Street Care services: Exposure to Vibration privacy notice
This privacy notice is designed to help you understand how we use personal information when delivering our duty in managing your exposure to vibration, we have set out below the services types, the information we may use to deliver the services, who we may share it with, and how long we will keep it.
Services covered within this privacy notice
Street Care services
Provides services such as street cleansing and grounds maintenance across the borough, using a variety of tools and machinery to execute this role.
Health and safety
Provides advice on health and safety to comply with the Control of Vibration Regulations and all related legislation, such as the HASAW 1974.
Information we hold about you
We only collect and use the minimum amount of personal information required when delivering a service to you. Wherever possible we use non-identifiable personal information.
The service will use some or all of the personal information below:
- information about you, this could include your name, address, date of birth
- employment and education details
- physical or mental health details
We get most of this information from you, but we will also get some of this data from a health and social care provider.
Why we need your information and how we use it
We use your information for the following to control employee exposure to vibration in accordance with health and safety legislation.
Who your information may be shared with
Sometimes we will need to share your information, but we will only do so where it is necessary or required by law. We will only share the minimum information for each circumstance.
We will sometimes need to share some of your information with:
- health service providers including NHS agencies (GPs, hospitals, ambulance, health visitor, mental health services)
- Government agencies (e.g. Department of Health, Department of Work and Pensions, Health and Safety Executive)
- local Government
- the HAVi (Provider)
We will also use data processors to support activities, for example by providing the systems we need or delivering services on our behalf.
- our case management system The HAVi
- other providers
The data controller
Ourselves and The HAVi jointly own the data is the Data Controller for this processing.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The lawful basis for the processing
Most of the personal information we process is provided to us directly by you, under the Data Protection Act 2018, the lawful bases we rely on for using your personal information are:
- we have a legal obligation (GDPR Article 6 (c)
- we need to protect your vital interests (GDPR Article 6 (d)
- we have a legitimate interest (GDPR Article 6 (f)
When we collect data about your race, health (including biometric or genetic data), sex life, sexual orientation, ethnic origin, politics or trade union membership, we also rely on the following lawful basis:
- we have a legitimate interest (GDPR Article 9 (2) (d)
- we need to collect it for Substantial Public Interest in order to comply with UK legislation (GDPR Article 9 (2) (g)
The legislation we rely on when using your personal information to meet our legal obligations or public tasks includes but is not limited to:
- Control of Vibration Regulations 2005
You can find a list of the legislation we rely on when using your personal information to meet our legal obligations or public tasks on our legislation page.
Protecting your information
Your information will be securely stored in The HAVi Offices, (server based in Sheffield)
How long will we keep your personal information?
We will only use your personal information whilst delivering the service to you and to deal with any questions or complaints that we may receive about this, unless the law requires us to keep it for a longer period. In practice, this means that your information will be kept for 40 years then deleted.
If we need to use your information for research or reports, your information will be anonymised and any information taken from notes (hand written or typed) during any consultation sessions will be securely destroyed. The information will continue to be used in a summarised and anonymised form in any research reports or papers that are published. The anonymised information in the papers may be of historic interest and may be held in public archives indefinitely
Under data protection law, you have rights including:
- your right of access - you have the right to ask us for copies of your personal information
- your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- your right to erasure - you have the right to ask us to erase your personal information in certain circumstances
- your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances
- your right to object to processing - you have the right to object to the processing of your personal data in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To make a request follow the instructions on our Data Protection for you page.
How to complain if you are unhappy about how your data is used
You can complain directly to our Data Protection team online or by post.
- Online: Contact the DPO
- By post: Data Protection Officer, The Portal, Wellington Road, Ellesmere Port, CH65 0BA
You also have the right to complain to the Information Commissioner’s Office using the following details:
- Information Commissioner's Office (ICO) website
- By post: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Telephone: 0303 123 1113
Will my personal information be accessible outside the UK?
Should the transfer of personal information outside of the UK become necessary, it will only take place if permitted by law, and then only where there are appropriate safeguards in place to protect the personal information.
Your information is stored within the UK.