Privacy Policy

Compass Point Business Services

Providing front and back office services for East Lindsey and South Holland District Councils

We understand that privacy and the security of personal information is extremely important. Because of that, this policy sets out what we do with personal information and what we do to keep it secure. It also explains where and how we collect personal information, as well as data subject rights over any personal information we hold about you.

This policy applies to you if we deliver a service to you, if we use you as a supplier or if we're seeking to enter into a contractual relationship with you. This policy gives effect to our commitment to protect your personal information.

Who we are

We are Compass Point Business Services (CPBS), a limited company owned by East Lindsey District Council (ELDC) and South Holland District Council (SHDC). We were formed as a joint venture and our main responsibilities are to deliver services to both Councils and to members of the public on their behalf.

Our primary office locations are at each respective Council's headquarters, at the addresses below, and we also operate from some the Customer Access Points owned and managed by the Councils.

      ELDC Offices, Tedder Hall, Manby Park, Manby, Lincolnshire, LN11 8UP

      SHDC Offices, Priory Road, Spalding, Lincolnshire PE11 2XE

Apart from processing in relation to our own employees and with current or potential suppliers contracted by us directly, where we act as the data controller, all of the personal data we process is done so in our capacity as a data processor acting on behalf of the respective district councils.

Information we hold

We hold and process a wide range of personal data. The majority of the data we process is required to allow us to deliver essential services on behalf of our two owning councils. These services are:

  • Customer Contact, where we take a range of information on behalf of the services we provide (as listed below) or other council services such as Waste Services, Licensing, Housing Support Services and Planning.

  • Revenues and Benefits, including the collection of Council Tax, Business Rates and Sundry Debt, as well as paying Benefit claims

  • Finance, which includes paying supplier invoices

  • Information and Communications Technology (ICT)

  • Human Resources (HR) and Payroll

  • Health and Safety

Internally the Company's Business Support team also processes a wide range of Company related and supplier information. This usually includes non-personal related data, with the exception being contacts within organisations we procure services from.

Categories of personal data we process in support of this will include:

  • Personal details, such as: name, address, telephone number, email address

  • Family details and/or information relating to others living with you

  • Lifestyle and social circumstances

  • Goods and services

  • Financial details

  • Employment and education details

  • Business activities

We also process sensitive classes of information that may include:

  • Physical or mental health details
     
  • Racial or ethnic origin
     
  • Trade union membership
     
  • Political affiliation
     
  • Political opinions
     
  • Criminal records data
     
  • Religious or other beliefs of a similar nature
     
  • Criminal proceedings, outcomes and sentences

How we use your information

The information we collect from you may be used to:

  • Collect Council Tax and Business Rates on behalf of the Councils

  • Collect other payments on behalf of the Councils

  • Apply relevant exemptions and discounts to your Council Tax or Business Rates accounts

  • Process and pay you Benefit entitlements

  • Pass onto the Councils with respect of other services they provide, such as Waste Services, Licensing, Environmental Protection or Housing Support

  • Enter into a contract arrangement with you as a supplier of services we require

  • Prevent and detect fraud

  • Help us understand more about customer service requirements

Our legal basis for processing your information

There are a number of reasons why we need to collect and use your personal information. We will provide specific Privacy Notices and/or shorter Privacy Statements on forms that will provide an explanation of what these are for each specific context.

We usually rely on one of the following lawful reasons for processing:

  • our legal obligation to provide a service to you on behalf of the Council(s); or

  • our obligation to provide a public task on behalf of the Council(s); or

  • because we have a contract with you or you have consented to providing your data in order to access one of our services.

We only collect enough information from you to perform the task it is needed for and this will vary throughout the Council depending on the services you require.

Some information is required legally; for example, we might need to know who is living in your household for Council Tax purposes

Some information may be given voluntarily by you as part of a contract with us or the Council we're processing on behalf of; for example, you might call our customer contact team with the intention of signing up for a green waste collection service.

Sharing your information

We will not sell your personal details to any third parties. We will only use your information for the purpose it was collected for, which may include the sharing of it with different Council departments as appropriate to provide the service you have requested.

Where allowed by law, necessary, or required by law we may share information with:

  • ELDC and SHDC

  • Customers and/or service users

  • Family, associates or representatives of the person whose personal data we are processing

  • Current, past and prospective employers

  • Healthcare, social and welfare organisations

  • Providers of goods and services

  • Financial organisations

  • Debt collection and tracing agencies

  • Local and central government

  • Ombudsman and regulatory authorities

  • Press and the media (via respective Councils)

  • Professional advisers and consultants

  • Courts and tribunals

  • Trade unions

  • Professional advisers

  • Professional bodies

  • Survey and research organisations

  • Police forces

  • Housing associations and landlords

  • Voluntary and charitable organisations

  • Data processors

  • Other police forces, non-home office police forces

  • Regulatory bodies

  • HM revenues customs

  • Department for Work and Pensions

Our staff are given training and guidance with regards to the sharing of personal data to ensure that your data is processed according to the law and only shared where there is consent or legal justification for doing so.

National Fraud initiative - Cabinet Office data matching

To prevent and detect fraud it is a legal requirement that Councils share your information with the Cabinet Office. This is for the purpose of data matching as part of the National Fraud Initiative (NFI), and as data processors acting on behalf of two Councils we're legally obliged to provide this information on their behalf. Examples of data supplied by CPBS are:

  • Council Tax

  • Housing Benefits

  • Insurance data - if claims have been made against the Council

  • Payroll - staff data

  • Trade creditors payment history and standing data (paid and open invoices)

Computerised data matching allows potentially fraudulent claims and payments to be identified and investigations to be carried out where necessary, in order to protect public funds. The use of this data by the Cabinet Office is carried out under Part 6 of the Local Audit and Accountability Act 2014 and does not require the consent of the individual concerned under Data Protection law. You will have been informed when we collected your personal information if we intend to share it with other people and organisations. However, you will not be informed if we are asked to provide your details for law enforcement or tax collection reasons as this is permitted within Data Protection Legislation.

Our Website and Cookies

Our website uses cookies and other tracking technologies to assist with your use and navigation of the site, your ability to provide feedback and analyse your use of our products and services using Google Analytics. This might include the remembering of display preferences (font size etc.), or if you have already completed a survey (to ensure you are not asked again). We have carefully chosen the controls and necessary steps to ensure that your privacy and personal data is controlled and respected at all times.

Google Analytics

We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on.

This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (eg, your name or address) so this information cannot be used to identify who you are.

You can find out more about Google's position on privacy as regards its analytics service at https://support.google.com/analytics/answer/6004245?hl=en-GB

Visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on

Cookies

We use a minimal number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.

The list below describes the cookies we use on this site and what we use them for. Currently, we operate an 'implied consent' policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser's anonymous usage setting (called "Incognito" in Chrome, "InPrivate" for Internet Explorer, "Private Browsing" in Firefox and Safari etc.).

Cookie Name

Default Expiration Time

Description

__utma

2 years from set/update

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmt

10 minutes

Used to throttle request rate.

__utmb

30 mins from set/update

Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmc

End of browser session

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

__utmz

6 months from set/update

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

 

International Transfers

CPBS does not transfer data to third countries. If this was ever considered necessary in the future, a transfer will only take place when:

  • Technical and organisational security measures have been put in place via a contract; or

  • With the consent of the data subject; or

  • Where required by law.

Your rights

The General Data Protection Regulation ((EU) 2016/679) (GDPR) outlines a number of rights you have as a data subject (the person the data we're processing relates to). These are:

  • Right to be informed

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction

  • Data portability

  • Right to object

  • Right to complain to the Information Commissioner's Office (ICO)

Right to be informed

This privacy policy, our privacy notices and privacy statements, along with the Councils' own equivalent, are all designed to keep you informed on the processing of your personal data. We always seek to advise you of as much as possible at the point of asking you for information. Where this is impractical, such as on forms with limited space or on the telephone, we provide a more concise statement and advise where to find more information on the website.

Access and correction of your personal information

You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a 'Subject Access Request'. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.

Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

If you would like to exercise these rights, please contact us as set out below.

Right to stop or limit our processing of your data

You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

How long we keep your information for

We are only permitted to keep your data for as long as we need it, which we refer to as a retention period.

Some retention periods are prescribed by law, such as financial information which has to be provided to HMRC, but we often have to make our own judgements when deciding how long we keep personal data for.

Retention periods for the processing we carry out can be viewed in our retention schedule. For all services we provide on behalf of the Council, these should also be found on each respective Council's website.

Links to other relevant information

Most of the personal data we process is on behalf of ELDC and SHDC, and full privacy notices and retention periods relating to the services we provide are available from their websites:

ELDC: East Lindsey District Council

SHDC: South Holland District Council

The ICO are the UK's independent authority set up to uphold information rights in the public interest. You can go to their website to obtain more information generally regarding data protection law and practice, or to complain to them if you feel that the processing of your personal data infringes data protection law:

ICO: https://ico.org.uk/

Security

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there

  • Implementing access controls to our information technology, such as: encryption, firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information

  • Robust security updates including timely patching and anti-virus software

  • Pseudonymisation or anonymisation of data wherever possible

  • Physical security controls, such as: secure waste paper disposal, controlled printing and a clear desk policy

  • Penetration testing to monitor security control effectiveness

  • Completion of Data Protection Impact Assessments (DPIA) when implementing changes

  • Staff training

Contact Us

At CPBS we appoint our own Data Protection Officer (DPO), who can be contacted with any privacy related query or complaint by email at performance@cpbs.com or in writing at:

The Data Protection Officer

Compass Point Business Services

Tedder Hall

Manby Park, Manby

Lincolnshire

LN11 8UP

 

For the majority of the services we provide, CPBS acts as a data processor, delivering services on behalf of East Lindsey District Council and South Holland District Council, the data controllers. Council specific privacy notices and contact details can be located on their respective websites: East Lindsey District Council and South Holland District Council