Privacy statements and data protection


The Data Protection Act

The Data Protection Act 1988 (DPA) creates rights and responsibilities around how we handle the personal data we collect.
We are the Data Controller for the purposes of the DPA. As the Data Controller we have a duty to:
  • keep sufficient information to provide services and fulfil our legal responsibilities
  • keep your records secure and accurate
  • only keep your information as long as is required
  • collect, store and use the information you provide in a manner that is compatible with the DPA
In order to provide you with the service you require, there may be occasions when your information is shared with those who carry out work on our behalf.
Sometimes we may need to ask other agencies or organisations for relevant information about you to fulfil our legal responsibilities or to provide services.
We may pass your information to other agencies or organisations as allowed or required by law, for example to enable them to carry out their statutory duties or where it is necessary to prevent harm to yourself or other individuals.
The following statements explain more about the DPA and how we may use your data. They cover all of our functions and some are service specific ones. Please read the ones relevant to your queries.

Purpose of the act

The Data Protection Act 1998 is designed to cover the collecting, storing, processing and distribution of personal data. It gives rights to individuals about whom information is recorded.

This applies to all individuals whether they are an employee, elected member or a member of the public. Each individual has the right to access personal data, prevent processing likely to cause damage or distress and prevent processing for the purposes of direct marketing.

They also have rights in relation to automated decision taking, to take action for compensation if they suffer damage by any contravention of the act by the data controller, to rectify, block, erase or destroy inaccurate data and to make a request to the Data Protection Commissioner for an assessment to be made of the data controller if they feel that the act has been contravened.

The act places obligations on those who record and use personal data (data controllers). They must be open about the use of such personal data through notification to the Information Commissioner and they must follow proper practices by applying the data protection principles.

A copy of the act can be viewed at Her Majesty's Stationery Office website.

Your rights

You are legally entitled to request access to your records which are held by us, or to ask us to cease processing or correct an error in your personal data in relation to any council service.<.p>

We will seek to comply with your request but there may be some situations where we will not be able to do this in full, for example where there is a legal requirement or where information held was given in confidence by a third party.

To request access to your data, please make a written request, providing details of what you want access to. Be as specific as possible, for example, tell us the dates you want the information from, or the services they relate to.

You will need to bring your proof of identity documents to us before we can progress your request.

If you want us to cease processing of your personal data, or to report inaccuracies, please contact our Information Governance team. This may mean we are unable to provide the full services to you.

If you believe there is an error in the data we hold about you, please identify the error and provide the correct data. If we cannot correct the data, for example because it is an historical record of a professional opinion, we will keep a record of you request on your record.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Care of your data

We take seriously our responsibility to ensure that any personal information we collect and use is done so proportionately, correctly and safely. We will:

  • adopt and maintain high standards in respect of the handling and use of that personal data
  • only collect, hold and use personal data where it is necessary and proportionate to do so
  • securely delete any personal data when no longer needed
  • keep your personal data secure and safe
  • recognise that any personal data handled by us is held on behalf of that person and that we ensure we respect that responsibility
  • not unnecessarily and without good reason, infringe the privacy of individuals
  • consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new systems
  • be open with individuals about how we use their information and who we give it to
  • make it easy for individuals to access and correct their personal information
  • ensure that there are effective safeguards and systems in place to make sure personal information is kept securely and does not fall into the wrong hands
  • provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly
  • put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises
  • regularly check that we are living up to our promises and report on how we are doing

If you have any concerns about what we hold on you and how we handle it, please contact us:

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Data matching, mining and analysis

While providing services to our citizens, we are also required by law to:

  • prevent and/or detect potential fraud and crime
  • protect the public purse and/or minimise waste
  • make adequate provisions for safeguarding
  • make adequate provision for auditing
  • carry out emergency response planning

To help us to do this, we may share and process the information provided to us in different ways. This information includes that which is held in respect of:

  • antisocial behaviour
  • Blue Badges
  • council employee payroll
  • council employee pensions
  • council tax
  • electoral register
  • enforcement; trading standards, environmental health and waste
  • housing
  • housing cenefit and council tax reduction
  • insurance
  • investigations
  • leisure
  • libraries
  • licensing; merchants, dealers, market traders, taxi drivers/operators, personal/alcohol licences and HMO licensing
  • property; planning, building regulation, business rates
  • schools
  • contact centre (Customer Relation Records (CRM)
  • provision of council-funded services
  • information provided to the council to assist us in our legal obligations
  • other local authority records held in respect one or more of the above
  • information provided by external organisations:
    • credit reference agencies
    • social housing providers (including registered social landlords)
    • Bedfordshire Police and Bedfordshire Fire Service

Information Sharing

We share information internally, but we may also share information with other parties in order to fulfil our obligations or if it is required by law.

Other parties include the:

  • Cabinet Office
  • The Department for Work and Pensions
  • Department for Education
  • other local authorities
  • HM Revenues and Customs
  • the police
  • the fire services
  • credit reference agencies
  • service providers/contractors and/or partner bodies

Subject to our controls, security requirements and governance via the audit function, much of the information we share to prevent and detect crime, protect public funds and support the safeguarding function is done through data warehousing.

This is a very efficient and secure way of sharing information. The process of accessing information through a data warehouse is sometimes referred to as data mining.

Data matching

Applying the same controls as we do for data warehousing, we also carry out data matching. This is a more sophisticated way of processing large volumes of information.

While it is also an efficient way to identify crime for example, it also enables us to identify information that is inaccurate or out of date, which helps us comply with the Data Protection Act 1998. In certain circumstances, data matching also improves service provision through better use of data.


When the data matching or data mining processes identify records which contain contradictory or conflicting information, further investigation is undertaken to establish the facts (if not obvious). No assumption is made as to which record is correct or incorrect.

Similarly, it is only at the end of an investigation when all the facts have been established that we make a decision as to whether a fraud or crime has taken place for example. Where this is the case, the matter is dealt with in accordance with the relevant prosecution policy. In the majority of instances, records simply need correcting, although this sometimes results in changes in service provision.

Other data matching

In addition to the data matching and data mining that we carry out, the government also conducts its own data matching exercises, utilising its statutory powers. This is commonly known as the National Fraud Initiative (NFI).

We are required by law to participate in the NFI. More information can be found at the National Fraud Authority.

If you have any concerns about what we hold on you and how we handle it, please contact us using the details below.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Equalities data

We may use information about you ('equalities data') for the purposes of compiling statistical data about the population of the city at large and the take up of council services by various groups, both to assist in complying with their legal obligations and to assist the council in the effective planning and provision of future services. This may include:
  • ethnic background
  • language
  • gender
  • sexual orientation
  • age
  • disability
  • religious belief or practice
  • pregnancy
  • gender assignment
  • Such statistical data or statistical analysis will not allow the identification of any specific individual nor will it have any impact on any individual’s entitlement to council services and facilities

If you have any concerns or questions about how we hold and handle your data, please contact us.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

How and why we collect and use your information

We collect and process information, including personal data about the citizens we serve, to allow us to provide effective and efficient services.

We use your personal data within the rules set out in the Data Protection Act 1998. We process this data, including sharing between council services and service delivery partners for the following purposes:

  • for the purpose for which you provided the information eg using your benefit claim form information to process your benefit claim, and to monitor our performance in responding to your request
  • to ensure we meet our legal requirements
  • to allow us to communicate and provide services appropriate to your needs
  • where we are legally obliged to undertake data processing eg for licensing, planning enforcement, trading standards, food safety, prevention and/or detection of fraud and crime
  • to process financial transactions including grants, payments and benefits involving Luton Borough Council, or where we are acting on behalf of other government bodies eg Department for Works and Pensions
  • where you have consented to the processing
  • where necessary to protect individuals from harm or injury
  • where otherwise permitted under the Data Protection Act 1998, eg disclosure to comply with legal obligations
  • for businesses located in the Business Improvement District (Luton BiD), we will share details of payments and/or non-payments of BiD contributions, together with information about any associated recovery actions to the respective Luton BiD
  • to conduct surveys and research or statistical analysis that allows us to effectively target and plan the provision of services and contact residents who may benefit from them
  • to identify residents/users for the purpose of notifying them of proposed or planned changes to services that may affect them
  • to assist us in responding to emergencies or major accidents, by allowing us, in conjunction with the emergency services, to identify individuals who may need additional support in certain circumstances such as in the event of an emergency evacuation
  • to maintain and improve the services which we deliver, this includes developing and upgrading the systems which we use to process your information

If you have any concerns or questions about how we hold and handle your data, please contact us.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Other organisations

We may disclose personal data to third parties, but only where it is:

  • necessary, either to comply with a legal obligation, or where permitted under the Data Protection Act (where the disclosure is necessary for the purposes of the prevention and/or detection of crime)
  • necessary to allow a third party working for or on our behalf to carry out the function they have been asked to.

When we share data we do so in accordance with an appropriate information sharing agreement.

Other parties include:

  • Cabinet Office
  • Department for Work and Pensions
  • Department of Education
  • other local authorities
  • HM Revenues and Customs
  • the police
  • the Fire Services
  • credit reference agencies
  • service providers/contractors and/or partner bodies

We will strive to ensure that any personal data in our care will be kept safe and that where your information is disclosed to a third party, we will take steps to ensure that the third party has sufficient systems and procedures in place to prevent the loss of personal data.

Where we seek to disclose sensitive personal data, such as medical details, to third parties, we will do so only with your prior express consent or where we are legally required to do.

We will not use your personal data for third party marketing purposes without your prior express consent.

If you have any concerns or would like further information, please contact us.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Register Office privacy notice

Personal information which you are required by law to provide for a registration will be kept by the relevant local registration officer. The local registration officer to whom you supply information will also send a copy of this information to the General Register Office (GRO) for England and Wales so that a central record of all registrations can be maintained.

A copy of any register entry will be provided to any applicant, provided that they supply enough information to identify the entry concerned and pay the appropriate fee. The copy may only be issued in the form of a paper certified copy (a 'certificate'). An application for a certificate may be made to either the Local Register Office or to the GRO.

The GRO makes indexes, for the central record of registrations, publicly available in order to help members of the public identify the registration they might need. The Register Office also makes a local index available for this purpose.

The local Register Office may also choose to make the information contained within local indexes available on line. This will be done in order to help members of the public identify the registration they might need. Any information placed on line must be done in manner which is compliant with the Data Protection and Human Rights Act.

Additionally, confidential information for statistical purposes which you are required by law to give to the local registration officer, and other information provided voluntarily, will be passed to the UK Statistics Authority for the preparation and supply of statistics.

As well as providing certificates, local registration officers and the GRO may make registration information available to other organisations, for the following purposes:

  • statistical or research purposes
  • administrative purposes by official bodies e.g. ensuring their records are up-to-date
  • fraud prevention or detection, immigration and passport purposes For further information on data held by the Registrar General visit: HM Passport Office.

Staff at this local registration office will be able to provide further information on data held by the registration service.

If you have any concerns or questions about how we hold and handle your data, please contact us

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Visitors to our websites

When someone visits we use a third party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.

This information is only processed in a way which does not identify anyone. We do not make, and do not allow third parties to make, any attempt to find out the identities of those visiting our website.

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies by Luton Borough Council

You can read more about how we use cookies on our cookies page.

Search engine

Our website search and decision notice search is powered by an internal search engine. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected.

E-newsletters and e-updates

We use a third party provider to deliver our monthly e-update. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-update.

Online reporting tool

Using systems such as MyAccount, we collect information provided by members of the public. These companies are data processors for us and only processes personal information in line with our instructions.

Security and performance

We use online reporting tools hosted by a third party provider to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to our website.

People who call our contact centre

When you call us, we collect Calling Line Identification (CLI) information. We use this information to help improve our efficiency and effectiveness.

We may also record calls in order to help us deal with your enquiry and for training and monitoring purposes. Recordings may be kept of six months and are then securely deleted.

People who email us

We are part of the Public Services network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.

Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law and that enforcement action may be taken for any improper or offensive emails.

People who make a complaint to us

When we receive a complaint from a person we create a record containing the details of the complaint. This usually contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

If a complainant doesn’t want information identifying him or her to be disclosed, we will respect that in so far as we are able to within the confines of the law. We will not normally handle a complaint made on an anonymous basis.

We will keep personal information contained in complaint files in line with our Retention Schedule. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

We offer various services to the public. We use a third party to deal with some publication requests, but they are only allowed to use the information to send out the publications.

We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a bin to contact them about future changes to the service.

Job applicants, current and former LBC employees

When individuals apply to work at Luton Council, we will only use the information they supply to us to process their application and to monitor recruitment statistics.

Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed; it will then be destroyed or deleted.

We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment.

Once their employment with us has ended, we will retain the file in accordance with the requirements of our Retention Schedule and then delete it.

Complaints or queries on privacy

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information.

However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

Access to personal information

We try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form

To make a request to us for any personal information we may hold you need to put the request in writing, addressing it to our Information Governance department, or writing to the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Information Governance department.

Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the part of the organisation concerned and with other relevant bodies.

You can also get further information on:

  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics
  • our instructions to staff on how to collect, use and delete personal data
  • how we check that the information we hold is accurate and up to date


We are committed to the highest standards of quality information and every effort has been made to present up to date and accurate information.

However, the authority gives no warranty as to the accuracy of the information on this website and accepts no liability for any loss, damage or inconvenience caused as a result of reliance on such information.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated in January 2017.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Public Health data

Who do we hold information about?

We hold information about people we directly provide a service to and people for whom we have a responsibility for in respect of our public health functions. This will include:
  • residents of Luton
  • people receiving health and care services in Luton
  • people who work or attend school in Luton

Under our statutory obligation to provide a public health advice service to our local NHS clinical commissioning group (CCG), this also extends to people resident in Bedfordshire and Luton CCGs area, or registered with one of the CCG’s general practices.

Our Public Health service has a wide range of responsibilities around understanding the health, wellbeing and care needs of our local communities and ensuring that 'health inequalities' are tackled by improving the health of the poorest members of our community.

All local authorities have a duty to improve the health of the population they serve. To help with this, we use data and information from a range of source data, including data collected at the registration of a birth or death or from hospital episode statistics, to understand more about the health and care needs in the area.

How do we collect this information?

This information is collected in one of two ways. It may be provided to us directly by a member of the public when they sign up to use a service we are providing.

Additionally, it may be shared with us by another organisation due to us having a role in a service they are providing, or as part of research and intelligence necessary for Public Health functions, such as informing decisions on the design and commissioning of services.

This will include organisations such as:

  • national and local NHS bodies
  • Office for National Statistics
  • NHS Digital
  • local authorities
  • schools

How do we use the information?

The service uses information that identifies individual residents and users of health care in Luton, known as ‘personal identifiable information’, to enable it to carry out specific functions for which it is responsible, such as:

  • control of infection
  • managements of risks to public health
  • organising the National Child Measurement Programme
  • organising the NHS Health Check Programme
  • organising and supporting the 0-5 health service and school nursing services
  • working with NHS partners eg Better Together

The service also uses the information to derive statistics and intelligence for research and planning purposes, which include:

  • producing assessments of the health and care needs of the population, in particular to support the statutory responsibilities of the:
    • health needs assessments, including Joint Strategic Needs Assessment (JSNA)
    • Director of Public Health Annual report
    • Health and Wellbeing Strategy
  • identifying priorities for action
  • informing decisions on (for example) the design and commissioning of services
  • to assess the performance of the local health and care system and to evaluate and develop them
  • to report summary statistics to national organisation
  • undertaking equity analysis of trends, particular for vulnerable groups
  • to support clinical audits

In these cases, the information is used in such a way that individuals cannot be identified from them and personal identifiable details are removed as soon as is possible in the processing of intelligence.

How do we keep information secure and who do we share it with?

We are required to comply with the Data Protection Act to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.

Information is strictly made available only to key professionals who have a service need to see it. All staff are required to undertake regular training and to comply with policies and procedures around Data Protection, confidentiality and the safe handling of information.

We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time it may need to be referred to for a legal or business reason.

Information is only shared with other organisations where their involvement is required to provide a service, for us to comply with our Public Health responsibilities, or where we are under a legal requirement to share it.

The organisations we may need to share information with include organisations such as:

  • national and local NHS bodies
  • Office for National Statistics
  • Health and Social Care Information Centre
  • local authorities
  • schools

Any sharing will be assessed to ensure the organisations will meet the same standards of security and confidentiality as we do.

Accessing your information and further queries

The Luton Public Health Service is part of Luton Borough Council. For the purposes of the Data Protection Act, we are registered as a Data Controller with the Information Commissioner’s Office (registration humber Z6656500).

Further details about how we process personal data can be found in our registration via the Information Commissioner’s Office website. Our NHS Information Governance Toolkit status is also available to view.

Information Governance team

Business Intelligence

Luton Borough Council
Town Hall
George Street
Luton LU1 2BQ

Telephone: 01582 546398

Contact info
Information Governance team
Business Intelligence, Luton Borough Council, Town Hall, George Street,, Luton, LU1 2BQ
Tel: 01582 546398
rating button