Adult social care privacy notice
Purpose for processing your information
The London Borough of Hammersmith & Fulham as Data Controller will be responsible for collecting and processing the majority of the Personal Data in relation to health and social care.
The Data Protection Act states that we must have a lawful basis or reason before we can start to collect or process your personal data. There are only 6 permissible reasons under the act which allows us to use your data and we must have at least one of these reasons.
For adult social care this is typically either:
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in us
Any questions regarding our privacy practices should be sent by email the Data Protection Officer for London Borough of Hammersmith & Fulham email@example.com or in writing to
The Data Protection Officer
Hammersmith & Fulham Council
Town Hall, King Street
London W6 9JU
Why we need your information and how we use it
Under the Care Act 2014 local authorities have a statutory obligation to provide relevant social care services for:
- service delivery
- service planning/improvement
We may also use your data for the prevention or detection of fraud/crime or research. When it is for research purposes it will be anonymised data only.
Your personal information is only used for a specified purpose or purposes but if we intend to use it for any other new purposes we will inform you. For instance, in some cases, the council may wish to use your information for another purpose such as related to improving and developing services, or to prevent or detect fraud. In any event our processing will always have a demonstrable lawful basis. Where practicable and reasonable we will always seek to inform you of any significant proposed changes to how we process or intend to process your personal data, in order to ensure full transparency over how we handle your information.
What is the source of your personal data?
In most cases, we will get obtain your personal data directly from you. If we get it from another source we will:
- inform you of the source within a reasonable period after obtaining the personal data, but at the latest within one month or when we first communicate with you using that information whichever is the earliest
- we will also tell you if we disclosure or envisage disclosing that personal data to another party.
We may collect information about you in various formats, for example by letter, email, face to face meetings or visits to your home, telephone, on-line forms.
We collect the following information:
When we have contact with you either in person, by phone, email, or any other form of communication we may need to collect and store the personal information about you or your family provided so that we can offer the appropriate service. The types of information we require from you will include at a minimum the following personal information, such as:
- date of birth
- national insurance number
- contact information
- telephone number
- email address
As well as personal information where applicable, we may collect and share additional information known as ‘Special Categories of Personal Data’ where appropriate including:
- health assessment
- professional’s referrals
- mental capacity assessments
- ethnic origin
- sexual orientation
- biometrics (where used for ID purposes)
Who the information is shared with either internally or externally
To meet our statutory obligations, as well as to provide you with a service where appropriate, we may need to share the information you provide us with other professionals such as:
- General Practitioners and other health professionals (including hospitals and mental health trusts). Information may be shared with health partners using the Community Information Exchange (CIE) with the Whole Systems Integrated Care Record (WSIC), more information on WSIC
- Commissioned Health Care Providers
- Other commissioned services such as home care, care home, day care and transport providers
- Internal departments within the London Borough of Hammersmith & Fulham
- Government departments including the Department for Work and Pensions, the Department of Health and Social Care, the Ministry of Housing Communities and Local Government or the Ministry of Justice
- The Metropolitan Police Service and other Police Services
- The London Fire Brigade and other Fire Services
- Probation Services
- Other Local Authorities (Children and Adults Social Care and Education Departments)
We will only share your information with internal departments and other service providers, contractors and/or partner bodies where it is necessary:
- to comply with a legal obligation
- to provide you with a service you have requested
- where permitted under the Data Protection Act 2018 (i.e. we have a lawful basis)
- where the disclosure is necessary for the purposes of the prevention and/or detection of crime
- where it is necessary to allow a third party working for or on behalf of the council
We will strive to ensure that any personal data in our care will be kept safe and that where your information is disclosed to a third party, we will seek to ensure that the third party has sufficient systems, processes and procedures in place to prevent the loss or damage of personal data.
Information collected is not used for marketing or sending out eNewsletters but social workers would provide families with information about local resources. We may also anonymise some personal data you provide to us to ensure that you cannot be identified and use this data to allow the Council to effectively target and plan the provision of services.
Data matching and auditing
We are required by law to protect the public funds we administer. We may use the information you provide to us for the prevention and detection of crime. We may also share this information with other bodies that are responsible for auditing or administering public funds including the Audit Commission, the Department for Work and Pensions, other local authorities, HM Revenue and Customs and the Police.
The Council uses data matching as a way of processing large volumes of information. While it is also an efficient way to identify crime for example, it also enables us to identify information that is inaccurate or out of date, which helps us comply with the Data Protection Act 2018. In certain circumstances, data matching also improves service provision through better use of data.
In addition to undertaking our own data matching to identify errors and potential frauds, we are required to take part in national data matching exercises undertaken by the Audit Commission. The use of data by the Audit Commission in a data matching exercise is carried out under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned.
How long do we keep your information?
We will only keep your information for as long as is required by law or in line with our stated retention schedule.
However, the Chief Executive of the Local Authority has received notice from The Chair of the Independent Inquiry into Child Sexual Abuse, established by the Home Secretary, instructing the Authority to retain any and all documents, correspondence, notes, emails and all other information – however held – which contain or may contain content pertaining directly or indirectly to the sexual abuse of children or to child protection and care.
Your rights under the Data Protection Act 2018 and access to your information
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
For more information on all of your rights, please see the Information Commissioner's website
As part of your overall rights you have the right to request a copy of the information that we hold about you. For information about how to request a copy of the information, see how to submit a Subject Access Request
Please visit our data protection pages for further details on how the council complies with the Data Protection Act 2018.
If you have any concerns
You have a right to complain to us if you think we have not complied with our obligation for handling your personal information.
Please see complaints information or contact us:
020 8753 2456
Room 229, Hammersmith Town Hall, King Street, London W6 9JU
If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner’s website. The Information Commissioner is the UK's independent body set up to uphold information rights.
If you have any concerns regarding our privacy practices or about exercising your Data Protection rights, you may contact the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 or 01625 545 745
Changes in your circumstances
You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.