Privacy Notice - Risk and Insurance

What this privacy notice is for

Our core data protection obligations and commitments are set out in the council’s primary privacy notice at:

This notice provides additional privacy information for:

  • Members of the public
  • Employees of Oldham Council
  • Contractors and Consultants of Oldham Council

Updating our privacy notices

We may update or revise our privacy notices at any time so please refer to the version published on our website for the most up-to-date details.

What we use your information for

We collect or obtain your personal information for the following purpose(s):

  • Insurance claims
  • Insurance queries and policy coverage queries
  • Support Audit and Counter-Fraud activities
  • Support Council Tax, Revenues and Benefits processing activities

We also use this information to assess the quality of our services and evaluate and improve our policies and procedures.

What categories of personal information do we use

Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example, this could be your name and contact details.

The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This information consists of:

  • Racial or ethnic origin
  • Sexuality and sexual life
  • Religious or philosophical beliefs
  • Trade union membership
  • Political opinions
  • Genetic and bio-metric data
  • Physical or mental health
  • Criminal convictions and offences

To carry out these purposes we collect and obtain the following personal information shown in the table below:

Category of personal data

Special/ Sensitive

Full name

 

Date of birth

 

Contact details

 

Nationality

 

Gender

 

Racial/Ethnic origin

Yes

National Insurance number

 

Employer(s) details

 

Income and expenditure

 

Bank/Building Society details

 

Previous claims containing your personal data including physical/mental health items

Yes

Criminal offences/convictions

Yes

We may use information about your physical or mental health to assess any previous injuries or illness/es, which may form part of a claim/incident under the insurance arrangements and also for the prevention and detection of crime.

Previous criminal offences/conviction information is processed where appropriate for the purposes of prevention and detection of crime.

Legal basis for processing

The legal basis for processing and or sharing your personal information is: 

  • We have a contractual obligation with you - UK GDPR Article 6 (b)
  • We have a legal obligation - UK GDPR Article 6 (c)
  • We need it to perform a public task - UK GDPR Article 6 (e)

When we also collect data that is considered ‘special category’ we further rely on the following lawful bases:

  • We need it for employment, social security or social protection - UK GDPR Article 9 (2) (b)
  • We need it for the establishment, exercise or defence of legal claims - UK GDPR Article 9 (2) (f)
  • We need to collect it for Substantial Public Interest in order to comply with legislation - UK GDPR Article 9 (2) (g)
  • We need to analyse your information - UK GDPR Article 9 (2) (j)

The primary legislation upon which we rely to ensure Risk & Insurance complies with its legal obligations and functions includes but is not limited to:

  • Local Government Finance Act 1992
  • Civil Procedure Rules 1998
  • Fraud Act 2006
  • Section 151 of the Local Government Act 1972

 

Information sharing/recipients

We may share personal information about you with the following organisations/types of organisations:

  • Internally with other council departments
  • Insurance companies
  • Claims handling companies
  • Other local authorities
  • Oldham Community Leisure
  • Department of Works and Pensions
  • HMRC
  • Healthcare professionals
  • Healthcare, social and welfare organisations
  • The Disclosure and Barring Service
  • Police forces including non-home office police forces
  • Greater Manchester Fire & Rescue Service
  • Past, current and prospective employers
  • Local and Central government
  • Greater Manchester Combined Authorities
  • Transport for Greater Manchester
  • Local Government Association
  • Ombudsman and regulatory authorities/bodies
  • Professional advisers and professional bodies
  • Legal representatives
  • Third-party data processors
  • Litigants in Person (claimants with no legal representation)
  • Her Majesty’s Court and Tribunal Service

As well as information collected directly from you, we also obtain or receive information from:

  • Internally from other council departments
  • Other Local Authorities
  • Health and social care provider
  • Family members/Guardians
  • Local and Central Government Agencies
  • Employers
  • Commissioned Partners
  • Finance department
  • Transport for Greater Manchester
  • Greater Manchester Combined Authorities
  • Local Government Association
  • Other third-party organisations, as allowed by law
  • Police forces including non-home office police forces
  • Legal representatives
  • Members of the public
  • Litigants in Person (claimants with no legal representation)
  • Her Majesty’s Court and Tribunal Service
  • Oldham Community Leisure

National Fraud Initiative

The Cabinet Office is responsible for carrying out data matching exercises and we participate in the ‘Cabinet Office National Fraud Initiative’.

This is a data-matching exercise to assist in the prevention and detection of fraud and we are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. Data matching by the Cabinet Office is subject to a Code of Practice.

Data Transfers beyond European Economic Area

The majority of our service area functions do not require information to be shared outside of the UK. However, there may be some instances where it is necessary to share your information outside of the UK to fulfil our purposes. Where this is the case, we will list the countries where your data is shared.

Automated Decisions

All the decisions we make about you involve human intervention.   

How long we keep your data

There is usually a legal reason for keeping your personal information for a set period of time and most of our data retention schedules are ‘current year plus 6 years’.

Our data retention schedule lists how long your information may be kept which can range from months for some records to decades for more sensitive records. An example of this is claim settlements where we are required to retain data from the completion date of the settlement plus 6 years.

Following the relevant retention period, we will securely destroy the information.

Where we need to use your information, for research or reports (including publicly available) it will be in an anonymised and summarised format.

Risk and Insurance have a retention schedule of records which can be accessed by contacting: riskandinsuranceteam@oldham.gov.uk

Where can I get advice?

More information on how to seek advice to exercise your rights, raise a concern or complain about the handling of your personal information by the council can be found in the council’s privacy notice which can be found at: