Revenues and benefits privacy notice - Dorset Council
We ask that you read this privacy notice carefully as it contains important information on:
- who we are
- how and why we collect, store, use and share personal information
- your rights in relation to your personal information
- how to contact us and supervisory authorities in the event you have a complaint
Who we are
Dorset Council revenues and benefits service collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation and we are responsible as ‘controller’ of that personal information.
The personal information we collect
Information collected by us
For the purposes of service delivery we need to collect personal information from you – the amount of information we need will depend on which service you use (but not limited to):
- property address
- property tenure
- correspondence address
- the way you trade as a business and any company registration number
- evidence of Council Tax liability outside of our area if applicable
- National Insurance Number
- date of birth
- contact details (e.g. phone number, email address, etc)
- income details for yourself and household members
- savings details
- bank details
- employer details for yourself and household members
- details of people living with you
- landlord details
- contact details of your doctor – in limited circumstances
- student and relevant course details
- we may also collect the names and contact details of anyone you have appointed to act on your behalf and this may include their bank details
Information collected from other sources
We may also obtain personal information about you or members of your household from other sources as follows:
- landlords and housing associations
- letting agents
- other councils
- solicitors and conveyancers
- outgoing occupiers
- Department for Work & Pensions
- Pension Service
- HM Revenues & Customs
- Land Registry
- credit reference agencies
- Valuation Office Agency – in limited circumstances where legislation permits us to
- council departments (such as electoral registration, planning, building control, housing, customer services, etc)
- Cabinet Office – National Fraud Initiative
- Government ‘Tell Us Once’ Service
- enforcement agents
- Citizens’ Advice
- Debt Collection and Welfare Services
- Official Receiver
- Dorset Council Adult Social Services
- Dorset Safeguarding team
How we use your personal information
We use your personal information so that we are able to deliver the highest quality service to you. This includes:
- maintaining the property database for Council Tax and Business Rates
- administering the award of discounts, exemptions and reliefs
- calculating liability and changes for Council Tax and Business Rates
- calculating overpaid Housing Benefit
- billing and collecting monies for Council Tax, Business Rates, Housing Benefit Overpayments and Sundry Debts
- processing claims for Housing Benefit, Council Tax Support and/or Discretionary Housing Payments
- refunding overpaid Council Tax, Business Rates and Housing Benefit invoices
- paying Housing Benefit
- providing personal budgeting support and assisted digital support
- defending our decisions at a Valuation Tribunal
- defending our decisions and applying for a liability order at a magistrates’ court
Detection and Prevention of Fraud
The personal information we have collected from you may be shared with fraud prevention agencies (such as CIFAS) who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. In appropriate cases, the council and fraud prevention agencies may also share personal information with law enforcement agencies to detect, investigate and prevent crime.
See more information about how your information will be used by us and these fraud prevention agencies, and your data protection rights.
The legal basis for using your information
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 require that we must have a legal reason, or reasons, to collect and use your information. There are six specified reasons within the GDPR and, of those, the following reasons are applicable to revenues and benefits services:
1. "Legal Obligation" is where we need to process your personal data to comply with a common law or a statutory obligation - the legislation enabling us to process your personal information includes, but is not limited to:
- Local Government Finance Act 1988 (and subsequent amendments and associated statutory instruments)
- Local Government Finance Act 1992 (and subsequent amendments and associated statutory instruments)
- Social Security Administration Act 1992 (and subsequent amendments and associated statutory instruments)
- Housing Benefit Regulations 2006 and Housing Benefit (State Pension Credit) Regulations 2006
- Housing Benefit and Council Tax Benefit (Decisions and Appeals) Regulations 2001
- Housing Benefit and Council Tax Benefit (Consequential Regulations) 2006
- Discretionary Financial Assistance Regulations 2001
- Rent Officers (Housing Benefit Functions) Order 1997
- Social Security (Information-sharing in relation to Welfare Services, etc) Regulations 2012
- Welfare Reform Act 2007 and 2012
- Localism Act 2011
- Tribunal, Courts and Enforcement Act 2007
- Taking Control of Goods Act 2013
2. “Public Task” is where the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
Who we share your personal information with
Your personal information will be treated as confidential but it may be shared with other Council services and organisations in order to ensure our records are accurate and up to date, and to improve the standard of service we deliver. We will only use your information in ways which are permitted by the General Data Protection Regulation and Data Protection Act.
As Dorset Council has a duty to protect the public funds it administers we may use the information you have provided for the prevention and detection of fraud. This may involve using Credit Reference Agencies to check that our records are accurate.
We use a range of organisations to either store personal information or to help deliver our services to you. Sometimes we have a legal duty to provide your personal information to other organisations, for example the Court Service, DWP or HMRC.
Those that we share information with are:
- other council departments (such as planning, building control, housing, customer services, electoral registration, adult services, children's services, street naming and numbering etc). This list is not exhaustive
- other councils or partnerships (such as Bournemouth, Christchurch and Poole Council)
- government departments (such as Department for Work and Pensions, Her Majesty's Revenue and Customs, Valuation Office Agency, Valuation Tribunal Service, HM Court Service, Ministry of Housing, Communities & Local Government, The Cabinet Office, The Office of National Statistics)
- contractors providing revenues and benefits services (such as IT software support and data backup services, analytical software, credit reference agencies, resilience/processing services, mailing companies)
- Local Government Ombudsman
- enforcement agents
- judicial agencies (such as courts and tribunals)
- third sector organisations (such as Citizens Advice)
We may also share your information with the Dorset & Wiltshire Fire and Rescue Service (D&WFRS). D&WFRS has a duty to provide fire safety and prevention advice to local residents. To enable that, we have agreed to provide them with the name and address of those that receive a Council Tax single person discount. D&WFRS will compare this with their data to help identify those most likely to benefit from fire safety and prevention advice.
On occasion we may be required to share personal information with law enforcement or other authorities if required by applicable law. Where this occurs we will attempt to ensure that appropriate safeguards are in place.
As a mandatory participant of the National Fraud Initiative (NFI), we sometimes share personal data with the NFI. The purpose of this data sharing is to detect and prevent fraud. The NFI may share the personal data we provide with other bodies or organisations including: HMRC, the Department for Work and Pensions and IT suppliers to the NFI.
Our legal basis for sharing the data is that the processing is necessary for the performance of a task carried out in the public interest. Where we share special category data, our additional legal basis is that the processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.
The personal data we provide will be used by the NFI to match records across different data sources in order to prevent and detect fraud. More information about how the NFI use personal data
Data sharing enables us to ensure the best service is delivered to you. We do not anticipate that our data-transferring arrangements will involve a transfer outside of the European Economic Area (EEA).
We will not share your personal information with any other third party.
Whether information has to be provided by you, and if so why
The provision of the personal data (as set out above) is required from you to enable us to:
- bill, collect and recover Council Tax and Business Rates
- award and pay Housing Benefit, Council Tax Support and Discretionary Housing Payments
- invoice, collect and recover overpaid Housing Benefit
We will inform you at the point of collecting information from you, whether you are required to provide the information to us. If you fail to provide us with the information it may mean that we are unable to process your claim for benefit or reduce debts that you owe. In some cases, we may charge you a penalty for not providing us with information we have requested or you have deliberately provided us with wrong information. We will tell you about these penalties when we make the original request for information.
How long your personal information will be kept
We will hold the personal data provided by you for six years after your account has closed or ended, as stated in our retention schedule and in accordance with HMRC and Government Department rules.
Under the General Data Protection Regulation you have a number of important rights that may be exercised free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this privacy notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights you can visit the Information Commissioner's Office.
If you have any concerns about how we are using your information, we would ask that you contact us.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissionertelephone: 0303 123 1113.