We are committed to protecting your privacy when you use our services. This privacy notice explains how we use your information you and how we protect your privacy.
A list of services we provide will be available at the bottom of the page soon. Under each service we'll include more information about what we do with your data within that service, where it is different to the main policy below. We'll also provide information about who we may share your information with and why.
Our Chief Executive, Robin Porter, is the data controller for Luton Council. We have a data protection officer who makes sure we respect your rights and follow the law in the way we use your data.
If you have any concerns or questions about how we look after your personal information, please contact:
Data Protection Officer
Telephone: 01582 547335
If you want to see more information about the data our services collect about you please refer to our service privacy notices.
If you want to see more information about how we assess our privacy risks please refer to our privacy impact assessments.
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can identify you.
We may collect the following types of personal information about you depending on which services you receive from us:
Name, address, email, telephone number
Date of birth, gender, marital status, national insurance number, driving license, vehicle identification, passport, languages spoken, immigration status, ethnicity, sexuality, religion
Details of family relationships, marital status, family breakdown and relationships, next of kin, emergency contact details, child in local authority care
Employment and education:
Occupation, education history, qualifications, references, contact with other educational professionals/services, school exclusion history, special educational needs, school, teacher assessment judgements, attendance and attainment information, application history, CV, Interview notes/scores, proof of right to work documentation, proof of address, proof of identity, references, education and professional qualifications, disciplinary data, DBS number, DBS expiry, HCPC number (Social Work), trade union membership, trade union membership
Income, pensions, benefits and allowances, bank accounts, savings, investments, unique tax reference, property ownership, council tax, debt history, rent history, business activities, landlord details
Criminal convictions, cautions and restorative justice
Dentist and GP contact details, medical conditions including mental health, mental capacity assessments, history of substance abuse, smoking status, disability data, pregnancy data, blue badge number, NHS number, sexual health
Some of the personal information we might collect is more sensitive than others and is known as special category information. This may be information about your:
It’s often information you would not want widely known and is very personal to you. We will ensure this information is well protected and that we only use and share it if we have to.
We may need to use some information about you to:
For example we will process information about you when you make a claim or apply for:
This list is not exhaustive. When you use a Council service we will normally collect data about you in order to provide that service to you.
There are a number of legal reasons why we need to collect and use your personal information.
You have given clear consent for us to process your personal data for a specific purpose.
The processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.
The processing is necessary for us to comply with the law
The processing is necessary to protect your life
The processing is necessary for us to perform a task in the public interest or for our official functions as a public authority.
You have given clear consent for us to process your personal data for a specific purpose.
Employment, social security/social protection: Your data is necessary for employment or social security purposes
Vital interests: The processing is necessary to protect your life
Not for profit:
Your data is processed by a not-for-profit body that you belong to
You have already made your information publicly available
Legal defence claims:
It is necessary for legal cases or by the courts
Substantial public interest:
It is for the benefit of society as a whole
Adult social care:
It is necessary to deliver health or social care services
Public interest in public health:
It is necessary to protect public health
Scientific/historical Research, Statistics or Public Archiving:
It is necessary for archiving, research, or statistical purposes
If you want to see more information about the why our services collect data about you please refer to our service privacy notices.
We will only collect and use personal information if we need it to deliver a service or meet a specific requirement.
If we don’t need your personal information we will either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We will never sell your personal information to anyone else. Electoral registration information is accessible to the public and to specified organisations.
The law gives you a number of rights to control what personal information is used by us and how it is used by us. You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Right of access:
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For example we will not share confidential information about other people, information that a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing or information that may stop us from preventing or detecting a crime
Right to rectification:
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure:
You have the right to ask us to erase your personal information in certain circumstances.
Right to restriction of processing :
You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to object to processing:
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests
Right to data portabililty:
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated
Automated decision making and profiling:
You can ask to have any computer made decisions explained to you, and details of how we may have ‘profiled’ you. You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it. You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, for example, your health conditions. If we are carrying out any of these activities we will:
If we are processing your information for criminal law enforcement purposes, your rights are slightly different.
We may not always be able to change or remove information that we hold about you because in some cases we are required in law to retain it. However, where we can’t delete your data we will correct factual inaccuracies and might, in certain circumstances, include your comments in our record to show that you disagree with it. We will always provide a written response explaining our decision.
We cannot delete your information where:
If you would like to access your records or want to use any of the rights outlined above please use this online request form, Apply to access, amend, delete or restrict personal records.
Most of your data is obtained from you when you apply for our services. In addition we might receive information about you from other organisations that work with us to provide services for you. Examples of these organisations are:
As well as providing services to our citizens we are required by law to:
To help we may share and process the information provided to us in different ways. Including information held about:
We may also share information to ensure the safeguarding a child or adult. This is often because we need to give that data to courts, including:
For these reasons the risk must be serious before we can override your right to privacy.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share, who we shared it with and why we needed to share it. We will let you know what we’ve shared and why if we think it is safe to do so.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law and our own privacy standards. This is usually through a contract or an information sharing agreement.
Sometimes we have a legal duty to provide information to other organisations including:
In order to comply with our legal obligations to:
The Council may carry out data matching and data mining exercises. To do this we share information internally but we may also share information with other parties as set out in (please see 'Who do we share you information with' above)
When data matching or data mining exercises identify records which do not match further investigations are carried out to establish the facts.
Only once an investigation is completed is a decision made as to whether a crime or fraud has taken place. In the majority of cases records simply need correcting and thus these exercises help us to keep our records accurate and up to date.
In addition to the data matching and data mining that we carry out, the government also conducts its own data matching exercises, utilising its statutory powers. This is commonly known as the National Fraud Initiative (NFI).
We are required by law to participate in the NFI.
If you have any concerns about the data we hold about you or how we use it please contact:Data Protection Officer
Data sharing can bring important benefits to both the Council and its citizens, making your lives easier and helping us to deliver efficient services. It is important, however, that we have high data protection standards, sharing data in ways that are fair, transparent and accountable.
We will make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with any third party who may transfer it out of the EU.
If we need to send your information to an ‘unsafe’ location we’ll always seek advice from the Information Commissioner first.
There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention-schedule
For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.
If you have a questions or concern about how we are collecting or using your personal information, we would appreciate an opportunity to deal with your concerns before you contact the Information Commissioner’s Office (ICO).
You can raise your concerns by contacting our Data Protection Officer.Data Protection Officer
Or write to:Data Protection Officer
If you are not happy with our response or you would like independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:Information Commissioner's Office
To make this website work better for you and us we sometimes put small files or ‘cookies’ onto your device (for example your computer or mobile phone). Some of our cookies are essential, and parts of our site won’t work without them.
We use this information to:
Find out more about how to manage cookies.
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (for example your name or address) so this data cannot be used to identify who you are.