of people making enquiries to Regeneration and Property Services
- Land and Property marketing and regeneration mailing lists
- information required in order to enter into contractual arrangements with Sheffield City Council and to manage our land and property assets and payment for services
Regeneration and Property Services may additionally obtain information from other sources, including publicly available sources, such as public sector partners, referees or credit checking agents etc.
How Regeneration and Property Services use this information
- to answer customer questions or respond to requests
- to develop products and services
- to enter into formal contractual arrangements
- to create and manage accounts and process payment for purchases or other services
- to protect against or identify possible fraudulent transactions
- to send customers email and/or postal messages with information about land and property in the Sheffield City Region that we think may be of interest
Personal Information Retention
The service will retain personal information for the period necessary to fulfil the purposes outlined in the overarching Sheffield City Council Privacy Statement unless a longer retention period is required by other statutory requirements.
Email and Postal Communications
You can stop receiving promotional email messages and postal marketing from Regeneration and Property Services by emailing Propertyservices@sheffield.gov.uk.
Your Legal Rights
Information on other rights contained within GDPR including the right to request rectification of personal data; to obtain restriction of the processing of personal data or to object to the processing of personal data is available on this page or can be provided by post or email on request.
Reporting Trade Union Facility Facilities Time Agreement
How we will use your information
We have published general details about our processing of information on the Privacy notice page.
In addition, this privacy notice outlines that the information provided to us will be used to:
Report and publish under the Trade Union Facility Time Publication Requirements Regulations 2017.
- we will report the data on behalf of all our employees including maintained schools. Academies will report their own TUFT data. Data should include TUPE, non-TUPE, teachers and support staff representatives
- further details can be read in the Department for Education guidance on trade union facility time in schools
- as a public sector employer, we must report and publish information on facility time for employees who are trade union representatives
External reporting
The information may also be used as part of calculations to establish figures for our total spend relating to the Facilities Time Agreement.
The overall figures will be used for statutory reporting purposes, including:
- trade union transparency data (published openly via our website, see Access to information). This is required under the Government’s Transparency Code for Local Authorities (2015). We are required to publish specified information related to facility time provided to trade union officials in maintained schools and academies that have entered 'pooled' cost sharing arrangements with us
- Trade Union Facilities Time reporting (published openly via gov.uk). This is required under the Trade Union (Facility Time Publication Requirements) Regulations 2017. Further information is available via the Trade Union Facility Time Publication Service: 2017-18 guidance on gov.uk
- to comply with these requirements, we must publish the data on our website and on a website maintained by, or on behalf of the Government each year. The data must also be included in the annual Statement of Accounts
Who we will we share your information with
No individual hours/ rates, individual names or school names will be used for external reporting purposes. All figures will be summarised and anonymised.
We will share summarised and anonymised information with the following third parties:
- trade union transparency data – this information is made available to the public via our website, see Access to information
- the annual statement of our accounts which is published on our Statement of Accounts page
- Trade Union Facilities Time reporting – this information is shared with central government and made available to the public via Trade Union Facility Time Publication Service: 2017-18 guidance on the gov.uk website
How long we will keep your information
The information you provide will be kept for 7 years, after which it will be deleted. The data is not held overseas.
What are your rights
You have rights under Data Protection law. For further details about your rights, the contact details of our Data Protection Officer and your right to make a complaint please see our Privacy notice page.
SEN Home to School Transport
We process personal data to provide transport services that support children and young people. The information you provide will help us to provide services to your child, to know what your child’s needs are and to organise support.
Transport services are responsible for delivering the council’s responsibility under Section 508B of the Education Act 1996 (“the 1996 Act”) which places a duty on local authorities to ensure that suitable free travel arrangements are made as considered necessary by the local authority (“LA”) to facilitate the attendance of eligible children of compulsory school age at school.
Why we collect and use personal data
Sheffield City Council needs to collect certain information from you about your child, to enable us to provide the most appropriate transport to meet your child’s needs.
We collect and use personal information to:
- provide appropriate transport to meet your child’s need
- safeguard and manage incidents
- provide, plan and manage our services
- carry out our regulatory duties
- carry out any other tasks which we have to do by law
- listen to your ideas about our services.
- tell you about our services
- evaluate and improve services
Without this information, we will not be able to provide the appropriate transport to meet your child’s needs.
With regards to data protection, we process your personal data under Articles 6 and 9 of the General Data Protection Act 2018: article 6(e) processing is necessary for the performance of a public task in accordance with the Section 508B of the Education Act 1996 (“the 1996 Act”) & article 9(2)(g) processing for substantial public interest (statutory purposes).
We collect the following information
The personal information that we receive and process in relation to parent/carers and children includes:
- personal details such as name, title, addresses (current and previous), contact numbers and personal email addresses
- personal demographics including date of birth, gender, ethnicity.
- education information including any Special Educational Needs and Disability (SEND)
- current and previous school details
- attendance data for parental reimbursement claims
How we collect your information
We collect the personal data directly from the parent/guardian when they complete a Travel Assistance Application and a Travel Information Form (TIF). We may also receive information from the school or other professionals, including those within the Council.
Who the information is shared with
Once we receive this information it will be stored electronically on the council’s secure internal system. We will then process the information to ensure that your child receives the transport services they need.
We generate what is called a run sheet for the Driver and Passenger assistant to assist them to meet the needs of your child. This run sheet will either be a paper version or an electronic version. The electronic version will be viewed on a mobile device. Both council staff and private transport contractor (depending on who is delivering your child’s transport) receive this information.
We will share you and your child’s details with relevant organisations and agencies to enable us to secure and provide transport provision to your child. We share limited personal data with the transport provider, including private transport contractors. Sometimes we may ask you to sign a consent form, for example, if we are referring to another agency, eg education psychology, alternative education providers.
The Transport Team may also use your information for other legitimate purposes and may share (where necessary) with other Council departments and external bodies. Reasons for sharing information with the internal and external bodies will be to fulfil the council’s safeguarding duty and comply with the Prevent Strategy, to support service planning, for example, consultants, and the Police may request information at any time as part of a criminal investigation.
Other council departments include, but are not limited to: Admissions and Access to Education that covers Children Missing Education (CME), Elective Home Education (EHE), Exclusions and Child Licensing, Education Psychology Service, Hearing and Visual Impairment Service, the Data Team, the Early Help Service, the Safeguarding Service including LADO (Local Area designated officer), Governance and Legal Services, Complex Casework Panel, and Every Child in Education Every Day (ECIEED).
External bodies include but are not limited to: schools/academies, including independent and boarding, alternative education providers commissioned by the council to provide services to Sheffield children, other councils/boroughs, and the police. External organisations commissioned by the authority to provide or review services for Sheffield children and other third-party organisations. We may share statistical information to the Department for Education and the Department for Transport.
We may use your information for another purpose if there is a legal duty to do so.
Changes in your circumstances
You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.
How long will we keep the information?
The council will only retain the information about your child for a period of 7 years after they have ceased using the service. All information held will be regularly reviewed at least every 18 months to ensure that we do not hold any incorrect information. Where any information is found to be incorrect, this will be rectified immediately.
Your rights
You have rights under data protection law. For further details about your rights and your right to complain, please contact the Data Protection Officer: dataprotectionofficer@sheffield.gov.uk
Sheffield Children’s University
Sheffield Children’s University (CU) is a member of a national initiative that encourages and celebrates children and young people who take part in learning activities outside of school hours. Learning can be at either CU subscribed schools in Sheffield or at registered activity providers, called Learning Destinations.
One credit is awarded for every hour of learning, earning CU awards and special award ceremonies take place in schools and prestigious venues across the city. Sheffield CU is part of Sheffield City Council and uses the Capita ONE database to track and reward children with CU credits.
Who will we receive personal information from and how it will be received
We will receive personal information from Sheffield schools sent to us through a secure information transfer system (AnyComms), from validated Learning Destinations (approved activity providers) on registers via password-protected email, and from parents/carers via email and through forms embedded on the Council's website.
How we will use personal information
We will use the information provided by you, our schools and Learning Destinations to:
- record children’s activity and reward children and young people in Sheffield with CU credits for their participation in out of school activities
- maintain and update contact details so we can provide our service to schools, Learning Destinations and partners and share information about activities
- book and manage events, activities and award ceremonies
- analyse the impact of taking part in Sheffield CU
- record your permission to use images and gain feedback on the service we provide
Who we will share personal information with
Information will be stored on the Capita ONE database and shared with other Council services and CU subscribed schools so we are able to deliver our service, including analysis of impact on children’s outcomes. Reports on participation are also provided back to children and families along with award certificates. When personal data is used for this purpose of analysing impact, any information shared is always anonymised; we will never use information to identify or contact any individual.
How long we will keep personal information
The information you provide will be kept in accordance with Council retention and disposal schedules and will be deleted when no longer required for the purposes for which it was obtained. Original participation data will be stored in identifiable format no longer than 2 years.
What your rights are
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Sheffield SEN and Disability Information, Advice and Support service
How we use your information
Sheffield SEN & Disability Information, Advice & Support service (SSENDIAS) is an impartial and confidential service. SSENDIAS is responsible for providing information and advice about matters relating to SEN or disabilities to children, their parents or guardians, and young people. We are required to do this as part of our duties under Sections 19(c), 26(3), 32 and 49 of the Children and Families Act 2014. SSENDIAS operates at arm’s length from other services in the Local Authority.
When you contact us, we will only collect information about your or your child’s Special Educational Needs or Disabilities and any related issues that you raise. We will use your personal information to provide services or information to you. We will also create anonymised data for general reporting and statistical purposes, to help improve our service.
The data we collect includes:
- your name
- your child’s name
- address
- telephone
- date of birth
- gender
- ethnicity
- nursery/school/college
- special educational needs/disabilities
We process your personal data under article 6(1)(a) of the General Data Protection Regulation (GDPR): the data subject has given consent to the processing of his or her personal data. We process special category (sensitive) personal data under article 9(2)(a) GDPR: the data subject has given explicit consent to the processing of personal data.
If you wish to withdraw consent for us to process your information, please contact us on 0114 2736009 or at ssendias@sheffield.gov.uk. Please note that there are certain circumstances in which we may not be able to comply with this request, for example if we have any concerns about safeguarding.
How we share your information
We will get most of the information directly from you or your child but we may need to contact other professionals to enable us to give the most appropriate information, advice and support. We may need to contact the following services to gather and share information about you or your child.
- SENCO/ Inclusion Manager, nursery/school/college
- Headteacher, nursery/school/college
- LA SENDSAR Officer
- Specialist teacher
- CAMHS
- Educational Psychologist
- ADHD Nurse/ Ryegate
- Speech & Language Therapist
If you do not wish for your information to be shared, you may choose to opt out (at any stage) by contacting the service on 0114 2736009 or at ssendias@sheffield.gov.uk.
How your information is stored and how long we keep it
- Your information is securely stored on our cloud-based database. We will destroy any hard copies of information which we obtain.
- The database is independent of Sheffield LA.
- The information is completely confidential and not shared with anyone else unless there are safeguarding concerns.
- We hold information securely in our internal records until the end of the academic year in which your child turns 25.
What are your rights?
For information about your rights under data protection law, the contact details of our Data Protection Officer, and your right to make a complaint, please see the council’s general privacy notice.
Sheffield Young Carers Register
How we use your information
We collect personal data to create and maintain a Sheffield Young Carers Register. We use this to identify the young people that have caring responsibilities and try and provide services to support them and for the people they care for.
To do this, we need to collect information about the young people, which includes:
- child name, address and age
- child school name, address and contact details
- source of referral
- summary of circumstances (may include special category data i.e. health and conditions of cared for person
- name of the person(s) being cared for
The General Data Protection Regulation 2016 requires us to have a lawful basis to process personal data. Under article 6(1)(e) it is necessary for the performance of a public task to meet our obligations under the Children and Families Act 2014, to take reasonable steps to identify the extent to which there are young carers within their area who have needs for support.
There may be occasions where we may need to process special category data, health information for example, which is processed under article 9(2)(g) substantial public interest for the provision of health and social care.
How we share your information
We collect information from Sheffield Young Carers, which is held on our Capita One database and accessed by Council officers involved in your case.
Your personal data is not expected to be shared internally or externally, unless it is required to:
- review your case and evaluate the services that we have provided or can provide to you or to the person you care for
- review performance as part of a managed analysis, audit, investigation or inspection, for example OFSTED
- comply with other legal obligations, for example safeguarding, law enforcement, etc
If we intend to share your information in any other circumstances, we shall let you know in advance before doing so.
How long your information will be kept
The information we get from Sheffield Young Carers is added to our Capita One database. Capita One holds information about all children and young people that have been, or are eligible, for education services in Sheffield until the child’s date of birth + 25 years. This is unless the person is subject to specialist educational services in which case the retention is date of birth + 32 years. Information about young carers will follow these same retention periods.
What are your rights
You have rights under Data Protection law. For further details about your rights, and your right to make a complaint, contact our Data Protection Officer.
Section 23: Special educational needs and disabilities
How we will use your information
The information provided to us by our partners in health services will be used to assess if there is support that can be provided by the Local Authority for a child under school age with a diagnosed or suspected special educational need or disability (SEND) that is not already known to the Local Authority.
The legal basis for holding this information is Section 23 of the Children Act 2014, which is the duty of health bodies to bring children who have or may have SEND to the Local Authority's attention.
Who we will share your information with
Your information will only be used by Sheffield City Council and we will not share it with any third party. If the referral leads to the involvement of services, your consent will be asked for before any information is shared.
How long we will keep your information
The information provided by the Section 23 Notification will be kept for 5 years after which it will be deleted.
Special Educational Needs and Disabilities Services
We collect information from parents or carers of children aged under 16 years old, and from young people themselves when aged 16 years or over, as well as from schools and health agencies when relevant to do so.
The information we collect includes, but is not exclusive to:
- child’s or young person’s name, address, date of birth, contact details
- ethnicity, nationality and language
- family background and members
- name of school, educational attainment, attendance and performance
- special educational needs
- social and health care information and medical information
- reasons for any assessments, referral and observations
We process the information as part of our public task (Article (6)(1)(e) of the General Data Protection Regulation (GDPR)). We process special category (sensitive) personal information for the provision of health and social care (Article (9)(2)(h) GDPR).
How we will use your information
SENDSARS
The Special Educational Needs and Disabilities Statutory Assessment and Review Service (SENDSARS) is responsible for carrying out duties under the Children and Families Act 2014 in relation to statutory assessment processes, and the ongoing monitoring of children and young people who have Education, Health and Care (EHC) Plans.
This includes information and advice sought for annual review, tracking information, dispute resolution or mediation processes and processes relating to appeals to the First-tier Tribunal (Special Educational Needs and Disability). We also administer and approve additional high needs funding applications for children and young people in relation to the special educational provision they may require across early years, school and post-16 settings.
Educational Psychology Service
The Educational Psychology Service (EPS) provides a service to children, young people, and their families, as well as to school staff in Sheffield. We help to find solutions to worries and concerns people might have about how children are developing, progressing or learning. All our psychologists are fully qualified. They have a degree in psychology and have undergone post graduate training.
The information provided to us will be used for the purposes of:
- advice, consultation and casework requested by the local authority linked to statutory duties; including the provision of Psychological Advice and reports to Sheffield City Council as part of the statutory assessment process or re-assessment of Special Educational Needs and Disabilities (SEND)
- reviewing/monitoring of pupil progress where there is an Education, Health & Care (EHC) Plan
- specific work related to vulnerable groups like those in public care or children/young people subject to Child Protection procedures
- acting as an expert witness for the local authority in SEND (Special Educational Needs and Disability) tribunals
- supporting schools and settings with a planned response to a critical incident
Education Autism Team
Sheffield Education Autism Team is an educational support service which supports schools and educational settings to meet the needs of children and young people with social communication difficulties, including autism. We offer direct work with children and provide advice and support to parents and professionals.
The aims of the service are to ensure children have their needs met as locally as possible. We strive to ensure children and young people make good progress in their learning and development and are able to enjoy and contribute to their local communities. We will use the information you give us so that we can provide the following services:
- working with schools and education settings to make them more autism friendly
- providing parental support, advice and guidance
- offering support when children move into school or start a new school
- providing intensive support to individual children/young people when they are vulnerable and their school is struggling to cope with their needs
- working collaboratively with the Ryegate Children’s Centre to assess children/young people and to offer post-diagnosis support
Early Years Inclusion Service
The Sheffield Early Years Inclusion Service supports young children with complex needs at home and during the transition into early years settings. The team includes Specialist Teachers and Teaching Assistants who work with young children who have additional needs. The team also includes Portage Home Visitors who work with under-3s in their homes. We also offer an extensive range of training for practitioners working with children with additional needs.
We take referrals from parents, health professionals and nursery staff. We use the information you give us to help us work with and support children from birth to the end of foundation stage, both in their homes and in early years settings.
Service for Deaf and Hearing Impaired Children
Sheffield Service for Deaf and Hearing Impaired Children is an educational support service for deaf and hearing impaired children and young people from 0-25. We aim to enable appropriate access and inclusion, in order that children and young people fulfil their potential. We will use the information you provide to us to help us carry out our duties, which involve:
- providing support to families at home
- visiting mainstream nurseries and schools to provide support
- providing support to children via Integrated Resource Provision (where specialist staff are based at a number of mainstream schools to help meet the needs of deaf and hearing impaired children)
Vision Support Service
Sheffield Vision Support Service is an educational support service for visually impaired children and young people from 0-25. Our team consists of qualified specialist teachers, specialist teaching assistants, habilitation officers and curriculum support staff. Our focus is to ensure the best outcomes for children and young people with a visual impairment.
We use the information you give us to provide children and young people with ongoing support to enable each child or young person to reach their potential and develop skills to become independent adults who are included in all aspects of their community. We aim to ensure support is given to families, and we work with educational settings to ensure that all children and young people have access to, and are fully included in, all aspects of the curriculum.
Who we will share your information with
We work in a coordinated way with other children and young people’s services in Sheffield City Council and with partner organisations to ensure we deliver the best possible outcomes for children and young people with SEND in Sheffield, and to ensure we are fully compliant with the Children and Families Act 2014, associated regulations and Code of Practice.
We will share your information with the following parties:
- Council departments – to help provide you or your child with appropriate services, to speed up our assessment and planning processes and to help inform our commissioning service. We operate a ‘tell us once’ approach to sharing information during the assessment and planning process so that families and young people do not have to repeat the same information to different departments, or different practitioners and services within each department
- other local authorities (education, social care and relevant housing and employment and other services) – we are required by law to share certain information with other local authorities. If you or your child have an EHC Plan and move to another local authority, we are legally required to transfer the EHC Plan to the “new” authority
- education providers – we share data with education providers to help them provide appropriate services and support for children, including through agreed locality processes. We also share your data with education providers as part of the EHC Needs Assessment process and when consulting with providers to decide whether to name them in your EHC Plan or your child’s EHC Plan. We are required by law to send a copy of your EHC Plan or your child’s EHC Plan to any provider with which we consult and to the provider named in Section I of the EHC Plan
- Clinical Commissioning Groups (CCGs) and NHS Trusts – health partners are provided with information to assist them with understanding the health needs of children living in Sheffield and this is used for the planning, commissioning and development of health services
- The Department for Education – local authorities are required to pass on some information (but not the names of individual children) to the Department for Education (DfE) which uses it to help with their policy development, local authority performance management and funding, and to assist with the development of good practice
- Sheffield SEN & Disability Information, Advice & Support service (SSENDIAS) – SSENDIAS is an impartial and confidential service responsible for providing information and advice about matters relating to SEN or disabilities to children, their parents or guardians, and young people. We will share information with SSENDIAS if they contact us to ask for information
In addition, we are required by law to disclose a child or young person’s EHC Plan for specified purposes or in the interests of the child or young person. You can read more about these specified purposes in the Special educational needs and disability code of practice: 0 to 25 years (at 9.211) or in the Special Educational Needs and Disability Regulations 2014 (at regulations 17 and 47). The specified purposes include:
- disclosure to the First-tier Tribunal (Special Educational Needs and Disability) when the child’s parent or the young person appeals, and to the Secretary of State if a complaint is made to him or her under the Education Act 1996
- disclosure on the order of any court or for the purpose of any criminal proceedings
- disclosure for the purposes of investigations of maladministration under the Local Government Act 1974
- disclosure to enable any authority to perform duties arising from the Disabled Persons (Services, Consultation and Representation) Act 1986, or from the Children Act 1989 relating to safeguarding and promoting the welfare of children
- disclosure to Ofsted inspection teams as part of their inspections of schools or other educational institutions and local authorities
- disclosure to any person in connection with the young person’s application for a Disabled Students Allowance in advance of taking up a place in higher education, when requested to do so by the young person
- disclosure to the principal (or equivalent position) of the institution at which the young person is intending to start higher education, when requested to do so by the young person
- disclosure to persons engaged in research on SEN on the condition that the researchers do not publish anything derived from, or contained in, the plan which would identify any individual, particularly the child, young person or child’s parent. Disclosure in the interests of research should be in accordance with Data Protection law and wherever possible should be with the knowledge and consent of the child and his or her parent or the young person
- disclosure to the person in charge of any relevant youth accommodation for the purposes of the provision of education or training for a detained person
- disclosure to a youth offending team for the purposes of the provision of education or training for a detained person
How long we will keep your information
We hold your information in physical case files and on an electronic database.
We hold the information obtained as part of the referral, assessments, decisions and outcomes for 32 years from the child’s or young person’s date of birth, after which it will be destroyed.
However, we are currently required to retain all data relating to children and families that we have worked with indefinitely to meet the requirements of the Independent Inquiry into Child Sexual Abuse. When the Inquiry concludes, and we are no longer required to retain all records, our usual data retention rules will be applied.
Your rights
You have rights under Data Protection law. For further details about your rights and your right to make a complaint contact our Data Protection Officer.
Special Needs Inclusion Playcare Service
The Special Needs Inclusion Playcare Service (SNIPS) is run by Sheffield City Council to help disabled children and young people (aged 5-18 years) to access after-school clubs, Saturday clubs and holiday clubs, to give their parents a short break from caring. This privacy notice also covers Short Break Grant Applications and Child Care Direct Payment.
SNIPS arrange social activities for children and young people when they are experiencing a barrier to accessing an activity as a result of their disability.
The information we collect from you
We need to collect personal data to provide these services, which may include:
- details about your child (name, address, date of birth, gender, ethnicity and diagnosis)
- how your child’s disability or medical condition impacts on daily life
- the school your child attends and any other relevant agencies involved with your child
- details about you (your name, address, telephone number, email address and date of birth)
- your nationality and immigration status
- your ethnic origin – you don’t have to answer this question, but we use this information to monitor equality and diversity and ensure that all customers receive fair treatment
- evidence of whether or not your child is in receipt of DLA to check eligibility for Short Break Grants
- your bank details (in order to make payments where necessary).
- details of your employer and your working pattern (if you are applying for childcare for working parents)
- details of anyone else that you and your child live with
How we use your information
We use the information that you have given us to:
- assess your child’s eligibility for a short break, a short break grant or a Child Care Direct Payment
- provide an appropriate short break
- enable integrated working with other Children’s Social Care teams and organisations to ensure you and your child receive the right support at the right time
- evaluate and quality assure the services we provide to children and young people with disabilities
- inform future service provision and the commissioning of services
Under data protection law, we need to have a lawful basis to process personal data. SNIPS relies on the following conditions:
- Processing is necessary for compliance with a legal obligation, such as those set out in the Children and Social Work Act 2017; Children and Families Act 2014; Children Act 1989 and Chronically Sick and Disabled Persons Act 1970 (Article 6(1)(c) of UK GDPR)
- Processing is necessary for performance of a task carried out in the public interest (Article 6(1)(e) of UK GDPR)
- Processing is necessary for reasons for substantial public interest (Article 9(2)(g) of UK GDPR)
- Processing is necessary for the provision of social care (Article 9(2)(h) of UK GDPR)
Who we share your information with
SNIPS may share your personal data with other Local Authority services to manage our relationship with you, and to help us deliver the best services we can.
We may also share your personal data with the providers of short break activities.
On occasion, we may have a duty to share your personal data with:
- Sheffield Safeguarding Hub, the Sheffield Adult Safeguarding Partnership or another statutory agency for safeguarding purposes or where safety may be at risk
- emergency services and healthcare professionals for your child’s vital interests and safeguarding
- our regulators, such as Ofsted (in the event of a local authority inspection of children’s services), the Local Government and Social Care Ombudsman or the Information Commissioner’s Office
How long we keep your information for
We hold personal data in line with the Council’s retention schedule. SNIPS records are normally kept for 32 years from your child’s date of birth. Occasionally, we may need to keep the records for longer, for example, if your child is looked after or adopted.
At the end of the retention period, the information is reviewed and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this, personal information will be securely destroyed.
Your data protection rights
If you have any queries, concerns or complaints about the way we process your personal data, you can contact the Council’s Data Protection Officer at dataprotectionofficer@sheffield.gov.uk.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can also complain to the Information Commissioner’s Office. Their contact details can be found at https://ico.org.uk/.
Taxi licensing
How we will use your information
The information provided to us will be used to help us process your application for a licence.
We have a statutory duty under the Local Government (Miscellaneous Provisions) Act 1976, Town Police Clauses Act 1847 (and associated regulations and amended legislation) to ensure that those we licence are fit and proper persons. To deliver these we need to collect and use personal information of those using or affected by these services.
Your personal data is collected and processed as per Article 6(1)(c) and Article 6(1)(e) of the UK General Data Protection Regulation. Some information we collect is regarded as special category data, for example your medical history. In order to process this information, we rely on Article 9(2)(g) in that processing is necessary for reasons of substantial public interest. We process criminal offence data for statutory and government purposes, and for the safeguarding of children and individuals at risk (Schedule 1 Part 2 Paragraphs 6 and 18 of the Data Protection Act 2018).
Who we will share your information with
We may share your information with the following third parties, including:
- Driving and Vehicle Licensing Agency (DVLA)
- Disclosure and Barring Service (DBS)
- Taxi Plus
- Big Change App (online applications)
- Home Office
- NR3 National Register of Taxi Licence Refusals and Revocations
- Department for Environment, Food and Rural Affairs (DEFRA)
- other Licensing Authorities
- other Council services
- any other service/organisation as referenced in the Town Police Clauses Act 1847 and the Local Government (Miscellaneous Provisions) Act 1976
We are required to maintain and publish Public Registers, which includes data of licence holders.
We will also share data with the Cabinet Office for the purposes of a data matching exercise called the National Fraud Initiative. The purpose of the exercise is to detect fraud and error. The Council is legally required to participate in this exercise.
How long we will keep your information for
The information you provide will be kept for the duration of your licence, plus six years, after which time it will be deleted. The information will be stored either in paper form and/or electronically on a secure council database.
In the event that your licence is revoked, or an application refused, information will be uploaded to the NR3 Register and the information kept for 11 years.
What are your rights
You have rights under Data Protection law. For further details about your rights, the contact details of our Data Protection Officer and your rights to make a complaint please see our Data Protection web page.
Changes to this notice
We reserve the right to update or modify this notice at any time. Any changes will be reflected on our website and will become effective immediately upon posting. We will inform you of any significant changes via email from govDelivery. This notice was last updated on 1 August 2024.
Team Around the Person
How we use your information
Team Around the Person (TAP) is a service that brings agencies together to identify the health and wellbeing needs of an individual and create and implement a suitable action plan for their care and support.
TAP is for individuals living in the city of Sheffield who have presented one or more health and wellbeing needs and have been identified as needing new or different professional support, and/or who are at risk of going into crisis care due to escalating needs which requires an integrated approach to services.
We need to process personal data to carry out this service that may include:
- personal details, such as name, title, addresses (current and previous) contact numbers, and personal email addresses, National insurance numbers (where applicable)
- family details including names, date of births, gender and relationships to the individual
- personal demographics including date of birth, gender, ethnicity
- involvement with any statutory services such as Social Care or Housing and Homeless
- involvement with health services including doctors, consultants, nurses, care providers and Mental Health Services
- involvement with housing, voluntary/community and faith sector organisations, personal and family support services eg drug and alcohol support services, domestic violence refuges etc
- involvement with the Police and/or probation
- enquiries made with council tax, housing services
We process this information under our public task, which comes from our responsibilities under the Care Act 2014 and related legislation. We process your Special Category data (eg Health) for Health and Care purposes under Schedule 1 Part 1 of the Data Protection Act 2018, or for safeguarding purposes under Part 2 (18).
Who will we share your information with
We will only share your information with agencies to ensure you receive the appropriate and/or required care. This may include:
- health services (Clinical Commissioning Group (CCG))
- urgent and emergency services
- care home providers/home care providers
- education providers
- other services in the local authority such as Adult Social Care and Housing and Neighbourhoods
You can say that you do not want us to share your personal information with other individuals or organisations at the very start of our contact with you or at any time. If you do not want your personal information shared, then you should speak with the TAP Coordinator or a professional involved in your case and tell them about your concerns.
It is important to remember that if we are not able to pass your information to other organisations, this may then reduce the options available, delay or on occasion prevent you from getting the help you need.
In certain circumstances your personal information may need to be shared against your wishes if there is a legal requirement for us to do so. For example, if there is a risk of harm to you or another person or providing information to courts if there are legal proceedings or a court order to prevent crime.
We have a senior person responsible for protecting the confidentiality of your information and enabling appropriate information sharing. This person is called the Caldicott Guardian,and Simon Richards is the Caldicott Guardian for Adult Social Care.
How long we keep your information and how it's stored
We keep information about you whilst we have a relationship with you and for up to 10 years after this. Specific retention periods will vary based on the legal requirement or accepted business practice.
Our IT security and confidentiality policies ensure that your information is protected and available only to staff directly involved in your care.
Telephony Service
We use the following systems and providers to deliver our telephony service. We record calls to some of our services and hold call data for calls made to and from the Council.
Data we collect
Microsoft Teams
We collect call data. This has a 90 day retention period.
We don't collect call recordings.
Content Guru: Storm Cloud Contact Centre
We collect call recordings. These have a 90 day retention period.
We collect call data. This has a 3 year retention period.
Content Guru: Storm Cloud Contact Centre Natural Language Processing
We collect call data. This has a 3 year retention period.
We don't collect call recordings.
Nasstar Cloud Professional Services: telephony carrier
We collect call data. This has a 90 day retention period.
We don't collect call recordings.
Vodafone: mobile telephony carrier
We collect voicemail recordings. These are retained until deleted by the user. We don't collect any other call recordings.
We collect call data. This has a one year retention period.
Definitions
Call recordings
Call recording is the ability to record a voice conversation held on the Council's telephony solution. Active inbound, outbound or conference calls can be recorded and then stored as a digital file to be listened to or transcribed at a later stage. Call recording is also known as phone recording or voice logging.
Call data
Call data is information from calls such as, time and date of call, Council Service called, telephone number making the call, wait time and length of call.
Natural Language Processing
The caller is asked to speak a response to a question to a recorded message. The response is then automatically transcribed by the system and used to compare the transcription against a list of expected responses. This allows the system to route a call accordingly.
Dual-tone multi-frequency signalling (DTMF)
DTMF technology provides the ability for callers to provide information such as, reference numbers, or select options, using the numbers and symbols on their telephone keypad. For example, a caller may be presented with five options. They can then select the desired option by pressing the corresponding number on their telephone keypad.
Mobile telephony
Mobile telephony is the provision of telephone services to mobile phones rather than landlines.
Retention periods
A retention period is the length of time that we will hold data for.
Who is processing your data
All personal data held, is processed in accordance with data protection law. The data controller for the information outlined in this privacy notice is Sheffield City Council.
The Council makes a voice recording of calls in its Storm Cloud Contact Centre, in these areas:
- Corporate Contact Centre
- Feedback
- Fulfilment Team
- Housing
- Housing Solutions
- IT Helpdesk
- Parking Control Room
- Car Parking Notice Processing
- Call Recording
- HUB R&M
- Registry Office
- Out Of Hours Emergency Service
- Council House Repairs
- Revenues and Benefits
- Sheffield Safeguarding Hub
How we will use the information we hold about you
Call recordings are undertaken for the purposes of better provision of service to members of the public. Examples of how we use this information are for employee development and feedback, service quality monitoring and service improvement.
Call recording is stopped for all calls that are transferred to the Council’s telephone payment service as well as transfers to some internal departments and services outside of Sheffield City Council. Where a call is transferred to another organisation, they may make their own call recordings and should inform you of this.
Call recordings are by policy held for 90 days and then automatically deleted. Exceptions to this retention period can be made in the following circumstances:
- calls held for shorter than this period, usually when a right to be forgotten request is made
- calls held for longer than this period in response to:
- investigation of complaint or dispute
- criminal investigation
- legal claims
- employee feedback and training
- employee safety and wellbeing - a recording may become a vital piece of evidence in the event of any threats being made to the Council or an individual
The call data is used to monitor the demand for Council services and allow service delivery to be adjusted to meet demand. Examples of this are the volumes of calls received, waiting times of calls to be answered and the length of time spent speaking with an advisor.
Call data is held for three years.
Dual tone multi-frequency (DTMF)
The council uses the DTMF tones to allow callers to input information using their telephone keypad.
The uses of DTMF are:
- selecting menu option when contacting the Council's Contact Centre
- confirming spoken actions for calls using natural language
- inputting information such as reference numbers of account numbers and payment card numbers. Please note these inputs are not recorded as sound on the Council voice recording system
Natural Language Processing (NLP)
We are currently using Natural Language Processing in Housing Neighbourhood Support Teams. This allows calls to be automatically redirected via a caller’s verbal response to the question: What is your postcode? This reduces waiting times and allows human agents to spend their time on more complex calls. We will update this privacy notice with any further use of NLP.
How the law allows us to use your information
The legal basis for processing the data is:
It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. We have legal responsibilities to provide services for which customers need to contact us by phone. Our recordings ensure we can improve services by reviewing the quality of our responses.
It is necessary for the performance of a contract with our staff who are taking calls to ensure they meet the standards of customer service.
Who will we share your information with
We will not normally share your information other organisations. However, there may be certain circumstances where we would share without consent. For example where we are required to do so by law, to safeguard staff and for public safety, and where there is a risk of harm or emergency situations. We will only share the minimum information for the purpose, on a need-to-know basis and with appropriate individuals.
Waste Management and Recycling
How we use your information
Our Waste Management Team processes personal data as part of its role to provide waste management and recycling services to households and to businesses across Sheffield.
We are the data controller for the information we process, but we have a contract with Veolia who are also a Data Controller of your data, to provide household waste collections (including bin assistance, larger, additional bins or replacement bins, bulky, clinical or green waste collections) and to manage and dispose of the waste taken to landfill sites and incinerator.
To provide the household waste collections we only need your information if you are reporting an issue, ordering additional services like bin assistance, specialist waste, or additional bins. In these cases we need your:
- name, address and contact details
- date of birth (assisted collections only)
- details of the service required
- proof of entitlement or health information for additional or assisted collections
- financial details where charges apply
For our Household Waste Recycling Centres, we may need to collect your personal information if we need to issue you with a permit if you intend to visit in a permitted vehicle. This information will be the same as above, but also the details of the vehicle that you will use including make, model, colour and registration number. In some cases you may need to provide supplemental information such as your V5.
We also arrange the removal of abandoned vehicles, which means we access the registered keeper details (from the DVLA) and may contact you to confirm the car needs to be moved and if that doesn’t happen, to have the vehicle removed.
We carry out these waste management and recycling duties under the Environmental Protection Act 1990, Waste Emissions and Trading Act 2003, the Controlled Waste Regulations 2012, the Waste Framework Directive, Waste Management Licensing and Environmental Permitting, Waste Electrical and Electronic (WEEE) Regulations and the Refusal Disposal (amenity) Act 1978.
For the purposes of the General Data Protection Regulations the following article 6 and 9 conditions apply:
- article 6(1)(e) processing is necessary for the performance of a public task and where a contract has been agreed eg additional waste collections
- 6(1)(b) for the performance of a contract and for special category data (health, for example)
- article 9(2)(h) substantial public interest for statutory purposes
How we share your information
We will share information with Veolia to aid for the collection and disposal of your household waste. We use the registered keeper’s vehicle details held by the DVLA.
We will share information without your specific consent where is lawful to do so, for example, to support community safety, to prevent or detect crime, etc.
How long your information will be kept
When a customer contacts the Council to report a concern or to request a waste management service, the details are logged onto the Council’s systems. They are also forwarded to Veolia to log onto their Customer Relationship Management System to carry out the service, where needed. These requests are kept for 3 years.
For abandoned vehicles, a new case file is created for each abandoned vehicle on the Council’s system and held for 6 years.
Website advertising
The Council Advertising Network are responsible for delivering advertising on our website. Please take a moment to read their privacy policy which includes cookie information and details on how to opt out.
Yorkshire and Humber Shared Care Record
How we will use your information
We participate in the Yorkshire and Humber Health Care Record.
The Yorkshire and Humber Care Record is a shared system that allows Healthcare staff within the South Yorkshire Health and Social Care community to appropriately access up-to-date and correct information about patients to deliver the best possible care.
This processing is necessary to perform a public task (UK GDPR Article 6(1)(e)) and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).
Who we will share your information with
We will share your information with:
- NHS Trusts
- GP Practices
- Social Care Providers (Local Authorities)
- Ambulance Service
This is for the purpose of direct care.
How long we will keep your information
The Yorkshire and Humber Care Record does not store information, rather it offers a “view” of each organisation’s data.
What are your rights
The Yorkshire and Humber Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. If you would like any further information, or would like to discuss this further, please contact the Yorkshire and Humber Care Record on 0113 206 4102 or hnf-tr.yhcr@nhs.net.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to contact the Information Commissioner’s Office: Make a complaint.
Withdrawal of use of image consent
If you have given consent for your image to be used in communications but now wish to withdraw it please contact communications@sheffield.gov.uk.
How we collect personal information
We collect personal information in a variety of ways, such as through paper or online forms, telephone, face to face meetings, by email and letters. We also record images of people through CCTV.
This information may have been provided directly by you, your representative, a member of staff or by another organisation where there is a legal reason for them to share your information with us.
Contact Data Protection Officer
Supporting information
Is this page helpful?
You might also like…