Privacy Policy

  1. PRIVACY NOTICE

    On 25th May 2018 Data Protection Law changed, giving more rights to you as an individual and more obligations on organisations holding your personal data.

    One of the rights is the right to be informed, which means we have to give you even more information about the way in which we use, share and store your personal information.

    This Privacy Notice allows you to access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.

  2. How will we use your information?

    Your information will be used to provide you with services and personalise our service to you. If you agree, we will also use your information to tell you about other services we provide and events relevant to those services.

    Your information may be shared with our delivery partners to deliver your services or if required by law.

    We will not share your details with 3rd parties for marketing purposes unless you agree.

    You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the Information Commissioner’s Office.

  3. Personal data we collect

    Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it.

    We collect your personal data for a variety of purposes. You provide some of this data when you fill in a form (online or paper), when you speak to us on the phone or face to face. We get some of it from automatic recording e.g.: Cookies

    When we no longer require your personal data, it is deleted according to our retention policy

    The data we collect can include the following:

    Name and contact details: we collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services. If you have given permission, we also use these for marketing purposes for services/events provided by us or by others in the local area. If you have given permission for third party marketing, we additionally may pass this data to third parties for carefully selected marketing relevant to your permissions.

    Demographic data: this includes age and gender. We may collect more sensitive characteristics such as nationality, race, religion, sexuality and ethnicity in order to fulfil our obligations under the Equalities Act 2010. These sensitive characteristics are only used for the purposes of the Equalities Act or those defined and to which you consented at the time we collected them. Where practicable, these data are managed separately from other data. Where data is used for statistical purposes all data is anonymised.

  4. How we use personal data

    We use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.

    In carrying out the purposes listed above, we reuse your data to improve your experience and ensure you are provided with the best possible service. We use your personal data in the following ways:

    • To provide services to you. This is generally the primary purpose for most information we hold. This also involves charging for services and collection of payment for car parking.
    • To communicate with you. We will communicate to you regarding your requests, your services and as required by legal responsibilities. If you specifically permit it, we will communicate with you about other service and local events we think you may be interested in. We will not pass your data to third parties to advertise services unless this is specifically permitted by you.
    • To plan our services. Your data is used to plan our current and future services.
    • To personalise your experience. Your data is used to show you services of relevance to you, to ensure we address you by your preferred name. We also use data in other legal ways, governed by the law of the UK. Examples include for the prevention and detection of crime e.g. fraud.
  5. Reasons we share personal data

    We share your personal data with a range of organisations to provide you with services, plan services and to ensure that crime is prevented or detected. These include:

    • Third party organisations/contractors delivering services on our behalf
    • Central government
    • Police

    We share your data with your consent or as necessary to provide any service.

    We share with third party organisations delivering services on our behalf. This sharing is covered by agreements to maintain your privacy to the same level as we require of ourselves, and data shared is strictly restricted to that necessary for delivering services.

    We also share data with Central Government and its agencies, including police and as required by law, for the delivery of service, prevention and detection of crime, public health, safety and service planning. This sharing, where not required by law, is again covered by agreements about your privacy.

  6. How to control your personal data and your rights

    You have a right to require us to make changes to your data if it is wrong.

    You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it.

    You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You have a right to access personal data that we may be processing about you, subject to certain exemptions. Requests for access to personal data are known as subject access requests. You may do this by emailing dataprotection@oxford.gov.uk.

    For more information, go to our Oxford City Council's website.

    If you have a privacy concern, complaint or question for Oxford Direct Services Limited please contact the Corporate Governance Manager, please email or contact via post as detailed in our How to Contact Us  page.

    You have the right to complain about our processing to the Information Commissioner  if you believe we are not processing your data in a proper manner.

    For more details on your rights in processing data, visit ICO

    Oxford City Council is registered with the ICO as a data controller and processor. Our registration number is Z7925628 and ZA355161.

  7. Cookies and similar technologies

    Where services are delivered via websites, small amounts of information are sometimes placed on your device e.g. your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. You can restrict or block cookies, but these may stop parts of the website from working.

    We use cookies for a number of purposes:

    • enabling a service to recognise your device so you don't have to give the same information several times during one task
    • recognising that you may already have given a username and password so you don't need to do it for every web page requested
    • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast
    • analysing anonymised data to help us understand how people interact with our services so we can make them better

    When someone visits www.oxforddirectservices.gov.uk we use a third party service, Google Analytics and Hot jar, to collect standard internet log information and details of visitor behaviour patterns such as heat mapping tool.

    We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

    If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

    Information on how to opt out of being tracked by Google Analytics across all websites and Google's use of cookies can be found on Google Analytics Opt-out and Google privacy pages.

    How to control and delete cookies

    We will not use cookies to collect personally identifiable information about you.

    If you wish to restrict or block the cookies which are set by our websites, or any other website, you can do this through your browser settings. The ‘Help’ function within your browser should tell you how.

    Please be aware that restricting cookies may impact on the functionality of our website.

    To view your cookie code, click on the cookie to open it. You will see a short list of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.

    For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

    To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

  8. Other important privacy information

    Below you will find additional privacy information you may wish to know. Oxford Direct Services Limited is committed to maintaining the privacy of your personal information.

    Storage and processing of personal data

    Data collected by Oxford Direct Services is generally processed within the UK and the EEA. These uses all comply with the requirements of the GDPR and UK government security policy.    Should Oxford Direct Services require data to be shared outside of the EEA you will be informed in advance and additional security will be sought for the protection of data.

    Security of personal data

    We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems. Including CCTV.

    Retention of personal data

    Oxford Direct Services Limited operates a data retention and disposal scheme based on legal and operational requirements. Data is disposed of securely when it is no longer required for processing purposes.

    Changes to the privacy statement

    We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top of the first page.  We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.

  9.  Specific purposes

    CCTV

    Oxford Direct Services Limited operates CCTV systems across the City for the purposes of prevention and detection of crime under Section 115 of the Crime and Disorder Act 1998. New camera requests follow the surveillance camera code of practice. Image data is retained for 31 days unless an incident occurs. Data is retained as long as is required for evidence if an incident occurs

    Cemetery records

    Oxford Direct Services Limited keeps records of, funeral directors, memorial masons etc. This is a legal requirement under the Local Authorities Cemeteries Order 1977 (amended 1986) and associated regulations

    Communications

    Oxford Direct Services Limited wants its customers to be aware of services that may be useful to them. We operate an opt-in email mailing list for this purpose; citizens may opt out by clicking on the unsubscribe link at the footer of any marketing communications. We also respond to social media queries; we do not retain data on social media accounts. Please see the privacy statements of the social media providers for more detail.

    Complaints and information

    Oxford Direct Services Limited deal with complaints, consultations, Environmental Information requests, Freedom of Information requests, Subject Access requests and general information requests. Data is held in order to complete your request or complaint and for the purposes of internal performance reporting.

    Emergency planning

    Oxford Direct Services Limited acting on behalf of Oxford City Council has responsibilities under the Civic Contingencies Act 2004 to be prepared for emergencies and be able to react to them. This requires us to keep data on our employees for emergency contacts, but also employees of other organisations required for emergency preparedness. Consent is obtained at the time of requesting the contact. Currently organisations include, but are not limited to Thames Valley Police, Oxfordshire Fire Brigade, Ambulance Service, Environment Agency, Thames Water, representatives of organisations offering emergency rest centres and Highways Agency.

    Procurement

    If you supply goods or services to Oxford Direct Services Limited, we keep records of this supply including your contact details, contract details, purchase orders made, goods/services/invoices received, bank details for payment purposes and records of contacts made. These are kept for seven years after your last interaction with the council.

    Regulatory service

    Oxford Direct Services Limited on behalf of Oxford City Council are required to provide services for a wide range of regulation enforcement and delivery services. Each of these services is either covered by a legal basis in legislation and therefore does not require consent, or is a service which people request and therefore give consent at that point. Many users are companies, but for sole traders the privacy regulations will apply.

    Staff information

    Oxford Direct Services Limited, as a responsible employer, is required by law to keep a wide range of data on prospective, current and former employees, pensioners, contract staff and volunteers. This data has restricted access and is only generally available to appropriate staff including HR advisors and Health and Safety staff, with managers having limited access to data about their staff.

    In addition to statutory requirements, Oxford Direct Services Limited keeps information relating to staff performance, staff vetting, staff training, staff emergency contacts, staff access to sites/buildings/rooms, staff health data where needed to ensure safety of the staff member or the public and other data needed for the safe and responsible delivery of its services.

    Staff consent for this recording as part of the contract of employment or is signed up to on commencement by contractors and volunteers.

  10. How to contact us

    If you have a privacy concern, complaint or question for Oxford Direct Services Limited, please email dataprotection@oxford.gov.uk.

    You can also contact the Council’s Corporate Governance Manager by post at:

    Corporate Governance Manager 
    Oxford City Council
    109-113 St Ebbes
    Oxford
    OX1 1DS