Who we are
Teignbridge District Council is registered with the Information Commissioner’s Office (ICO) as a ‘data controller’ under the Data Protection Act, entry Z5463710. We are a public authority and have a nominated Data Protection Officer who can be contacted on firstname.lastname@example.org.
If you apply for the energy bills support scheme or alternative fuel payment through the Department of Business, Energy and Industrial Strategy (BEIS) GOV.UK online application portal and provide us with assurance evidence to verify your application, we will need to collect information about your household and about the person applying.
What information do we collect about you?
The Department of Business, Energy and Industrial Strategy (BEIS) through their GOV.UK online application portal, link to their privacy notice, collect, store and use the following personal data which is shared with us:
- personal details such as name, address, date of birth, telephone number and email address for you (and your agent where you nominate someone else to complete this application on your behalf)
- bank account details to identify you and facilitate payment
- documents uploaded as proof of address
We then collect, store, use and share with BEIS the following categories of personal information about you:
- assurance evidence such as bank statements, tenancy agreements, utility bills, UK driving licence, benefits entitlement letter, temporary housing provider letter, invoices for care home fees/letter on headed paper from the care homeowner or management, and use of council tax records to verify your household address is your sole and main residence
We collect telephone numbers and email addresses so that we can contact you, or your agent. If we hold a mobile number for you, or your agent, we may send a text.
Where we get your information from
Information is collected from you as the service user through the BEIS GOV.UK online web form when completing your application for energy bills support scheme or alternative fuel payment, by our review team contacting you for assurance evidence, or by recording of your telephone call if calling our main customer support centre (or our Council Tax, Business Rates and Benefit Service direct). This information will be collected either from you directly as the data subject, or from a representative acting on your behalf.
How your information will be used
In order to provide services to you, it is necessary for us to collect and hold personal information about you. This information will be processed by us to:
- process your request or enquiry
- contact you in case of a query or an issue concerning the service you have requested
- process and make decisions on applications you have sent
- process financial transactions
- help investigate complaints or concerns you have raised about the service provided
- help detect and prevent fraud and corruption in the use of public funds and where necessary for law enforcement functions
- maintain our own accounts and records
- help us build up a picture of how we are performing
- provide statistical analysis
- help with research and planning new services
We will use the information you provide to carry out checks to verify your eligibility for the support grant, to administer the distribution of the funds and to contact you regarding your application and ongoing eligibility. The information you provide may be used for the prevention and detection of fraud and for other statutory purposes, including enforcement action.
We are required to complete pre assurance checks on behalf of central government in guidance published in relation to the energy bills support scheme and alternative fuel payment. Without collecting this information, the council will be unable to meet its obligations.
If you fail to provide certain information, we may not be able to provide the service you have requested.
You may face prosecution if you have manipulated or falsified your position in order to obtain these payments. Any payment made as a result of fraud will be subject to recovery action, as well as any grants paid in error.
When you contact us requesting certain services, your personal information may be recorded in our Customer Relationship Management (CRM) system to ensure those services can be delivered.
Personal data revealed during a telephone call will be recorded to deliver appropriate services. Occasionally special category personal data may be recorded where you voluntarily disclose health, religious, ethnicity or criminal information to support your request for advice and / or services.
Please read our Customer Support Centre Privacy Notice for more information.
Lawful basis for processing data
The lawful basis for processing your personal data is on the basis of legal obligation and that it is necessary for the performance of a public task.
Grant payments will be made under section 13 of the Energy Prices Act 2022.
Teignbridge District Council has a statutory duty under Section 151 of the Local Government Act 1972 to ensure proper administration of the authority’s financial affairs. To meet this requirement, assurance must be obtained that the grant funding has been paid correctly.
In addition, processing is undertaken according to Schedule 2 of the Data Protection Act 2018 for the prevention and detection of crime.
Who we share your data with
We may share your personal data with:
- other council services
- other local authorities and government organisations to check the information provided in your application
- the Department for Business, Energy and Industrial Strategy (BEIS) for monitoring, evaluation and research purposes, as well as for prevention and detection of fraud and/or criminal activities and for suspension and/or recovery of the grant where necessary. BEIS may contact you for research purposes regarding the grant. The government may share your information for the purpose of counter fraud activity and debt recovery with other government departments, agencies and/or local authorities
- HMRC (if requested)
- the Cabinet Office for the National Fraud Initiative data matching exercise (if requested to)
We will not share this data with other organisations or individuals outside of the council for any other purpose unless we are required to do so by law or where it is appropriate to support our duty to protect public funds and / or detect and prevent fraud or other criminal activity or safeguarding requirements.
There may also be instances where our system suppliers will need to access individual’s personal information to ensure that information is being held securely and accuracy is maintained. This will be on a strict need to know basis and all contracts have confidentiality clauses built in.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not transfer your information to countries outside the European Economic Area (EEA) unless this is necessary, and only to countries which have sufficient safeguards in place to protect information.
We will not share your information with third parties for commercial or marketing purposes.
How long do we keep hold of your information and is it secure?
We will only retain your personal information for as long as we are required to do so by law and the purpose we collected it for. The retention period is either dictated by law or by our discretion. Once your data is no longer needed it will be securely and confidentially destroyed. For example, the Department for Business, Energy and Industrial Strategy (BEIS) has informed that we are required to retain data on the energy bills support scheme and alternative fuel payment scheme for 7 years.
Call recordings will be retained for thirty days after which they will be deleted and no longer retrievable. Customer records can be held on the Customer Relationship Management system (CRM) for up to six years.
We have implemented appropriate technological and operational security in order to safeguard your data from loss or misuse.
Automated decision making or profiling
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Changes in your circumstances
You must notify us immediately if there are any changes in your personal details so we can maintain an accurate and up to date record of your information.
Your rights and access to your information
You have rights under the data protection legislation:
- to access your personal data, known as a subject access request
- to be provided with information about how your personal data is processed
- to have your personal data corrected
- to have your personal data erased in certain circumstances
- to object to or restrict how your personal data is processed
- to have your personal data transferred to yourself or to another business in certain circumstances
- you have the right to be told if we have made a mistake whilst processing your data and we will self-report breaches to the Information Commissioner
Should you wish to exercise any of your rights, you should contact the Data Protection Officer email@example.com.
If you have any concerns
You have a right to complain to us if you think we have not complied with our obligation for handling your personal information by contacting the Data Protection Officer in the first instance.
If you are not satisfied with the council’s response you have a right to complain to the Information Commissioner Office:
Telephone: 0303 123 1113
Or use their online tool for reporting concerns: https://ico.org.uk/concerns/