This privacy notice tells you what to expect when your personal data has been registered by Dudley Metropolitan Borough Council (DMBC) on its Employee Warning System. In this Notice we explain what types of information will be collected about you, how we intend to use it, and who else your information may be shared with. The processing of your personal data is governed by the UK General Data Protection Regulation (the UK GDPR), The Data Protection Act 2018 and other legislation such as the Human Rights Act.
The Council operates an Employee Warning System (EWS) that includes information relating to people who have been assessed as posing a risk.
The Council owes a duty of care to its employees under the Health and Safety at Work Act 1974 and has a legal duty under RIDDOR – Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 – to record and report incidents of work-related violence.
In the event or likelihood of this happening, personal information about you will be collected to assess the risks to our employees (including the risk of reasonably foreseeable violence) and will be retained on the Council’s Employee Warning System (EWS).
Individuals may also be recorded onto the EWS system where the Council has a legitimate interest in considering them as having unacceptable behaviour. In these circumstances the record on EWS is utilised to advise staff that the individual has restricted access and must only contact the council via the route communicated to them. Individuals will be formally advised in writing that this is the case.
The categories of personal information on EWS include:
- Contact details
- Notes and other information we obtain directly from you about actual or potential violent behaviour. For example, we may make a note of the words you said if you threatened a member of staff.
- Notes and information we obtain from any Council department, or third parties, in relation to actual or potential violent behaviour.
We will use the information we hold about you for the purposes stated. In general, this will be to assess the risks to our employees and partners (such as those working on the council’s behalf).
We will use the information we hold about you on EWS to assess if there is a risk to our staff or anyone else officially representing the council when they contact or visit you.
Any information gathered will be kept in line with statutory requirements we listed in section 2 (above) and will not be reused for different purposes or passed or sold to third parties for commercial purposes.
The lawful basis for processing as specified in the UK General Data Protection Regulation (UK GDPR) is Article 6 (1) (c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
Under Article 6(1) (f) processing may also be necessary for the purposes of the legitimate interests pursued by the Council.
Council staff who look after the register and staff who are working with you or have a need to contact/visit you will have access to the data on EWS. Access to the reasons why you are registered on EWS is limited to those staff with a need to know.
In order to prevent unauthorised access or disclosure of the details on EWS, we have put in place suitable controls to limit the number of people who can see the system:
- Physical controls (any records are kept securely).
- Electronic controls, any computer records are stored in a “locked down” area on the Council’s network where only staff who look after the register can access it.
Your information may be shared with other agencies, organisations and contractors that may come into direct contact with you. We do this to enable them to assess the risks to their employees as part of their work.
We also have a legal duty to pass information to third party organisations such as the Police if there has been a crime committed.
When we feel that others are at risk, in order to protect the vital interests of others, we will share information without your consent.
When sharing information, we will do so in line with UK Data Protection laws and agreed information sharing protocols where appropriate.
We collect this information via a number of methods including:
- Collecting information from those who you may have been violent or aggressive towards.
- Council employee alert forms and action plans as determined by the Council’s
EWS operational procedures.
- Other sources- we may receive information about you from other organisations, agencies or service providers.
We will match data from other sources to the data we hold at the Council, to ensure we have the correct information about you, and update your record on EWS.
Any information gathered will be kept in line with the requirements we listed in section 4 (above). Retention periods will be in line with the Council’s EWS operational procedures.
Information held on the register will be subject to periodic review.
All the information we collect is stored securely on our IT systems. We have strict procedures for the way this is done. All information we hold about you is confidential.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights under the Data Protection Act 2018 and UK GDPR which are as follows:
- The right to be informed via Privacy Notices such as this
- The right of access to any personal information the Council holds about you (also known as a Subject Access Request). You will not be charged for making a subject access request. You are entitled to receive a copy of your personal data within one calendar month of our receipt of your request, subject to exemptions stated in the Data Protection Act.
- The right to rectification. We must correct factually inaccurate or incomplete data within one calendar month.
- The right to erasure/right to be forgotten. You can ask for your personal information to be erased unless we have a legal obligation to keep or process your information. In the case of the warning markers this will be in line with the Council’s operational procedures and we will only be able to erase your data subject to the outcome of regular risk reviews. This is because of the legal reasons we have to keep it. (Health and Safety at Work Act 1974 and a legal duty under RIDDOR – Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013).
- The right to restrict processing. You have the right to limit how we use your data, unless we have a legal obligation to process your data. We can retain just enough information about you to ensure that the restriction is respected in future. You will not be able to ask us to stop processing your data on EWS because of the legal reasons we have to keep it. (Health and Safety at Work Act 1974 and legal duty under RIDDOR – Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013).
- The right to object. You can object to your personal data being used for certain actions such as profiling, direct marketing or research process.
- You have rights in respect of automated decision making (decisions made by a computer) and profiling. You have the right for these decisions to be explained to you or made by a person instead. (Automated decision making does not form part of the Council’s EWS operational procedures.).
- You have the right to withdraw consent for us to use your data, if we have no legal reason to do so. You have the right to positively opt-in or unsubscribe from any of our communications or other mailing lists at any time and we shall continue to make this obvious and easy for you to do.
Please keep in mind that these rights do not apply in all cases, there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
You have the right of access to your data. All requests for access can be sent to the Council using the contact details below.
Information Governance Team
Dudley Metropolitan Borough Council
Dudley DY1 1HF
Telephone: 01384 815607
For further information please contact the Council’s Information Governance Team.
If you have a complaint in relation to your data rights or a freedom of information request, please contact the Council’s Information Governance Team in the first instance to request an internal review of our response.
If you follow this procedure and are still not happy, you may wish to contact:
The Information Commissioner's Office
Last reviewed 15/11/2022