Coventry City Council complies with the Data Protection Act and the UK GDPR and is registered with the Information Commissioner’s Office (ICO) as a Data Controller.

This Privacy Notice explains how personal information is going to be used, what for, who it will be shared with and why.

Why we collect and use Personal Data about you

We are committed to promoting the highest standards of openness, probity and accountability for all of our employees, contractors and members and take very seriously any form of malpractice that is identified or discovered.

‘Whistleblowing’ is when someone raises a concern about a possible fraud, crime, danger or other serious risk that could threaten colleagues, members of the public, members of the Council or the Council’s reputation. This means that it is in the public interest that such concerns are disclosed.

The information collected about you will be used by the Council’s Monitoring Officer (who is responsible for the investigations undertaken in accordance with the Whistleblowing Policy) to investigate allegations of wrongdoing in accordance with the Employment Rights Act 1996, as amended by the Public Interest Disclosure Act (PIDA) 1998, and the Council’s powers to undertake investigation in respect of alleged wrongdoing, in relation to the services the Council is responsible for and to protect the ‘public purse’.

What information do we collect about you?

We collect and process a range of information about you when you make a disclosure (that is, you share your concerns about possible wrongdoing).

We will ask you to provide the following information:

  • Name
  • Job Title
  • Contact details
  • Details of the concern you have reported

You may make a disclosure anonymously but this will make it more difficult for us to investigate thoroughly and give you feedback on the outcome.

We will also hold information about other individuals as follows:

  • Details of people who have been referred to in a disclosure that may have been made and/or
  • Details of people who have been investigated following a disclosure under the Whistleblowing Policy.

You will be informed of any other data we collect, that is not listed above, orally or through email at the time of collection of the data.

Who we share your personal Data with

Information about the disclosure will be shared with those tasked by the Monitoring Officer to undertake the investigation. Ordinarily, this will not include details of the individual who has made the disclosure, but may include the identities of those against whom an allegation of wrongdoing has been made.

People tasked with investigating the disclosure may include:

  • Legal Services
  • Human Resources
  • Corporate Finance
  • Housing Service Teams
  • Welfare Service Teams
  • Other public authorities
  • Police
  • Her Majesty’s Revenue and Customs

The information will be shared in respect of the disclosure, and will be shared on a confidential basis by those tasked with investigating the disclosure, both within and where appropriate outside of the Council.

We also have a legal duty to pass information to third-party organisations such as the Police and/or the Department of Work and Pensions and anti-fraud agencies for the purposes of preventing and detecting crime, or for anti-fraud purposes, or for the protection of public funds.

The Monitoring Officer is responsible for the conduct of the investigation and will record what information is shared and the reasons for doing so.

To ensure that information is held continued to be held securely and that accuracy is maintained, there will also be instances where our system suppliers will need to access individuals personal information. This will be on a strict need to know basis and all contracts have confidentiality clauses built in.

The Council will not transfer your information to countries outside the UK and / or European Economic Area (EEA) unless this is necessary, and only to countries which have sufficient safeguards in place to protect information.

Information will be shared internally if required for better performance and efficiency of Council services and the welfare of individuals.

The Council may also share personal information with the police and other local authorities under Article 23 of the General Data Protection Regulations in order to prevent or detect crime.

How long will we keep your information?

We are committed to ensuring that your information is securely held.

We manage, maintain and protect all information according to legislation, our policies and best practice. All information is stored, processed and communicated in a secure manner. We provide training to staff who handle personal information and how to report and escalate when something goes wrong.

When we no longer need to keep information about you, we will review it and archive it for any relevant legal retention period and ultimately dispose of it in a secure manner, normally after 7 years of an allegation being resolved.

Confidentiality

We hope you will feel comfortable raising your concern openly, but we also appreciate you may want to raise it confidentially. This means that while you are willing for your identity to be known to the Monitoring Officer, you do not want anyone else to know that you have submitted this concern.

We will keep your identity confidential if that is what you want, unless we are required to disclose it by law (for example, if the police require it). This might be, for example, where your information is about a child or vulnerable adult who is at risk, or where there is a possible criminal offence. We will let you know if we have to tell the police or another official body.

You can choose to raise your concern anonymously, without giving anyone your name, but that may make it more difficult for us to investigate thoroughly and give you feedback on the outcome.

Your Rights

You have the right to:

  1. Ask to see the personal information we hold about you
  2. Ask us to change information we hold about you if it is wrong
  3. Ask us to delete the information we hold about you
  4. Ask us to limit the way we use your personal Information
  5. Ask for human intervention regarding decisions made about you by a computer
  6. Data portability (have your data transferred to another Authority)
  7. Complain to the Information Commissioner’s Office

To exercise any of these rights please contact Adrian West, Data Protection Officer by email: dpoteam@coventry.gov.uk [mailto:dpoteam@coventry.gov.uk]

Complaints

You have the right to submit a complaint if you are unhappy with the way your request is handled or disagree with a decision made by the council regarding your data. In these circumstances you can contact the Data Protection Team (DPO) and request a review of the decision.

If you are not satisfied with any outcome from the DPO you may wish to apply to the Information Commissioner’s Office at:

The Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF.

Date of last review: October 2023