Privacy

The Local Government and Social Care Ombudsman processes any personal data we collect, in accordance with the General Data Protection Regulation 2016 and the Data Protection Act 2018.

We have divided our privacy notice into various sections, depending on the type of contact we have with you. Click on the headings below for more specific information about data processing for these instances.

Underneath those headings you can read about your rights and find contact details for making enquiries about your data.

We process information from the following people:

 

Your rights

The right to access to your data

You can ask to see a copy of the personal data we hold on you. For more information on how to do this, see: Access to information

The right to rectification

If the personal data we hold about you is not accurate or not complete, you can ask us to put it right (this is called rectifying your data). Please bear in mind just because you disagree with information we have obtained from another source, it does not necessarily follow that it is not accurate. We aim to deal with any enquiries about rectifying your data within one month of receiving your request.

The right to object

You can object to our processing of your personal data, and we must comply with your objection unless we can demonstrate our grounds for processing override your interests, rights and freedoms. Your grounds for objection must be related to your situation. However, if we comply with your objection, we will not be able to continue to have involvement with you.

The right to restrict processing

We will restrict processing of your data if:

  • you tell us the data we hold is not accurate, while we verify the accuracy
  • you object to our processing, while we consider if our legitimate grounds for processing override your right to object
  • we no longer need the data but you need it to establish, exercise or defend a legal claim.

The right to erasure (“right to be forgotten”)

The right to erasure or ‘the right to be forgotten’ does not apply when information is being processed for the performance of a public interest task or exercise of official authority or if we can demonstrate that we still need it for another reason e.g. Information Commissioner investigation.

The right to data portability

The right to data portability only applies to data that is processed by automated means. We do not make decisions about any of our work by automated means and therefore this right does not apply.

Please contact the Data Protection Officer if you have any queries about your rights.

Contact details

If you have any queries about the information given here, or how we handle personal data please contact the:

Data Protection Officer
Local Government and Social Care Ombudsman
PO Box 4771
Coventry
CV4 0EH

Email: dataprotection@lgo.org.uk

To contact us about other matters, visit the contact us page.

The person who is ultimately responsible for the control of your data in our files is the Senior Information Risk Officer. The data controller is the Commission for Local Administration in England (the formal name of the Local Government and Social Care Ombudsman).

Complaints about how we have handled your data

If you have a complaint about how we have handled your data, you can complain to the:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: 01625 545700 or local call 0303 123 1113
Fax: 01625 545510
www.ico.org.uk

Changes to this privacy statement

If this privacy statement changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of the information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

 

Privacy notice for complainants

We process personal information to enable us to carry out our statutory duties. These duties include considering and investigating complaints, providing advice and information, and undertaking research.

We also record telephone calls made to our 0300 061 0614 help line number for training and quality purposes. We may record incoming and outgoing calls on other numbers and when we decide to do this, we will tell you.

If you make a complaint to us, we will hold the information you provide to us securely and use it to help us process your complaint. We will let you know if we need more information from you as your complaint progresses.

We process information that is relevant to the investigation of complaints we receive. This could include:

  • personal and family details
  • financial details
  • details of complaints, incidents and grievances
  • visual images
  • sound recordings

We also process special categories of personal data. This may include information about:

  • physical or mental health
  • adult social care
  • sex life or sexual orientation
  • racial or ethnic origins
  • religious or philosophical beliefs

To investigate complaints, and to carry out feedback research, we need to process personal data to carry out our public task, and in the public interest.

We may also need to show some of the information you give us to other people. For example, in nearly all cases, we will share some of the information you give us with the organisation you have complained about, so they can respond to our enquiries. We will do this even if you have yet to complete the complaint process with that organisation. Where you have complained about a specific employee of the organisation concerned, we will usually share information you have provided about your complaint with that employee.

The types of other people and organisations we share data with include:  a person who is representing you in making your complaint, professional advisers, and other ombudsman or regulatory authorities, see also section below on Joint investigations. We will usually tell you when we share your data, and who with.

To process your complaint, we will often obtain information about you and your complaint from other sources. In many cases we will obtain information from the organisation you are complaining about, and, in some cases, we will need information from third parties such as legal or other expert advisers. Some of this information may be special categories of personal data, such as health or care records, where these are relevant. When we are given information by third parties, we will tell you what it is.

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees only access your data in the proper performance of their duties. For more details see our Information Management Policies.

We scan all documents when we receive them and will generally destroy the paper copies, unless you tell us that you want your documents returned. We normally destroy most of the complaint file material 12 months after the complaint is closed. This includes all the information you have sent to us and we have obtained from other sources, for example from the council. In exceptional circumstances, we may need to keep complaint file material longer, for example, if there is a court case pending; we will generally tell you if so.

We keep a record of the complaint and details of our decision for five years as this helps if you complain to us again. When we publish a report, we keep a copy of the report for 15 years and most reports are published on our website. Decision statements are also usually published on our website. Neither reports nor statements will contain your name or any other information that would identify you.

In most cases, people who complain to us are reasonable and allow us time to do our job. However, some people behave in a way which affects our ability to deal with their or other people’s complaints. If this happens, we may need to manage the way that person can contact us.

In extreme cases, we keep details of people who we consider present a possible threat to the safety or wellbeing of our staff. We will normally tell the person when their details are recorded in this way, unless we believe this may provoke unacceptable behaviour towards our staff. We regularly review information recorded in this way and delete it when it is no longer relevant.

We carry out some joint investigations with the Parliamentary and Health Service Ombudsman (PHSO) where a complaint covers both health services and social care services. Where we consider your complaint is one which could be best dealt with jointly, we will ask for your consent before we start considering it. By providing your consent to a complaint being dealt with jointly by both organisations you are also providing your consent to us sharing the information required to do so. If you do not give us consent, then we will not be able to undertake a joint investigation. For specific details on how a joint investigation will be carried out please see the agreement between PHSO and LGSCO for joint working.

See how the PHSO will process your information.

We also work with the Housing Ombudsman with whom there is also scope for carrying out joint investigations, and we each deal with different aspects of complaints about housing. We will ask for your consent before starting a joint investigation. See our Memorandum of Understanding with the Housing Ombudsman.

We share information with the Care Quality Commission (CQC) – the independent health and social care regulator in England. The two organisations work together to promote high quality services for all people who use adult social care services. See our Information Sharing Agreement and Memorandum of Understanding with CQC.

We usually contact complainants six weeks after they have had the decision on their complaint to ask them to take part in our feedback survey.

If a complainant has provided an email address we will email them with a link to the survey. If not, we will send the survey by post.

Complainants do not have to take part in the survey.

Responses are not seen by the original case officer, but a separate team will analyse them to see how we can improve our service. The results are presented in an aggregated form in a quarterly report.

Please see separate Privacy Notice for survey respondents.

 

Privacy notice for job applicants

We process personal information as part of our recruitment exercise.

We may collect information about you from your:

  • application form or CV
  • your passport or other identity documents
  • through interviews or other forms of assessment, including online tests

We process information that is relevant to the recruitment exercise. This could include:

  • your name, address and contact details
  • details of your qualifications, skills, experience and employment history
  • information about your entitlement to work in the UK

We may also process special categories of personal data. This may include information about:

  • physical or mental health
  • sex life or sexual orientation
  • racial or ethnic origins
  • religious or philosophical beliefs

We may also process information about criminal convictions and offences.

To make any reasonable adjustments during the recruitment process, and for the purposes of equal opportunities monitoring.

To carry out checks and to enable us to enter into a contract with you. In some cases this will be to ensure we are complying with our legal obligations. For example, we are required to check a successful applicant's eligibility to work in the UK before employment starts.

To enable you to gain access to some of our buildings, if we make an offer of employment.

To enable us to respond and defend against potential legal claims from job applicants.

To retain your information on file (if you are unsuccessful), in case suitable employment opportunities come up in the future.  We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.

Your information may be shared internally for the purposes of the recruitment exercise. For example, within our Human Resources Team, with managers in the business area with a vacancy, with interviewers involved in the recruitment exercise.

We may also share your information externally. For example, with recruitment consultants and online testing companies for the purposes of the recruitment exercise.  If your job application is successful, we will also share your information with your former employers to obtain references. To enable you to have unrestricted access to our London office we will also share your data with the Vetting Services to obtain security clearance.

We will usually tell you when we share your data, and who with.

If we offer you a job, we will contact your former employers for references. We may also obtain information from the Disclosure and Barring Service or Disclosure Scotland

We take the security of your data seriously. We have internal policies and controls in place to ensure your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees and recruitment consultants only access your data in the proper performance of their duties. For more details see our Information Management Policies.

Information about the recruitment exercise is stored in a secure network drive, and Outlook.

If your job application is unsuccessful, we will hold your data on file for six months after the end of the recruitment process. At the end of that period, or if you withdraw your consent, your data is deleted or destroyed.

After six months, we keep basic anonymised data for monitoring purposes.

If your job application is successful, we will transfer the personal data gathered during the recruitment process to your personnel file and we will keep it during your employment. We will give you a new privacy notice which outlines how long we will hold your data.

 

Privacy notice for information access requests

This covers requests which you make to us under the Freedom of Information Act 2000, General Data Protection Regulation 2016, Data Protection Act 2018 or the Environmental Information Regulations 2004.

If you are a complainant, this notice supplements information which we have already given you.

When you make a request to us, we will need your name and contact details. We need this information for the purposes of administering, processing and responding to your request.

In certain circumstances we may also require information that proves who you are or that you are entitled to see the information you are requesting.

We are required to process this information to comply with our legal obligations. We will not collect any personal data from you which we do not need.

We will only use the personal information to handle your information access request and to check on the level of service we provide. We compile statistics which are reported within the organisation showing information like the number of complaints we receive, but not in a form which identifies anyone.

If the information you have requested has been provided to us by someone else or another organisation, then we may contact them to discuss giving it out.

When the information relates to information provided to us about your complaint, we will need to identify you to the organisation so they can discuss this with us.

When the information relates to a Freedom of Information or Environmental Information request, then we will not tell another organisation who you are.

Where we receive a complaint from the Information Commissioner’s Office, they will request information from us, which we will have to provide because we are legally required to do so.

We retain personal information only for as long as necessary to deal with your information access request, or any follow up appeals, or investigations.

We will keep correspondence relating to all information access requests or appeals Freedom for 3 years.

 

Privacy notice for training and event attendees, including link officers and care providers

We process personal information to provide training to you and run events.

If you make a booking to attend one of our training courses or events we will collect your name, your organisation’s name, job title, email address and brief information about your experience and the work you do. If you pay for yourself to attend, we may also collect financial information from you

We may also process special categories of personal data, relating to physical or mental health.

As part of our public task, we need to help you with how you deal with your complaints. We do this through our training courses and events.

To administer the training course and to ensure it meets the needs of the attendees. We compile statistics and feedback to check on the level of service we provide and to make any adjustments to future courses.

Your information is shared internally by those administering and delivering the courses and events.

We collect and process feedback information through a secure web-based system, provided by a third party. This information is used to produce a feedback report which is shared internally. This is aggregated and is not in a form which identifies anyone. The report is also shared with your organisation or employer, but again not in a form which identifies anyone.

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees only access your data in the proper performance of their duties. For more details see our Information Management Policies.

Information which is processed by the third party is held on a secure web-based system. The processing is done so on the basis of written instructions and the third party is under a duty of confidentiality and is required to comply with the General Data Protection Regulation 2016 and Data Protection Act 2018 in their own right.

Information is stored on paper and in our secure network folders. Information relating to our administration of courses and events is kept for 5 years and information from satisfaction surveys is kept for 1 year.

 

Privacy notice for survey respondents

We process personal information to enable us to carry out our statutory duties. Part of these requires us to collect feedback from our customers on their experience of using the service and to use that feedback to help us improve how we work.

This notice is separate to how we deal with your information as part of an investigation of your complaint.

We process information to help us to understand our customers. This information could include:

  • opinions about our service
  • name, address, sex, age
  • qualifications, employment status
  • marriage or civil partnership
  • pregnancy or maternity

We also process special categories of personal data to meet our obligations under the Equality Act 2010. This may include:

  • physical or mental health
  • racial or ethnic origins
  • religion or belief
  • sexual orientation
  • gender identity

Part of our public task requires us to gather information about the experience of those using the service. We therefore process personal data to help us improve how we work. The information is not seen by the original case officer, but a separate team will analyse the results. These are presented in an aggregated form in a quarterly report. We also report results on our website annually.

The answers to all the questions on the survey are voluntary, but the more information you are willing to provide, the better we will be able to ensure our service can be accessed equally by everyone.

The information is collected and uploaded to a secure web-based system, provided by a third party. From this a quarterly report is presented internally, which has the information in an aggregated form. We also report results on our website annually.

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees only access your data in the proper performance of their duties. For more details see our Information Management Policies.

Information which is processed by the third party is held on a secure web-based system. The processing is done so on the basis of written instructions and the third party is under a duty of confidentiality and are required to comply with the General Data Protection Regulation 2016 and Data Protection Act 2018 in their own right.

We store all survey responses on a secure web-based system. Once our survey closes for that year, data is transferred to our own server for analysis. At that point, the original data and any paper copies are destroyed.

Once we have completed our analysis, the equality information we collect is made anonymous so it can no longer be linked to individuals. This is done within 18 months from the date the information was collected.

The remaining data is stored for another 5 years from the date it was collected.

 

Privacy notice for complaints handling networks set up for members of organisations in our jurisdiction

We process personal information to provide you with opportunities to network and share best practice with other complaints’ handlers.

When you join one of our networks we will collect your name, your organisation’s name, job title, email address and telephone number.

As part of our public task, we need to enable you to share best practice to improve complaint handling within the organisations in our jurisdiction.

In order to join and participate in a network we need your consent to share your details with the other members. If we do not have your consent, then you will not be able to join. You can also withdraw your consent at any time by informing the network administrator and therefore you will no longer be a member of the network.

Your information is also shared internally by those who administer the networks.

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We also make sure our employees only access your data in the proper performance of their duties. For more details see our Information Management Policies.

Information is kept in spreadsheets which are stored on our secure network and they are updated on an on-going basis when members join and leave the networks. After any changes, old versions are immediately deleted.

 

Privacy notice for subscribers to our email alerts

We process personal information to enable us to send you email alerts about work.

  • your email address
  • the profession or area of interest you represent (if you choose to provide it)
  • your subscription preferences
  • information about how you interact with this service

By subscribing to our email alerts you can receive notifications about our news, published decisions, and reports. We also provide subscribers with alerts to our latest job vacancies. We process this information with your consent. You can withdraw this consent easily at any time by updating your preferences and unsubscribing. When you do this we will stop sending you newsletters and alerts.

We use the information to:

  • provide you with information tailored to your preferences, and profession or area of interest
  • improve our service by monitoring how you use the emails we send you
  • gather feedback on your content preferences
  • respond to your feedback

As a subscriber, we may also contact you to ask for your feedback on how we can improve our services.

At any time, you have the right to update your information and your subscription preferences, or unsubscribe from the service. To do so, click to access your account.

We won’t share your personal information with other organisations for marketing, market research or commercial purposes.

We use the GovDelivery platform, provided by Granicus, for our email alerts.

Granicus has staff based outside the European Economic Area, and stores your data in the US. Granicus is certified under the EU-US Privacy Shield framework. When you sign up to our email alerts, you agree to your data being stored in this way.

As a data processor on behalf of the Local Government and Social Care Ombudsman, GovDelivery will use your information to send you email alerts if you request them. You can find out more about how GovDelivery collects and stores your information.

 

Information about website usage

Our website puts small files, known as cookies, onto your computer to collect information about how you browse the site. For more information see our separate Cookies page.

Log files allow us to record visitors’ use of the site. We put together the information from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information.

If you provide feedback on our website (the option is available at the bottom of most pages), we will collect personal data including the feedback you leave and your email address. We only use the information to develop and improve the site.

This privacy statement applies only to this website. If you follow a link to another website from this one, please read the privacy policy on the other website to find out what it does with your information.

;