Privacy Notice

This notice applies to you if we deliver a service to you, if we use you as a supplier or if we're seeking to enter into a contractual arrangement with you. This policy gives effect to our commitment to protect your personal information.

Who we are

We are Public Sector Partnership Services Ltd (PSPS). We are a Local Authority Trading Company, owned by East Lindsey District Council (ELDC) and South Holland District Council (SHDC) and Boston Borough Council (BBC), with responsibilities for delivering services to all three client Councils and to members of the public on their behalf.

Our primary office locations are at each respective Council's headquarters, at the addresses below, and we also operate from some Customer Access Points owned and managed by the Councils.

• ELDC Offices, The Hub, Mareham Road, Horncastle, LN9 6PH
• SHDC Offices, Priory Road, Spalding, Lincolnshire PE11 2XE 
• BBC Offices, Municipal Buildings, West Street, Boston, PE21 8QR

Most of the personal data we process is done so in our capacity as a data processor acting on behalf of our shareholding councils, ELDC, SHDC, and BBC. Exceptions to this, where PSPS is the data controller, include:

•  information about employees of PSPS;
• information about our Telecare-Lifeline customers;
• personal information relating to current or potential suppliers contracted by PSPS directly.

Information we hold

We hold and process a wide range of personal data. The majority of the data we process is required to allow us to deliver essential services on behalf of our two owning councils. These services are:

• Customer Contact, where we take a range of information on behalf of the services we provide (as listed below) or other council services such as Waste Services, Licensing, Housing Support Services and Planning.
• Revenues and Benefits, including the collection of Council Tax, Business Rates and Sundry Debt, as well as paying Benefit claims
• Finance, which includes paying supplier invoices
• Information and Communications Technology (ICT)
• Human Resources (HR) and Payroll
• Health and Safety 
• Procurement and Contracts

We also process personal data relating to our Telecare-Lifeline customers, to allow us to provide them with the equipment and associated support services as defined within the terms of our agreement with them.

Internally the Company's Corporate Services also process a wide range of Company related and supplier information. This usually includes non-personal related data, the exception being contacts within organisations we procure services from.

Categories of personal data we process in support of this will include:

• Personal details, such as: name, address, telephone number, email address
• Family details and/or information relating to others living with you
• Lifestyle and social circumstances
• Goods and services
• Financial details
• Employment and education details
• Business activities

We also process sensitive classes of information that may include:

• Physical or mental health details
• Racial or ethnic origin
• Trade union membership
• Political affiliation
• Political opinions
• Criminal records data
• Religious or other beliefs of a similar nature
• Criminal proceedings, outcomes and sentences

How we use your information

The information we collect from you may be used to:

• Collect Council Tax and Business Rates on behalf of the Councils
• Collect other payments on behalf of the Councils
• Apply relevant exemptions and discounts to your Council Tax or Business Rates accounts
• Process and pay you Benefit entitlements
• Pass onto the Councils with respect of other services they provide, such as Waste Services, Licensing, Environmental Protection or Housing Support
• Provide a Telecare-Lifeline service to you
• Enter into a contract arrangement with you as a supplier of services we require
• Prevent and detect fraud
• Help us understand more about customer service requirements

Our legal basis for processing your information

There are a number of reasons why we need to collect and use your personal information. We will provide specific Privacy Notices and/or shorter Privacy Statements on forms that will provide an explanation of what these are for each specific context.

We usually rely on one of the following lawful reasons for processing:

• our legal obligation to provide a service to you on behalf of the Council(s); or
• our obligation to provide a public task on behalf of the Council(s); or
• because we have a contract with you or you have consented to providing your data in order to access one of our services.
• our legitimate interests to process some forms of data in relation to employees of PSPS.

We only collect enough information from you to perform the task it is needed for and this will vary throughout the Council depending on the services you require.

Some information is required legally; for example, we might need to know who is living in your household for Council Tax purposes

Some information may be given voluntarily by you as part of a contract with us or the Council we're processing on behalf of; for example, you might call our customer contact team with the intention of signing up for a green waste collection service.

Sharing your information

We will not sell your personal details to any third parties unless there is a clear lawful basis for doing so. We will only use your information for the purpose it was collected for, which may include the sharing of it with different Council departments as appropriate to provide the service you have requested.

Where allowed or required by law, we may share information with::

• ELDC, SHDC and BBC
• Customers and/or service users
• Family, associates or representatives of the person whose personal data we are processing
• Current, past and prospective employers
• Healthcare, social and welfare organisations
• Providers of goods and services
• Financial organisations
• Debt collection and tracing agencies
• Local and central government
• Ombudsman and regulatory authorities
• Press and the media (via respective Councils)
• Professional advisers and consultants
• Courts and tribunals
• Trade unions
• Professional advisers
• Professional bodies
• Survey and research organisations
• Police forces
• Housing associations and landlords
• Voluntary and charitable organisations
• Data processors
• Other police forces, non-home office police forces
• Regulatory bodies
• HM revenues customs
• Department for Work and Pensions

All of our staff are given data protection training to ensure that your data is processed according to the law and only shared where there is consent or legal justification for doing so.

National Fraud initiative - Cabinet Office data matching

To prevent and detect fraud it is a legal requirement that Councils share your information with the Cabinet Office. This is for the purpose of data matching as part of the National Fraud Initiative (NFI), and as data processors acting on behalf of three Councils we are legally obliged to provide this information on their behalf. Examples of data supplied by PSPS are:

• Council Tax
• Housing Benefits
• Insurance data - if claims have been made against the Council
• Payroll - staff data
• Trade creditors payment history and standing data (paid and open invoices)

Computerised data matching allows potentially fraudulent claims and payments to be identified and investigations to be carried out where necessary, in order to protect public funds. The use of this data by the Cabinet Office is carried out under Part 6 of the Local Audit and Accountability Act 2014 and does not require the consent of the individual concerned under Data Protection law. You will have been informed when we collected your personal information if we intend to share it with other people and organisations. However, you will not be informed if we are asked to provide your details for law enforcement or tax collection reasons as this is permitted within Data Protection Legislation.

Our Website and Cookies

Our website uses cookies. Please see our Cookies page for usage and consent information.

International Transfers

PSPS has no current arrangements through which personal data is transferred to a third country. The Company is committed to ensuring that any transfer of personal data to a country outside of the EU and not on the relevant adequacy list will only take place when:

• Technical and organisational security measures have been put in place via a contract; or
• Where this is required by law.

Your rights

Data Protection law outlines a number of rights you have as a data subject (the person the data we're processing relates to). These are:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restriction
• Data portability
• Right to object
• Right to complain to the Information Commissioner's Office (ICO)

Right to be informed

This privacy policy, our privacy notices and privacy statements, along with the Councils' own equivalent, are all designed to keep you informed on the processing of your personal data. We always seek to advise you of as much as possible at the point of asking you for information. Where this is impractical, such as on forms with limited space or on the telephone, we usually provide a more concise statement and advise where to find more information on the website.

Access and correction of your personal information

You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a 'Subject Access Request'. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it free of charge.

Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

If you would like to exercise these rights, please contact us as set out below.

Right to stop or limit our processing of your data

You have the right to:

• Object to us processing your personal information if we are not entitled to use it any more
• Have your information deleted if we are keeping it too long
• Have the processing of your personal data restricted in certain circumstances

If you would like to exercise any of these rights, please contact us as set out below.

How long we keep your information for

We are only permitted to keep your data for as long as we need it, which we refer to as a retention period.

Some retention periods are prescribed by law, such as financial information which has to be provided to HMRC, but we often have to make our own judgements when deciding how long we keep personal data for.

Retention periods for the processing we carry out can be viewed in our specific privacy notices, or you can contact us if that is unclear or if you require more information relating to retention. For all services we provide on behalf of the Council, these should also be found on each respective Council's website.

Links to other relevant information

Most of the personal data we process is on behalf of ELDC and SHDC, and full privacy notices and retention periods relating to the services we provide are available from their websites:

ELDC: ELDC Privacy Policy (opens new window)

SHDC: SHDC Privacy Policy (opens new window)

BBC: BBC General Privacy Notice

The ICO are the UK's independent authority set up to uphold information rights in the public interest. You can go to their website to obtain more information generally regarding data protection law and practice, or to complain to them if you feel that the processing of your personal data infringes data protection law:

ICO: Information Commissioners Office (opens new window)

Security

We take security measures to protect your information including:

• Limiting access to our buildings to those that we believe are entitled to be there
• Implementing access controls to our information technology, such as: encryption, firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information
• Robust security updates including timely patching and anti-virus software
• Pseudonymisation or anonymisation of data wherever possible
• Physical security controls, such as: secure waste-paper disposal, controlled printing and a clear desk policy
• Penetration testing to monitor security control effectiveness
• Completion of Data Protection Impact Assessments (DPIAs) when implementing changes
• Staff training

Contact us

At PSPS we appoint our own Data Protection Officer (DPO), who can be contacted with any privacy related query or complaint by email at data.protection@pspsl.co.uk or in writing at:

The Data Protection Officer
Public Sector Partnership Services Ltd
The Hub
Mareham Road, Horncastle
Lincolnshire
LN9 6PH