Privacy notice

Emergency planning and business continuity

This privacy notice relates to:

  • employees, elected Members, suppliers and contractors of Nuneaton and Bedworth Borough Council who have roles in the Council’s Emergency Plans, Business Continuity Plans or other arrangements for responding to incidents or situations of an urgent nature
  • employees, elected Members, suppliers and contractors of partner organisations who have roles in the Emergency Plans or Business Continuity Plans of the partner organisations
  • members of the public who have roles in the Council’s emergency or business continuity plans, including any community emergency plans that are supported by the Council
  • people with whom we have contact in the course of responding to an incident, emergency or business continuity threat

It applies to information provided by post, email, telephone, face to face, text, social media, and online.

The data controller 

The data controller is:

Nuneaton and Bedworth Borough Council, Town Hall, Coton Road, Nuneaton CV11 5AA, United Kingdom

We will store the data in our computer and manual record systems and restrict access according to relevant policies and procedures.

Personal data

The personal data we may hold includes: your name, contact details, and training records relating to emergency and business continuity preparedness. In the event of a response to an incident, emergency or business continuity threat being necessary, we may also collect and hold records of your role in the response, services provided for you, and your needs relating to the situation being responded to.

We will use this data for the following purposes to meet the Council's:

  • statutory obligations under the Civil Contingencies Act 2004, and in particular to prepare for and respond to emergency situations and incidents in co-operation with other responding agencies; 
  • statutory Duty of Care and exercise the Council’s legal powers by preparing for and responding to incidents or situations where there may be a risk of harm to the public or to the Council’s employees or assets, either directly, or indirectly through disruption to Council services 
  • obligations to be accountable for its preparedness for, and responsiveness during any of the above occurrences
  • Where necessary, to detect or prevent crime 

Legal basis 

The processing is necessary so that the Council can fulfil its obligations in preparing for and responding to the above incidents, emergencies and business continuity threats.

Where the processing is necessary to:

  • manage your role within the terms of a contract you hold with the Council, data protection law describes this legal basis as necessary for the performance of a contract
  • fulfil the council’s legal obligations, data protection law describes this legal basis as a legal obligation
  • enable the Council to exercise its legal powers, data protection law describes this legal basis as necessary for performance of a public task, or in the public interest
  • detect or prevent crime, data protection law describes this legal basis as necessary for performance of a public task, or in the public interest
  • safeguard the Council’s assets, data protection law describes this legal basis as in the Council’s legitimate interests
  • save life data protection law describes this legal basis as protecting vital interests

Consent

We do not need your consent to collect or process your personal information. This is because we need the information in order for us to administer your contract with the Council or to fulfil our legal or contractual obligations, or in the public interest or the Council’s legitimate interests. If circumstances arise that do not fall within these criteria we will seek your consent before collecting or processing your personal data.

Disclosure 

Nuneaton and Bedworth Borough Council may pass on your personal data to third parties for the purposes of detecting or preventing fraud or other crime, or if it is necessary to prepare for or respond to incidents, emergencies and business continuity threats. These organisations may include other public sector organisations and in particular those named within the Civil Contingencies Act 2004, or any other organisation where we are required or permitted by law to share information.

We may pass your name, and contact details to other organisations to include in their incident, emergency and business continuity plans. 

Your records are held within secure emails, in a secure section of the council’s information management system, and on the council’s human resources system all of which are held on secure servers on the council’s network. Some records may be held in secure manual storage. In so far as some personal information is included within the incident, emergency and business continuity plans of the Council or its partners, that information will be held by persons who are identified as official plan-holders. These plan-holders will be subject to the data protection policies and procedures of their respective organisations and the terms of this privacy statement.

Retention period

Nuneaton and Bedworth Borough Council will process your personal data for as long as you have a role in the above plans and, for information that is collected or processed as part of a response to an incident, emergency or business continuity threat we will only keep your information for the minimum period necessary which may be a period of many years if a public inquiry into an incident is required. Once the Council becomes aware that you no longer have a role in any such plans, your personal information will be removed from the relevant plans upon their next periodic update.

Your rights as a data subject 

You have the right:

  • to request a copy of the information that we hold about you
  • to correct data that we hold about you that is inaccurate or incomplete
  • in certain circumstances you can ask for the data we hold about you to be erased from our records
  • where certain conditions apply to have a right to restrict the processing
  • in some circumstances, to have the data we hold about you transferred to another organisation
  • to object to certain types of processing such as direct marketing
  • to complain if we refuse a request you may make using these rights and you are not happy with our reason

We may refer any request you may make using these rights to another organisation, if they have been involved in processing your personal data.