- PRIVACY NOTICE
On 25th May 2018 Data Protection Law changed, giving more rights to you as an individual and more obligations on organisations holding your personal data.
One of the rights is the right to be informed, which means we have to give you even more information about the way in which we use, share and store your personal information.
This Privacy Notice allows you to access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
- How will we use your information?
Your information will be used to provide you with services and personalise our service to you. If you agree, we will also use your information to tell you about other services we provide and events relevant to those services.
Your information may be shared with our delivery partners to deliver your services or if required by law.
We will not share your details with 3rd parties for marketing purposes unless you agree.
You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the Information Commissioner’s Office.
- Personal data we collect
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it.
We collect your personal data for a variety of purposes. You provide some of this data when you fill in a form (online or paper), when you speak to us on the phone or face to face. We get some of it from automatic recording e.g.: Cookies
When we no longer require your personal data, it is deleted according to our retention policy
The data we collect can include the following:
Name and contact details: we collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services. If you have given permission, we also use these for marketing purposes for services/events provided by us or by others in the local area. If you have given permission for third party marketing, we additionally may pass this data to third parties for carefully selected marketing relevant to your permissions.
Demographic data: this includes age and gender. We may collect more sensitive characteristics such as nationality, race, religion, sexuality and ethnicity in order to fulfil our obligations under the Equalities Act 2010. These sensitive characteristics are only used for the purposes of the Equalities Act or those defined and to which you consented at the time we collected them. Where practicable, these data are managed separately from other data. Where data is used for statistical purposes all data is anonymised.
- How we use personal data
We use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.
In carrying out the purposes listed above, we reuse your data to improve your experience and ensure you are provided with the best possible service. We use your personal data in the following ways:
- To provide services to you. This is generally the primary purpose for most information we hold. This also involves charging for services and collection of payment for car parking.
- To communicate with you. We will communicate to you regarding your requests, your services and as required by legal responsibilities. If you specifically permit it, we will communicate with you about other service and local events we think you may be interested in. We will not pass your data to third parties to advertise services unless this is specifically permitted by you.
- To plan our services. Your data is used to plan our current and future services.
- To personalise your experience. Your data is used to show you services of relevance to you, to ensure we address you by your preferred name. We also use data in other legal ways, governed by the law of the UK. Examples include for the prevention and detection of crime e.g. fraud.
- How to control your personal data and your rights
You have a right to require us to make changes to your data if it is wrong.
You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it.
You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You have a right to access personal data that we may be processing about you, subject to certain exemptions. Requests for access to personal data are known as subject access requests. You may do this by emailing email@example.com.
For more information, go to our Oxford City Council's website.
If you have a privacy concern, complaint or question for Oxford Direct Services Limited please contact the Corporate Governance Manager, please email or contact via post as detailed in our How to Contact Us page.
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner.
For more details on your rights in processing data, visit ICO.
Oxford City Council is registered with the ICO as a data controller and processor. Our registration number is Z7925628 and ZA355161.
- Other important privacy information
Below you will find additional privacy information you may wish to know. Oxford Direct Services Limited is committed to maintaining the privacy of your personal information.
Storage and processing of personal data
Data collected by Oxford Direct Services is generally processed within the UK and the EEA. These uses all comply with the requirements of the GDPR and UK government security policy. Should Oxford Direct Services require data to be shared outside of the EEA you will be informed in advance and additional security will be sought for the protection of data.
Security of personal data
We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems. Including CCTV.
Retention of personal data
Oxford Direct Services Limited operates a data retention and disposal scheme based on legal and operational requirements. Data is disposed of securely when it is no longer required for processing purposes.
Changes to the privacy statement
We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top of the first page. We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.
- Specific purposes
Oxford Direct Services Limited operates CCTV systems across the City for the purposes of prevention and detection of crime under Section 115 of the Crime and Disorder Act 1998. New camera requests follow the surveillance camera code of practice. Image data is retained for 31 days unless an incident occurs. Data is retained as long as is required for evidence if an incident occurs
Oxford Direct Services Limited keeps records of, funeral directors, memorial masons etc. This is a legal requirement under the Local Authorities Cemeteries Order 1977 (amended 1986) and associated regulations
Oxford Direct Services Limited wants its customers to be aware of services that may be useful to them. We operate an opt-in email mailing list for this purpose; citizens may opt out by clicking on the unsubscribe link at the footer of any marketing communications. We also respond to social media queries; we do not retain data on social media accounts. Please see the privacy statements of the social media providers for more detail.
Complaints and information
Oxford Direct Services Limited deal with complaints, consultations, Environmental Information requests, Freedom of Information requests, Subject Access requests and general information requests. Data is held in order to complete your request or complaint and for the purposes of internal performance reporting.
Oxford Direct Services Limited acting on behalf of Oxford City Council has responsibilities under the Civic Contingencies Act 2004 to be prepared for emergencies and be able to react to them. This requires us to keep data on our employees for emergency contacts, but also employees of other organisations required for emergency preparedness. Consent is obtained at the time of requesting the contact. Currently organisations include, but are not limited to Thames Valley Police, Oxfordshire Fire Brigade, Ambulance Service, Environment Agency, Thames Water, representatives of organisations offering emergency rest centres and Highways Agency.
If you supply goods or services to Oxford Direct Services Limited, we keep records of this supply including your contact details, contract details, purchase orders made, goods/services/invoices received, bank details for payment purposes and records of contacts made. These are kept for seven years after your last interaction with the council.
Oxford Direct Services Limited on behalf of Oxford City Council are required to provide services for a wide range of regulation enforcement and delivery services. Each of these services is either covered by a legal basis in legislation and therefore does not require consent, or is a service which people request and therefore give consent at that point. Many users are companies, but for sole traders the privacy regulations will apply.
Oxford Direct Services Limited, as a responsible employer, is required by law to keep a wide range of data on prospective, current and former employees, pensioners, contract staff and volunteers. This data has restricted access and is only generally available to appropriate staff including HR advisors and Health and Safety staff, with managers having limited access to data about their staff.
In addition to statutory requirements, Oxford Direct Services Limited keeps information relating to staff performance, staff vetting, staff training, staff emergency contacts, staff access to sites/buildings/rooms, staff health data where needed to ensure safety of the staff member or the public and other data needed for the safe and responsible delivery of its services.
Staff consent for this recording as part of the contract of employment or is signed up to on commencement by contractors and volunteers.
- How to contact us
If you have a privacy concern, complaint or question for Oxford Direct Services Limited, please email firstname.lastname@example.org.
You can also contact the Council’s Corporate Governance Manager by post at:
Corporate Governance Manager
Oxford City Council
109-113 St Ebbes