Winchester City Council, City Offices, Colebrook Street, Winchester, Hampshire SO23 9LJ is a data controller and is registered with the Information Commissioner under registration number: Z5730734.

The Council’s Data Protection Officer is Fiona Sutherland who can be contacted by phone on 01962 840222, in writing to the Council’s offices or by email to: legal@winchester.gov.uk

Personal information (or “data”) is any information about a living person. Although this is often information such as your name, address and contact details, it can also be information that is more sensitive and so needs more protection. This can include information about :

• race or ethnic origin
• politics, religion or trade union membership
• genetics or biometrics
• physical or mental health
• sex life or sexual orientation
• criminal convictions or offences

This is called “special category” data .

We will collect and use your personal data  in accordance with data protection laws (the General Data Protection Regulation and the Data Protection Act 2018). We are required to keep your personal information accurate and up-to-date, not to collect more information about you than we need and not to keep your information for longer than necessary.  

We also take suitable technical and organisational measures using IT and policies, procedures and staff training to ensure that we use your personal data properly and do not lose or disclose it inappropriately to others.  

We can only use your personal information if the law allows us to. The main reasons are:

• you have agreed  (consent)
• we need to use the information to carry out a duty of the Council
• we need to use the information to perform a  contract we have with you
• we need to use the information to comply with the law
• we need to protect someone’s life

If we need to use your “special category” information, we must have  an additional reason.

If we use your personal information because you have agreed,  you can withdraw your consent  by writing to the Data Protection Officer.

The main reason that  we collect and use your information is because we need to deliver a service to you. We will always collect as little personal information as possible to enable us to do this.

We may share information within the council and sometimes with other organisations, such as the County Council, Police and government bodies. We will only do so where the law  allows  or requires that we share your personal data.

Your personal information may be processed by a third party, acting under a contract to provide services to the Council.

We do not sell your personal information to anybody else and  unless you have agreed, we do not allow third parties to use your personal information  for marketing purposes. 

We send an electronic copy of our newsletter to all customers of the Council for whom we hold an email address. The lawful basis for processing your personal data for the purposes of the newsletter is  “public task” as the purpose of the newsletter is to keep you informed about delivery of Council Services.   We use the newsletter for public information and not for direct marketing purposes.

Our current service provider for the newsletter is Mailchimp which is based in the United States.   Mailchimp, through its parent company, Intuit  is signed up to   EU-U.S. Data Privacy Framework and the UK Extension to the Framework which provides assurances as to their level of protection for your data. We have also carried out a Transfer Risk Assessment in order to assess and mitigate against any risks arising from the transfer of data to Mailchimp in accordance with good practice recommended by the Information Commissioner.

For more information about how the Council handles your personal data, please see the rest of the information on this page. 

Winchester City Council is required by law to protect the public funds it administers. We may share information with other organisations responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

National Fraud Initiative

Privacy notice – data matching under the National Fraud Initiative

The Cabinet Office is responsible for carrying out data matching exercises.

Data Matching

We participate in the Cabinet Office’s National Fraud Initiative (NFI), which is a data matching exercise to assist in the prevention and detection of fraud against us and organisations in the public sector. Data matching involves comparing computer records held by us - which will usually contain personal information - against other computer records we hold or are held by others, to see how far they match. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Use of data and consent

The legal basis for processing is legal obligation. The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under current data protection legislation.

Data to be provided

We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise. The data specifications for the NFI exercises can be found on the NFI webpages. Under the Local Audit and Accountability Act 2014, we are a mandatory participant in the NFI and consequently are required to provide the following data sets to the Cabinet Office as part of the data matching exercise:

• Creditors history

• Creditors standing data

• Council tax

• Housing benefit claimants

• Payroll

• Resident parking permits

• Taxi driver licences

• Electoral register

• COVID-19 business grant company check

Sharing your information

Data will be submitted to the Cabinet Office and shared with other NFI participants including public and private sector organisations.

Data retention

Data extractions prepared for submission to the NFI and data downloads from the Cabinet Office are held by us until the next NFI exercise commences. In addition, progress reports concerning the results of participation in the NFI are presented to our Audit Committee. The Cabinet Office have their own NFI privacy notice and retention periods.

Your rights

Should you wish to raise any concerns about how we have processed your personal data you can contact our data protection officer, email: legal@winchester.gov.uk or write to:

Data Protection Officer, Winchester City Council, City Offices, Colebrook Street, Winchester, Hampshire SO23 9LJ. 

You also have the right to contact the Information Commissioner.

Changes to this privacy notice

We will regularly review and update this privacy notice to comply with changes in Data Protection legislation and/or NFI requirements. This notice was last updated on 12 October 2022.

Find out more

Further information about the NFI process can be found on the NFI webpages. This includes the Code of Data Matching Practice, which was approved by Parliament in September 2018.

In some circumstances the law gives you rights to control what and how your personal data is used. Not all apply – it will depend why we hold and use your  information.

• you have the right to ask for information we hold about you
• you  have the right to ask for information to be corrected
• you have the right to ask for information to be deleted (the right to be forgotten)
• you have the right to ask to limit how your information is used
• you have the right to object to your personal information being used
• you have the right to ask to transfer your personal data to other organisations in some circumstances
• you have certain rights about automated decision making and profiling.

Where we are only allowed to hold your personal data  because you have provided your consent to us, you have the right to withdraw consent.

If you wish to ask for information that we hold about you or exercise any of the other rights mentioned above, there is  normally no charge.  We have one month to deal with your request although this can be extended by a further two months if the request is complicated.

We will ask you for some information so we are sure of your identity before we can deal with a request. The procedures for submitting a request for your personal data or exercising any of the other rights are explained in more detail in our Data Protection and Privacy pages.

We only keep your information for as long as we need it and in accordance with the Council’s Retention Policy ^{(docx, 448kb)}.

If this document is not yet available, and you would like information about our Retention Policy and how long we keep your personal data for, please contact our Data Protection Officer.

The Council records all telephone calls made to our main switchboard (Customer Service Centre). This is to help with staff training, to maintain records of conversations, to help with the detection, investigation and prevention of crime. Calls to other numbers may be recorded – usually when transferred from our Customer Service Centre.

We will tell you if your call is being recorded.

If you have any queries or complaints about the way we handle your personal data, or if you wish to report a personal data breach to us, we would encourage you to contact the Council’s Data Protection Officer who will work with you to advise you and try to resolve any problems. 

If you prefer to seek independent advice or we have been unable to resolve any issues satisfactorily,  you can contact the Office of the Information Commissioner: www.ico.org.uk