This privacy notice is to supplement all the information we currently make available about how we process your personal data. Its aim is to make it easier to understand and provide you with more information about how, our organisation may seek to collect and hold information about you in relation to the unprecedented challenges we are all facing during the Coronavirus pandemic (COVID-19).
We are committed to protecting your personal data and ensuring that it is processed fairly and lawfully. Information you provide to us will be processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018) and subsequent legislation.
We may seek to collect, process and share your personal data in response to the recent outbreak of Coronavirus, which is above and beyond what would ordinarily be done so, about our staff, their dependents and the general public, to ensure their safety and well-being.
Such information will be limited to what is legal, proportionate and necessary, taking into account of the latest guidance issued by the Government and health professionals, in order to provide the necessary support to those most vulnerable and in need and also to manage and contain the virus.
The legal basis for data processing we are relying on comes from Article 6 of the General Data Protection Regulation (GDPR). The following sections apply;
- Article 6(1)(c) Legal Obligation - Processing is necessary for compliance with a legal obligation to which the controller is subject;
- Article 6(1)(d) Vital interest - the processing is necessary to protect someone’s life;
- Article 6(1)(e) Public task -the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Special category data:
- It is necessary to share sensitive information for the purposes of carrying out the obligations and exercising specific rights in the field of social protection law, for the provision of health or social care treatment or the management of health or social care systems. (Article 9 2(h) GDPR).
- Public health processing- it is necessary for reasons of public interest in the area of public health (Article 9 2 (i) GDPR)
The Emergency Planning Service deliver the Combined Authority’s statutory responsibilities and duties as a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004.
The Combined Authority must plan for, respond to and recover from major incidents in the Greater Manchester area.
The statutory duties placed on the Combined Authority as a Category 1 responder includes the anticipation and assessment of risks, production of plans for the purpose of controlling and/or mitigating the impact of emergency incidents and business disruptions as well as effectively responding to, and recovering from, an emergency.
The processing of personal information is necessary for compliance with the statutory requirements of the Civil Contingencies Act 2004.
The CCA places a duty on Category 1 and 2 responders to share information upon request. To help us provide emergency response services appropriate to your needs both during an incident and throughout the longer-term recovery period, we may share information with others including, but not limited to, Category 1 and Category 2 responders, such as:
- Other Council Services
- Emergency Services
- NHS agencies
- Health providers
- Utility companies
- Voluntary organisations
If you are struggling to find the answer to your retention query, please contact us on OfficeOfDPO@greatermanchester-ca.gov.uk