Coventry City Council looks after a huge amount of information, including personal details of people who live in the city.

Personal Data can be collected in person on paper, in e-mails, over the phone, through CCTV or other forms.

We need this information so we can provide the right services to the right people. We know this information is important and we work hard to keep it safe and make sure that any information we collect is handled in the right way.

The type of information we collect, how we use it and the rights that you have, depends on which service you are using.

Our Privacy Notices explain how we use information about you - and how we protect it.

Who we are

Coventry City Council provides services to the people of Coventry. Some of the services we deliver are:

  • Adult and Children's Social Care
  • Library Services, schools and learning
  • Council Tax and Housing Benefits
  • Parks and Open Spaces
  • Planning
  • Environment and waste

We are a Data Controller under Data Protection Law so we are registered with the Information Commissioner’s Office (ICO) and we have a Data Protection Officer (DPO), Adrian West, who is supported by the DPO Team. They can be contacted at: DPOTeam@coventry.gov.uk [mailto:DPOTeam@coventry.gov.uk]

Why we collect personal data about you

We need to collect and hold information about you, so that we can:

  • Deliver services and support the people of the city
  • Investigate any worries or complaints you may have about your service
  • Do the things that the law says we have to do
  • Understand your needs so that we are able to provide the right services
  • Make sure your records and contact details are correct
  • Prevent and detect crime
  • Handle finances

What personal information we collect from you

The information we may need to collect from you will depend on what service you are using. Some of the information we collect is ‘Personal Data’ and some is classed as ‘Special Category Data’.

Some examples of Personal Data are:

  • Name
  • Address
  • Date of birth
  • Email address
  • Bank details
  • Telephone number

Some examples of Special Category Data are:

  • Race
  • Religion
  • Trade Union membership
  • Ethnic origin
  • Politics
  • Health

Minimum Data Set 

In order for us to monitor how we are meeting our Public Sector Equality Duty (PSED) and to assess how we are meeting the needs of our communities, we are asking service users to provide the following information:  

  • Age 
  • Disability 
  • Ethnicity 
  • Sex 
  • Armed Forces
  • Whether they are Care Experienced People 
  • Postcode 
  • Migration status 

Where we are using this data for research or analysis it will be pseudonymised. Pseudonymisation is the process of processing personal data without names attached to it.  

If we require your name for research or analysis, we will seek your consent to do this. 

How we use information legally and the Council's use of AI

We will use your personal data for a limited number of purposes and where we have a legal reason to do so in accordance with the Data Protection Act 2018 (DPA2018), UK GDPR.

There are a number of legal reasons why we need to collect and use your personal information:

  • You, or your legal representative, have given consent
  • You have entered into a contract with us
  • To perform our legal duties
  • It is necessary for a task in the public interest 
  • To protect someone in an emergency
  • For employment purposes
  • To deliver health or social care services
  • You have made your information publicly available
  • For legal cases
  • For the benefit of society as a whole
  • To protect public health
  • For records or research

The Data Use and Access Act 2025 has introduced Article 8A into the UK GDPR, which reforms how compatible further processing is assessed. 

Where we use your personal data for a purpose that is different from, but related to, the purpose for which it was originally collected, we will assess whether that further use is compatible with the original purpose by considering factors including: 

  • any link between the original and new purpose; 
  • the context in which the data was collected; 
  • the nature of the data, including whether it is special category data; 
  • the possible consequences for you; 
  • whether appropriate safeguards are in place. 

In addition, certain types of further processing are treated as compatible with the original purpose where they meet the conditions set out in Annex 2 of the UK GDPR (as amended). These include: 

  • processing that is necessary for the performance of a public task, 
  • for the safeguarding of vulnerable individuals, 
  • or for the prevention and detection of crime. 

Where the Council relies on Article 8A and Annex 2 to justify further processing of your data, we will document that assessment and ensure that appropriate safeguards are applied.

If we are relying on your consent to use your personal information, you may remove it at any time – just contact DPOTeam@coventry.gov.uk [mailto:DPOTeam@coventry.gov.uk] 

We will only collect and use your personal information if we need it to deliver a service or because we have to by law, and we will collect only the details we need.

Where we are processing your special category data, we also need to meet one of the following conditions: 

  • it is necessary for employment, social security or social protection purposes
  • it is necessary to deliver health or social care services
  • it is necessary to protect someone in an emergency
  • you, or your legal representative, have given consent
  • you have made your own information publicly available
  • it is necessary for legal cases
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes

We will not sell your personal information to other organisations.

Use of Artificial Intelligence (AI) 

We use AI tools across a number of our services to help us process your data more efficiently and to improve service delivery.  Examples include transcription tools to produce minutes of meetings, AI-assisted data matching and analysis, and the AI components within our System Customer Record system.  

We will only use AI tools where there is a lawful basis to do us under the UK GDPR and Data Protection Act 2018, and only to the extent necessary to deliver the relevant service.  We will not use AI tools to process more of your personal data than is required for the specific purpose. 

Where we have produced minutes, records or other documents using AI tools, we will state this. All AI-generated content will be reviewed by a member of staff for accuracy before it is relied upon, and that member of staff will take responsibility for the final version of the document.

Whilst we use suppliers who provide AI tools, we ensure that all contracts with those suppliers include appropriate data protection safeguards in accordance with Article 28 of the UK GDPR. Personal data is not used to train open AI models, and the use and control of your personal data remains at all times with Coventry City Council. We carry out Data Protection Impact Assessments (DPIAs) before introducing new AI tools that process personal data.

We do not make solely automated decisions that have a significant or legal effect on individuals. Any decisions informed or assisted by AI will always involve meaningful human review and oversight before they are acted upon. Where AI is used to assist in a decision that affects you, you have the right to request human review of that decision, to express your point of view, and to contest the outcome. Please see 'Your Rights' below and contact DPOTeam@coventry.gov.uk if you wish to exercise these rights.

International Data Transfers 

We may process your information overseas using ICT systems and services that are based outside the UK, but only where we have a contract with suppliers for ICT services that meets our obligations under the UK GDPR and Data Protection Act 2018. 

Where AI tools involve the processing of personal data outside the United Kingdom, we will only permit this where appropriate safeguards are in place, such as the International Data Transfer Agreement (IDTA) or equivalent mechanisms under the UK GDPR. We will carry out a Transfer Risk Assessment where required before any such transfer takes place.

Cookies

Our website uses cookie technology to help log visitors to our website. The information is collected in order to make websites work, or to make them work more efficiently, and provide information for the administration of the website. You can reject the use of cookies. Further information is available here [https://uat.coventry.gov.uk/cookies]

Prevention and Detection of Fraud 

Coventry City Council is required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of fraud to comply with the law.  

In addition to our own 'data matching' exercises we may also share this information with other public bodies.  These include, but are not limited to:

  • Cabinet Office – including the national data matching exercises under Part 6 of the Local Audit and Accountability Act 2014
  • National Anti Fraud Network (NAFN)
  • Cifas
  • Department for Work and Pensions (DWP)
  • other Local Authorities
  • HM Revenue and Customs (HMRC)
  • Police
  • NHS

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud, money-laundering and to verify your identity. They will also share your information with a range of information providers to obtain documentation or information that will allow us to verify the information you have provided us is accurate. If fraud is detected, you could be refused certain services, finance, or employment.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights can be found on the privacy notices of Cifas [https://www.cifas.org.uk/fpn] and National Anti Fraud Network [https://www.nafn.gov.uk/report/privacy/] (NAFN).

Where our AI tools, including the Single Customer Record, involve using your personal data for purposes that go beyond the original purpose for which it was collected, we will assess whether that further use constitutes compatible further processing under Article 8A of the UK GDPR as amended by the Data Use and Access Act 2025. In carrying out that assessment, we will consider the link between the original and new purposes, the context of the original collection, the nature of the data, and the safeguards in place. Where the further processing is necessary for the performance of a public task, for the safeguarding of vulnerable individuals, or for the prevention and detection of crime, it may be treated as compatible with the original purpose under Annex 2 of the UK GDPR. It may also constitute compatible further processing where it is necessary to safeguard the objectives listed in Article 23(1)(c) to (j) of the UK GDPR, which include matters such as public security, the protection of judicial independence, and other substantial public interests. We will always document our compatibility assessment, apply appropriate safeguards, and inform you of any material further use of your data where required to do so. You retain the right to object to further processing of your data; please contact DPOTeam@coventry.gov.uk to do so. 

We also participate in the National Fraud Initiative (NFI) data matching exercise to assist in the prevention and detection of fraud. More information about the NFI can be found here [https://www.coventry.gov.uk/information-governance/data-matching-national-fraud-initiative].

We may also share information with utility companies, credit reference agencies, service providers, or contractors and partner organisations where the sharing of information is necessary, proportionate, and lawful.

In limited situations we may monitor and record electronic transactions (website, email and telephone conversations).  This will only be used to prevent or detect a crime or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.

Emergency Response Management

Data matching may also be used to assist the council in responding to emergencies or major accidents, by allowing the council, in conjunction with the emergency services, to identify individuals who may need additional support in the event of e.g. an emergency evacuation.

Public Health Services

We are responsible for Public Health Services and we need to process personal information such as medical details to help this work. This information will be handled in the same way as all other personal information. Further details can be found in the Public Health Services Privacy Notice [https://www.coventry.gov.uk/data-reports/public-health-privacy-notice]

Employee Data

We will handle personal information for people who work – or have worked – at the Council, councillors and other elected officials and volunteers for all employment purposes, such as pay and pensions. Further details can be found in the HR Privacy Notice [https://www.coventry.gov.uk/HRprivacynotice]

How we protect your information

We do everything we can to keep your information safe and make sure that only the right people are allowed to see it.

We do this by:

  • testing our ways of working and security so we can make sure they are the best they can be
  • training staff every year on Data Protection and Information Security
  • assessing any changes to our system and the effect they could have on the safety of your information
  • we will not keep your information longer than it is needed or where the law states how long this should be kept. We will dispose of paper records or delete any electronic personal information in a secure way
  • we will investigate data incidents where we have found that your personal information may have or has been disclosed inappropriately and attempt to recover any data

Who we share your information with

Sometimes we may need to share your information with other organisations. When this happens we have an agreement that they will keep your details safe, obey the Data Protection law and only use them for the reasons you asked.

These agreements are called Data Sharing Agreements (DSA). Before we do anything, we check to make sure your details will be protected.

We will ask your permission before we share details, unless we have to protect someone and stop them getting hurt, or because of legal reasons such as:

  • if we take a child into care
  • if the court orders us to provide the information
  • if someone is taken into care under mental health law

Sometimes we will share information when we think that sharing is much more important than your privacy, such as:

  • to protect a child or adult at risk of harm
  • if there are serious risks to the public, our staff or to other professionals
  • to find and stop crime

If we have to share information urgently and cannot contact you first, we will make a record of what we share and why we shared it and let you know what we have done and why - if we think it is safe to do so.

Coventry City Council works with other health and social care organisations to share information that will form part of your Integrated Care Record. The Integrated Care Record allows health and care professionals involved in your care to view your records to help them understand your needs and make the best decisions with you, and for you. Information we hold about you will be available, to read only, to other Health and care professionals in Coventry and Warwickshire, Birmingham and Solihull, and Herefordshire and Worcestershire when they are involved in your health or social care.

For more information on how your data is used on the Integrated Care Record and how to exercise your rights please see the full Privacy Notice [https://www.happyhealthylives.uk/staying-happy-and-healthy/digital/integrated-care-record/privacy-notice/].

National Data Opt-Out

This applies to organisations that handle data that originates within the health and adult social care systems in England. It provides a choice to patients about how their confidential patient information is used for purposes other than their individual care and treatment. NHS England » How the NHS and care services use your information: the National Data Opt-Out [https://www.england.nhs.uk/contact-us/privacy-notice/how-the-nhs-and-care-services-use-your-information-the-national-opt-out/]

The Council complies with the National Data Opt-out standards. 

National Data Op-out compliance statement [https://www.coventry.gov.uk/health-social-care/national-data-opt-compliance-statement]

How long your information will be held for

We will only keep your information as long as we need to so we can give you the service you need, unless we have to keep it for legal reasons. The time can be different depending on the service you have asked for.

Your communication with the Council

If we record or monitor any telephone calls that you make to us, we will tell you at the beginning of the call.

All calls received by our Customer Service Centre are recorded and kept for 8 weeks before being permanently deleted.

If you email us, we may keep a record of the email and your email address. We will not put confidential information in an email unless you agree.

When you contact us by email, please do not include any confidential information that is not really needed. Password protect emails or use our secure online forms and services.

A 'My Account' created when you contact us will remain permanently unless you request this to be deleted.

Service Requests logged via email form or customer contact are retained for three years before being deleted.

'Live Chat' - only the original question asked is retained, all other information is automatically deleted when the chat box window is closed.

CCTV/Surveillance

We have CCTV in some buildings – and outside them - to keep people safe and prevent crime. They are also on some roads and in areas such as recycling sites.

There will always be a sign saying CCTV is being used and telling you who to contact if you want information about the scheme.

Images captured by CCTV will only be kept as long as they are needed.

You have the right to see CCTV images of yourself and get copies.

Our Enforcement Officers within Parking Services, Regulatory Service and Environmental Services wear cameras and microphones to:

  • help keep them safe
  • reduce any risk of trouble or confrontation
  • record details if there is a crime

You have the right to see these images and hear the recordings and get copies.
These images and recordings will only be shared for the right reasons and will never be put online or passed to the media for entertainment purposes.

Emergency Service Unit - CCTV Privacy Notice [https://www.coventry.gov.uk/esuprivacynotice]

Your rights

At the time personal information is collected, an individual has a right to be informed about how that information will be used. This includes the purpose for the processing, the legal basis, recipients and categories of recipients of the information.

The right to access to your information

You have the right to ask for all the information we hold about you, this is called a Subject Access Request. When you send us a written request we must give you all the details we have about you - usually within one month – but we cannot share parts of your record that could include:

  • information about other people
  • things that could cause harm to you or someone else
  • things that would stop us preventing or detecting a crime.

Details on how to apply can be found here [https://www.coventry.gov.uk/information-governance/requesting-personal-information]

The right to have your details corrected

You have a right to correct inaccurate personal information an organisation may hold about them. 

Right to be forgotten

In some cases, you can ask us to delete information, for example:

  • Where your personal information is no longer needed for the reason it was collected
  • Where you have removed your consent for us to use your information
  • Where there is no legal reason for the use of your information
  • Where deleting the information is needed  by law

You can ask us to stop processing your personal details for any Council service and we will do so if we can and it is allowed by law, but this may affect our ability to provide you with services.
Where your personal information has been shared with others, we’ll do what we can to make sure those organisations delete it.

The Right to be forgotten will not apply and we won’t be able to delete your information where:

  • to comply with a legal obligation
  • to exercise the right of freedom of expression and information
  • for the performance of a task carried out in the public interest or in the exercise of official authority
  • for archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims

You can ask to limit what we use your personal data for

You have the right to ask us to limit what we use your personal information for where:

  • you have told us information is wrong
  • where we have no legal reason to use that information, but you do not want it totally deleted.

You have the right to ask us to stop using your personal information for any Council service, but this could affect how we deliver the service.
Where possible we will do what you ask, but we may have to keep some information because of legal reasons.

You can ask to have your information moved to another provider (data portability)

This allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its' usability. This will not apply to many Council services. 

Rights in relation to automated decision making and profiling

Your rights in relation to AI processing

You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you have given permission. You can ask to have any decisions made by computers explained to you.

Where we use AI to process your personal data or to assist in decisions that affect you, you have the following rights in addition to your general data protection rights set out in this notice: 

  • The right to be informed that AI is being used and how it affects you;
  • The right not to be subject to a solely automated decision that produces a significant legal or other effect on you – a human will always be involved in any such decision; 
  • The right of access - you can request a copy of your personal data, including any AI-generated content that forms part of your record;  
  • The right to rectification - you can request correction of any inaccurate information, including inaccurate AI outputs, that we hold about you; 
  • The right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data protection rights have been breached in connection with AI processing. 

To exercise any of these rights, please contact DPOTeam@coventry.gov.uk [mailto:DPOTeam@coventry.gov.uk].

You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, such as health conditions.

If and when we use your personal information to profile you to help deliver services, we will tell you.

Right to object

You have the right to object to your details being processed and to ask us to stop.

This right only applies in certain circumstances.

You have the absolute right to object if your details are being used for direct marketing purposes.

You can object if the processing is for:

  • a task carried out in the public interest
  • for official Council reasons
  • legitimate interests

In these circumstances the right to object is not absolute.

If we are processing data for scientific or historical research, or statistical purposes, the right to object is more limited.

For more detailed information about your right to object, please visit the Information Commissioner’s Office (ICO) website [http://www.ico.org.uk].

Contact us

We have a Data Protection Officer (DPO), supported by a team to make sure we respect your rights and obey the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, Adrian West, at DPOTeam@coventry.gov.uk [mailto:DPOTeam@coventry.gov.uk].

How to make a complaint to the Council

If you wish to complain about your personal data privacy or information rights, please first contact the service you are using.

If you wish to raise the matter with the Data Protection Officer, use the contact details above.

You have the right to complain to the Information Commissioner’s Office (ICO), an independent body set up to protect information rights in the UK. They can also offer advice and can be contacted through their website [http://www.ico.org.uk].

Changes to this privacy notice

We will continually review and update this Privacy Notice to reflect changes in our services and feedback from service users, as well as to meet any changes in the law.

When we make changes, we will change the “last updated” date at the end of this notice. If there are major changes to this Notice, or the way we use your personal data, we will advertise the changes on the main page of our website and in Council offices.

We would ask you to visit our website from time to time to check for any updates and keep informed on how we are protecting your information.

Last review date: June 2026

Privacy notices for our services

Video conferencing user agreement

When you join a virtual call with Council staff there are a number of points that need to be considered before joining the call. 

Below are the details of the terms to participate in a virtual call. However, if after reading this agreement you are not satisfied with the terms, please disconnect the call immediately. 

Your continuation of the call will be deemed to be acceptance of the terms. 

Participants in the call agree to the following terms:

  • Not to record the call in any way by photographing, filming, screen shooting recording or sharing the call on any device without prior agreement from all participants in the call;
  • Not to invite others into the call where this has not been agreed with all participants prior to the call;
  • Not to allow individuals other than the call participants to overhear and/or view confidential subject matter on the call. (Use of an audio headset to maintain privacy may assist with this);
  • Not to screen share inappropriate documents with participants in the call;
  • To behave to the same professional standard as a face to face meeting;
  • To use professional language when using the chat function;
  • To use a neutral background if using the camera tool; and
  • To (where required by the participants of the call) keep information shared in the call confidential at all times. (Unless such information indicates that an individual is or could be at risk of harm.) 

Download this agreement as an image [https://www.coventry.gov.uk/downloads/file/33283/video_conferencing_user_agreement].