Privacy Notices Cop Final

7/28/2019 Privacy Notices Cop Final

1/19

Data Protection

Privacy notices code o practice


2/19

2

Foreword 3

What is a privacy notice? 3

About this code 4

Who is this code aimed at? 4

The codes status 4

Beneits o the code 5

How to use this code 5

Fairness and what the law says 6

What the law says 6

Key points about airness 6

Making sure people understand 7

Transparency and consent 8

Dont tell people the obvious 9

When to actively communicate a privacy notice 9

Sharing inormation 10

Selling inormation 10

Providing privacy notices 11

Drating a privacy notice 11

How to provide a privacy notice 11

Layered approach 11

Making privacy notices accessible 12

Keeping your privacy notices under review 12

Examples o good and bad privacy notices 13

Contents

Next|Back|Print|Quit
http://print/http://print/http://print/http://print/http://quit/http://quit/http://quit/http://quit/http://print/


3/19

Collecting inormation about people lies at the heart o data protection.This code o practice will help you to collect inormation properly by

drating clear and genuinely inormative privacy notices or people.This will in turn make sure individuals know how inormation aboutthem will be used, and what the consequences o this are likely tobe. It will also allow them to build up a picture o the sheer scale andsophistication o the systems that collect so much inormation aboutall o us.

This code o practice uses the term privacy notice to describe theexplanations that individuals are given when inormation is collectedabout them. However, it can be best to avoid technical languagealtogether. Some o the most accessible notices or the public usewords such as how we use your inormation.

This code explains that the duty to actively communicate a privacynotice is strongest where the intended use o the inormation will beunexpected or objectionable, or where the inormation is sensitive.It also explains that there is little value in inorming people o obvioususes o their inormation.

This code o practice will help you to comply with one o the mostimportant but most misunderstood parts o the Data Protection Act.I will take its standards into account when, or example, I receive acomplaint that inormation has been collected in an unreasonable way.

Richard ThomasInormation Commissioner

What is a privacy notice?

A privacy notice is the oral or written statement that individuals are

given when inormation is collected about them. As a minimum, aprivacy notice should tell people who you are, what you are going to dowith their inormation and who it will be shared with. However, it canalso tell people more than this, or example, it can provide inormationabout their access rights or your security arrangements. Whatever youinclude in your notice, its primary purpose is to make sure inormationis collected and used airly.

A privacy notice should be genuinely inormative. It should helpindividuals to understand how you will use their inormation and whatthe consequences o this are or them. Done properly, it can make yourorganisation more transparent and should reassure people that theycan trust you with their personal inormation. A privacy notice thatis legalistic or drated with the primary objective o indemniying anorganisation is unlikely to achieve this objective.

Foreword

3

Contents|Next|Back|Print|Quit
http://print/http://print/http://print/http://print/http://quit/http://quit/http://quit/http://quit/http://print/


4/19

Who is this code aimed at?

This code is aimed at all organisations that collect inormation about

people, whether directly or indirectly.

It applies to activities such as:

asking people to fll in their names, addresses and health inormationon an ofcial orm;

collecting inormation about shoppers rom their loyaltycard transactions;

recording and retaining the calls customers make to a call centre; or

analysing a persons online purchasing habits to send out specialoers and recommendations.

This code will help organisations to drat clear privacy notices andto make sure that they collect inormation about people airly andtransparently. It does not apply to collection o inormation that does notidentiy people, or example, anonymised or statistical inormation.

The codes status

The code has been issued by the Inormation Commissioner under

section 51 o the Data Protection Act 1998 (DPA). This requireshim to promote good practice, including compliance with the DPAsrequirements, and empowers him, ater consultation, to prepare codes opractice giving guidance on good practice.

The basic legal requirement is to comply with the DPA itsel.Organisations may use alternative methods to meet the DPAsrequirements, but i they do nothing then they risk breaking the law.The ICO cannot take action over a ailure to adopt good practice orto act on the recommendations set out in this code.

4

About this code

http://prevpage/http://prevpage/http://prevpage/http://print/http://print/http://print/http://print/http://print/http://quit/http://quit/http://print/http://prevpage/http://quit/


5/19

Benefts o the code

Following the code will help you to drat clear and inormative privacy

notices that the people you deal with will be able to understand. This willhelp you to meet your legal obligat ions under the DPA by making sure

you collect and use personal inormation airly and transparently. Otherbenefts o drating a good privacy notice include:

higher levels o trust and a better relationship with the people youcollect inormation about;

a competitive advantage, by reassuring potential and existingcustomers that you take their privacy seriously;

encouraging people to provide more valuable inormation, becausethey are confdent it will be used properly;

allowing customers to indicate their marketing preerences, whichmay mean that they respond more positively to you; and

less risk o queries, complaints and disputes about your use opersonal inormation.

How to use the code

Dierent organisations have dierent needs, depending on the sort o

inormation they collect and how they do it. You can thereore use thiscode in several dierent ways. For example:

it can be used to produce a new privacy notice;

its content can be integrated into an existing privacy notice; or

it can be used as a checklist to evaluate an existing privacy notice.

The code will help organisations to design privacy notices thatcan be understood by the people you collect inormation about.

The ICO will provide additional help, or example i an organisation isdrating a privacy notice that deals with a specialised or contentious

orm o data collection.


5


6/19

What the law says

The law says that personal inormation shall be processed airly

processing includes obtaining, using or disclosing it. It goes on to say thatpersonal inormation is not to be treated as processed airly unless theorganisation in control o the processing ensures, so ar as is practicable,that the individual has, is provided with, or has made readily available:

the identity o the organisation in control o the processing;

the purpose, or purposes, or which the inormation will be processed;

any urther inormation necessary, in the specifc circumstances, toenable the processing in respect o the individual to be air.

Drating a privacy notice is the obvious way to satisy these legal

requirements.It is clear that the law gives you a degree o discretion in providingair processing inormation ranging rom actively communicatingit to making it readily available. This code will help you to adopt theright approach.

The law also makes it clear that you must consider the specifccircumstances, and the individuals concerned. This means that therecan be no single way o complying. This code helps you to understandthe alternatives, and to adopt good practice.

Key points about airness

Fairness has two main elements:

using inormation in a way that people would reasonably expect andin a way that is air;

ensuring people know how their inormation will be used, or exampleby providing a privacy notice or publishing it on your website.

This code ocuses on drating and communicating privacy notices.However, it inevitably touches on wider issues o airness andtransparency.

Fairness means being honest and open about who you are and what youare going to do with the personal inormation you collect. However, being

honest and open is just one aspect o airness. Telling people what youintend to do with their inormation does not mean that the processingo the inormation will necessarily be air. You also need to consider theeect the processing will have on the individual.

6


Fairness and whatthe law says
http://print/http://print/http://print/http://print/http://print/http://quit/http://quit/http://print/http://quit/


7/19

When you collect inormation you should be clear why you need it . Youshould also try to predict whether you will be likely to do other things

with it in the uture. A privacy notice can provide or reasonable evolutionin the use o inormation. However, you should not draw up a long list opossible uture uses i, in reality, it is unlikely that you will ever use theinormation or those purposes.

In some cases people will have a choice over whether to provideinormation, or over the use that can be made o it. Where people dohave a choice, it must be properly explained to them. Where there ischoice, the individuals wishes or preerences must be respected, otherthan in exceptional circumstances.

It is good practice to try to put yoursel in the position o the peopleyoure collecting inormation about. Ask yoursel the ollowing questions.

Would they know who is collecting the inormation?

Would they understand why youre collecting it?

Would they understand the implications o this?

Would they be likely to object or complain?

Remember that i you mistreat personal inormation, you are alsomistreating the people it is about and will probably be breaking the law.

Making sure people understand

The basic legal requirement is to make sure people know who you are,

what you intend to do with their inormation and who it will be shared withor disclosed to. Depending on the circumstances, you may decide to gobeyond the basic requirements o the law, or example by telling people:

i you intend to pass inormation on, the name o the organisationsinvolved and details o how they will use the inormation;

how long you or other organisations intend to keep the inormation;

whether replies to questions are mandatory or voluntary;

the consequences o not providing inormation - or example,non-receipt o a beneft;

whether the inormation will be transerred overseas;what are you doing to ensure the security o personal inormation;

about their rights and how they can exercise them - or example,the act that a person can obtain a copy o their personal inormationor object to direct marketing;

who to contact i they want to complain or know more about howtheir inormation will be used; and

about the right to complain to the Inormation Commissioner i thereis a problem.

7



8/19

Sometimes organisations have dierent sorts o relationships withdierent groups o people. For example, a local authority might use

inormation about old age pensioners to administer ree access to localleisure acilities, and inormation about shopkeepers to collect businesstaxes. Rather than having a single, catch-all privacy notice, it may be betterto have separate notices aimed at the dierent groups o individuals youdeal with. This makes it clearer and easier or people.

Transparency and consent

You should always be straight with the public. You should not lead them

to believe that they can exercise choice over the collection and use otheir personal inormation when in reality they cannot. It is important tomake sure that where people do have a choice, they are given a genuineopportunity to exercise it. A good example o this is the opportunity tosubscribe to, or unsubscribe rom, direct marketing.

There is a undamental dierence between telling a person how youregoing to use their personal inormation and getting their consent or this.In many cases it is enough to be transparent. In other cases a personspositive agreement will be needed. This is most likely to be the casewhere sensitive inormation is being collected, or where previouslycollected inormation is to be used in a signifcantly dierent way.

The collection and use o personal inormation is oten essential to providethe service or carry out the transaction that the individual has requested.In such cases, choice is not an issue, because the individual cannot expectto receive what he or she has asked or unless any necessary processing opersonal inormation takes place.

In some cases individuals are required by law to provide their personaldetails. Where this is the case, seeking consent is meaningless. Instead,organisations should be open with people and explain clearly why theirinormation is being collected and what it will be used or.

Even i individuals have no real choice, the collection o inormation about

them still has to be air and transparent. A privacy notice can be used tomake sure that this is the case.

8


Remember, i you intend to market people by electronic means (or example, byemail, SMS, ax or telephone) then special rules will apply and you may need theirpermission beore doing so. Please see our guidance on the Privacy and ElectronicCommunications Regulations 2003.
http://print/http://print/http://print/http://print/http://print/http://quit/http://quit/http://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://print/http://quit/


9/19

Dont tell people the obvious

There is no need to actively communicate a privacy notice provided that

your collection and use o inormation:

is something that a reasonable person is likely to anticipate and wouldagree to i asked; and

is necessary to carry out the transaction or deliver the service theindividual has requested; and

will have no unoreseen consequences or the individual concerned.

For example, a person might purchase a book rom an online store.His or her personal inormation is only used to despatch the goods, totake payment and or the companys own record keeping. In this case,

the collection and use o the inormation would not be unair even ithe individual has not been explicitly told about it. This is because anyreasonable person requesting the service would understand that theycannot receive the service they want unless some processing o theirpersonal inormation takes place. However, even in cases like this, it isgood practice to have a privacy notice available or those who want toknow more about how their personal inormation will be handled.

Similar considerations apply where an organisation uses anotherorganisation to do something on its behal, or example where anonline retailer uses another company to despatch goods ordered on itswebsite. Provided the outsourcing doesnt involve any use o customer

inormation that wouldnt have happened anyway, there is no need toactively inorm customers. Again, it is good practice to have inormationabout your outsourcing arrangements available or customers that wantto know more about this.

When to actively communicate a privacy notice

By actively communicate we mean take a positive action to provide

a privacy notice to a member o the public, or example, by sending aletter, reading out a script or distributing an email. This is dierent romhaving a privacy notice available or members o the public who wantto see it. In such cases it is the individual who has to take the action, orexample by clicking on a web link or asking or more inormation.

A good way to decide whether to actively communicate your notice isto try to understand what the person the inormation is about wouldexpect. I you think the person would be surprised by your use o theirpersonal inormation, or would fnd it objectionable in some way, youshould actively tell them about it.

I you hold inormation that you collected or a specifc purpose butnow wish to use it in a new and unoreseen way, it may not be enoughto simply provide an update about what you intend to do with theinormation. For example, i you have explicitly assured the individual that

you will not share their inormation with third parties but now wish to doso, you should actively seek their consent.

Its a lot easier to actively communicate a privacy notice in an onlinecontext than in a bricks and mortar one. You should make ull use o thetechnology available to you to promote transparency and airness.

9

Contents| Next|Back|Print|Quit

The need to actively communicate a privacy notice is strongest where:

you are collecting sensitive inormation; or

the intended use o the inormation is likely to be unexpected or objectionable;or

providing personal inormation, or ailing to do so, will have a signifcant eecton the individual; or

the inormation will be shared with another organisation in a way that wouldntbe expected.
http://print/http://print/http://print/http://print/http://quit/http://quit/http://quit/http://print/http://quit/


10/19

Sharing inormation

There can be strong pressures to share personal inormation with other

organisations, in both public and private sector contexts. However, anorganisations decision to share inormation doesnt negate its duty to treatpeople airly. This means that prior to sharing inormation, the organisationholding it must consider careully what any recipient organisation is goingto do with the inormation, and what the eect on people is likely to be.It is good practice to obtain an assurance about this, or example in theorm o a written agreement.

Combining inormation rom dierent sources can create a very detailedpicture o an individuals aairs. The individual may not expect this and mayfnd it overly intrusive. Organisations that intend to combine inormationshould explain this, and its l ikely consequences, in their privacy notices.

In marketing contexts, organisations oten ask or permission to sharecustomer inormation with third parties, or example companies in thesame group. General descriptions like this should be backed up with moredetailed inormation, or example the names o the companies involved,or those that want it.

Selling inormation

Some organisations set out to collect personal inormation with the

intention o selling or renting it to anyone who will pay. I you intend todo this, you should make it clear to individuals that the inormation theysupply could be provided to anyone and could be used or any purpose.You should tell them this when you ask them to provide their details.

Normally personal inormation can only be sold i the individuals concernedhave already been told that their inormation may be passed on to otherorganisations. When a business is insolvent, bankrupt, being closed downor sold, the database can be sold on or, i rented, should be returned toits owner. However, the seller must make sure that the inormation willonly be used or the same or a similar purpose. For example, inormationobtained or insurance may only be sold to a business to promote similar

insurance products. I the buyer wants to use the personal inormationor a new purpose, it will have to get consent or this rom the individualsconcerned.

Privacy notices are very useul when inormation is being bought, sold orrented. They can help the recipient organisation to check what people weretold when they originally provided their inormation. Depending on whatthey were told, the recipient organisation may then need to communicateits own privacy notice to the individuals concerned. I there is a dierencebetween what people were told originally and what the recipientorganisation intends to do with the inormation, then individuals must beadvised o this within a reasonable period o time. I there is a dierence,

individuals should be asked whether they agree to their inormation beingused or a new purpose. Failing to check what permissions apply to thedata could lead to a breach o the DPA.

10



11/19

Drating a privacy notice

Privacy notices should be clear and genuinely inormative. They mustbe drated so that the people theyre aimed at understand them. Dontassume that everybody has the same level o understanding. You shouldavoid using terminology that might conuse the general public. Dont uselegalistic language - adopt a simple style that your intended audience willfnd easy to read and understand.

Privacy notices must be truthul. You should not oer people choicesthat are counter-intuitive or misleading. Whilst its acceptable to use bothopt-ins and opt-outs, they shouldnt be used in a way that will conusepeople. Any choices oered must be genuine. It is unair to give peoplethe impression that they have a choice when in reality they do not.

In some cases there are specifc sectoral rules that organisations mustollow when collecting personal inormation, or example in advertising orfnancial services contexts. Organisations must make sure they complywith any rules o this sort, as well as complying with data protection law.

How to provide a privacy notice

Privacy notices can be provided through a variety o media.

Orally: ace-to-ace or when you speak to someone on the telephone its a good idea to document this.

In writing: printed media; printed adverts; orms, such as fnancialapplication orms or job application orms.

Through signage: or example an inormation poster in a public area.

Electronically: in text messages; on websites; in emails.

It is good practice to use the same medium you use to collect theinormation to deliver the privacy notice. So, it would not be good

practice to collect inormation through a orm in a newspaper, but tothen direct readers to a website to read the privacy notice. However,in some contexts it can be very difcult, or impossible, to provide aprivacy notice. This might be the case where an advert in a newspaperis very small or where providing privacy inormation as part o apremium rate telephone call would signifcantly increase the price othe call. In some cases an organisation should concentrate on obtainingthe inormation it needs to deal with an individual, or example inan emergency situation. It should explain its inormation use at anappropriate point later on. Where you cant provide a privacy notice,it is particularly important to make sure you only use the inormation

you collect in a way that members o the public are likely to anticipateand agree to.

Layered approach

When collecting personal inormation you should be realistic abouthow interested the public is in the way you are going to handle it. Manyindividuals will be more concerned with receiving the goods, services orbenefts that they have applied or. They are unlikely to read a detailedprivacy notice, or to make a complaint about the way you handle theirpersonal inormation, unless they eel their personal inormation hasbeen handled badly. This is why a layered notice can be useul. Thisallows you to provide the basic privacy inormation there and then, but

to make more detailed inormation available elsewhere or those thatwant it.

Drafting a privacy notice should provide an opportunity to review yourcollection of information. For example, you should ask yourself whether you

really need the information you are asking for. A privacy impact assessmentcan help you to answer this question. Remember that information isexpensive to keep and brings legal liability with it.

11


Providingprivacy notices


12/19

The layered approach can be very useul where there is a need to explain aparticularly complicated inormation system to people. It works very well

in online contexts, where it is easy to provide a ront page link. A bricksand mortar equivalent is to provide contact details on a paper orm whichpeople can use i they want more inormation about how their personaldetails will be used. The ront page should also be used to give peopleprominent, early warning o any use o their inormation that is likely to beunexpected or objectionable.

A layered notice usually consists o a short notice plus a longer notice.The short notice contains basic inormation, such as the identity o theorganisation and the way in which the personal inormation will be used.This can be used where there is not enough space to provide more detailedinormation, or example in an advert. The short notice contains a link to

a second, longer notice which provides much more detailed inormation.The longer notice can, in turn, contain links to urther material, explainingrelatively specialist issues such as the circumstances in which inormationmay be disclosed to the police.

Making privacy notices accessible

I you collect inormation rom vulnerable individuals, such as children,you must take the appropriate steps to make sure those individuals aretreated airly. This involves drating privacy notices appropriate to thelevel o understanding o your intended audience and, in some cases,putting stronger saeguards in place. You should not exploit any lack ounderstanding or experience, or example, by asking children to provide

personal details o their riends.

There are no hard and ast rules about the collection o inormation romvulnerable individuals. Again, you should try to look at your collection

o inormation rom the individuals point o view. You should use yourknowledge o the individuals you deal with to decide your approach. Inparticular, you should try to work out whether the individuals you arecollecting inormation about would understand the consequences o this.I in doubt, you should be cautious and should instead ask the individualsparent, guardian or carer to provide the inormation.

Sometimes you may want to collect inormation rom people whosefrst language is not English. In some cases you may be obliged by law toprovide orms and privacy notices in another language, or example, Welsh.Although you may not be required by law to oer translations,it is good practice to provide your privacy notice in the language that

your intended audience is most likely to understand.Keeping your privacy notices under review

It is unair and misleading to have a privacy notice that isnt accurate orup to date. It is thereore good practice to keep your privacy notice underregular review.

It is also good practice to review the eectiveness o your notice byanalysing complaints rom the public about your inormation use ingeneral and your privacy notice in particular. I people think it ismisleading or difcult to fnd, or example, you may need to redrat itor give it greater prominence.

12



13/19

The fnal part o this code consists o a set o examples based on real privacy notices that we have seen. They illustrate good practice to adopt, such asgiving people appropriate choices that are easy to exercise, and bad practice to avoid, such as using conusing language. The examples are illustrative

extracts only and should not be used as templates. They cannot cover every type o inormation collection, but they wil l help organisations to drat privacynotices whatever their line o business. Please note that the ormats shown may not meet accessibility requirements.

Examples:

Simple language, clearont and style.

Clear opportunity toagree to marketing.

Clear opportunity toopt out o marketing.

Prior consent sought.

Conusing and legalisticlanguage. Closelyspaced text, small italicont in light grey.

Raises Privacyand ElectronicCommunicationsRegulations problemsand 0870 numberdoes not provide easy

means to opt-outconsistent with themedium (script).

Conusing language.

Unexpected use.Good practice wouldbe to obtain consent.

Unnecessary meanslittle to public.

20 S T R E E T

ENG I N E E R

XX 4 0 x x

R E S I D E N T I A L C I T Y T O W N

Post Code

Occupation

Address

Date of Birth 1 1 0 1 9 7 0

We may share your information with credit reference agenciesand other companies for use in credit decisions, for fraud preventionand to pursue debtors.

We would like to send you information about our own productsand services, as well as those of selected third parties, by post,telephone, email and SMS. If you agree to being contacted in thisway, please tick the relevant boxes.

Post Phone email SMS

We would also like to share your information with other companiesso that they may send you information about their products andservices, by post, telephone, email and SMS. If you agree to yourinformation being shared in this way, please tick the box.

If you need any further information please write to us at10 Street Name, Town Name, County Name AB12 3CD.

How information about you will be used

Customer Signature Date

20 S T R E E T

ENG I N E E R

XX 4 0 x x

R E S I D E N T I A L C I T Y T O W N

Post Code

Occupation

Address

Date of Birth 1 1 0 1 9 7 0

X Limi ted i s a com pany in corpor ated i n Engl and and is a m ember of the X Reta il Gr oup(the Group). The Group (we/us) also includes Y Limited and Z Limited and their associatedcompanies from time to time. The personally identiable information you provide will be

processed in accordance with the Data Protection Acts 1984 and 1998 and other applicable laws.We will use your information so that we can processyour order. This includes administering anyaccounts, processing your bank/credit card details in order to obtain payment, arranging deliveryof any goods purchased, and the prevention and detection of fraud. We can hand over yourinformation to anyone to whom we transfer our rights and duties under our agreement with youor if we have a duty to do so and the law allows us to do it. We will use your information for marketresearch and the marketing of our own and third parties products and services. This may includecontacting you by post, telephone, email or SMS unless you indicate you do not want to becontacted in any of these ways by calling us on 0870 23 45 67. We will use your information tosearch the les of credit reference agencies who will record that search. This information may beused by other lenders in making credit decisions about you, members of your household and thosewith whom you may be nancially linked. Information held about you by the credit referenceagencies may already be linked to records relating to people with whom you are nancially linked.For the purposes of credit searching, you may be treated as nancially linked and you will beassessed with reference to any associated records. We will share your information with othercompanies, for the purposes of market research and the marketing of their products and services,unless you indicate that you wish to be excluded from such uses by contacting us on08701 23 45 67. By signing this form, you consent to the information you provide being processedfor the above purposes.

Customer Signature Date

LEGAL DECLARATION

l l

ll

l l l

I

3 7

13


We would like to send you information about our ownproducts and services, as well as those of selected third parties,by post. If you do not agree to being contacted in this way,please tick the box.

Alternative opt out version:

Specifc rules or marketing by email,telephone and SMS apply. Please see ourguidance on the Privacy and ElectronicCommunications Regulations 2003.
http://print/http://print/http://print/http://print/http://quit/http://quit/http://quit/http://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspxhttp://quit/http://print/


14/1914

Examples:

About your claim Sharing inormation

Sharing inormation with your landlord could help us to deal with

your claim more quickly and reduce the risk o you alling behind

with your rent because o your claim being delayed.

I your Housing Beneft is paid directly to your landlord or to

your Council rent account, then we can discuss payment details

(e.g. award dates and amounts) as we have to give your

landlord this inormation.

With your permission, we would also be able to tell your landlord i:

You have claimed Housing Benet

We have made a decision on your claim, or

We need more information to make a decision

and what that inormation is.

You can withdraw your permission at any time.

We wont give your landlord any inormation about:

Your personal or family circumstances

Your fnances

It will not aect your claim i you do not give us permission to

discuss your claim with your landlord.

I we can talk to your landlord about your claim please sign below.

I give my local council permission to share inormation about

the progress o my Housing Beneft claim with my landlord

or their representative.

Signature o claimant: Date:

Signature o partner: Date:

Please provide telephone numbers in case

we need to contact you about your claim.

You do not have to tell us your phone number but it will help us to

contact you quickly i we have a question about your claim.

Home: Work: Mobile:

Your declaration

I understand the ollowing:

You will use the information I have provided to process my claim for

housing beneft, council tax beneft, or both.

You may check some of the information with other sources within the

Council, the Rent Service, other councils and Government departments,

e.g. the Benefts Agency, the Inland Revenue and the Home Ofce.

You may also get information about me from certain other organisations,

or give inormation about me to them to: make sure the inormation is

accurate; prevent or detect crime; and protect public unds. These other

organisations include government departments, other local authorities

and private sector organisations such as banks and organisations that

may lend me money.

I I give inormation that is incorrect or incomplete you may take action

against me, including court action.

I declare that the inormation I have given on this orm is correct

and complete.

Signature o the person claiming:

Clear explanation o whyit would be helpul toprovide this inormation.

Honest explanation o the outcomeo choosing not to provide therequested inormation.

Clear explanation opurpose and use.

Easy way or peopleto fnd out who elseinormation is shared with.

3

3

3



15/19

Examples:

You must provide the following telephone numbers. It will

delay your claim i you dont provide your telephone numbers.

Home: Work: Mobile:

Declaration

I hereby confrm my understanding o and acceptance o the ollowing

inormation. Donningly Council (the Council) will utilise the personal

data I have provided in this orm and via any evidence I have submitted

in support o my claim in order to process my claim or housing beneft,

council tax beneft, both o these or other applicable benefts which may

be available to mysel in accordance with the Councils personal data

usage policies. The Council may check the personal data against other

sources within the Council and other relevant third party public sector

organisations as necessary in order to prevent and detect crime, protect

public unds and make sure the personal inormation is accurate.

The Council may also require to check personal data I have provided,

or inormation in relation to mysel, which has been provided to the

Council by a third party with other inormation held by the Council.

The Council may also get inormation about me rom third parties or

give inormation about me in accordance with the law. For the purposes

o the Data Protection Act 1998 the data controller processing your

personal data is Donningly Council. The Council processes all personal

data in accordance wi th the Data Protection Act 1998 and the l aw.

Having read and understood the above inormation I hereby provide

declaration that the data on this orm is correct and comprehensive

and understand that i I give the Council inormation that is incorrect

or incomplete the Council may commence legal action against me

potentially leading to or including court action.

Signature:

About your claim Sharing inormation

Enabling us to share your personal data with your landlord and other

third parties could help us to deal with your claim more quickly and

reduce the risk o any delay with the processing o your claim whichmay cause you to all into arrears with your rental payment.

I your Housing Beneft is paid directly to your landlord or to your

Council rent account, then we can discuss payment details

(e.g. award dates and amounts) as we have to give your landlord this

inormation. However, i you sign below we would also be able to tell

your landlord whether you have claimed Housing Beneft or we have

made a decision on your claim, or we need urther inormation to

make a decision about your claim and what that inormation may be.

Signature o claimant: Date:

Signature o partner: Date:

By signing above you agree that we can share inormation about

the progress o your Housing Beneft claim with your landlord/landlady

or their representative.

It will not aect your claim i you dont give us permission to discussyour claim with your landlord.

This should appear beore the signature box,so that individuals are ully aware o the choiceto provide or not to provide the inormation.

Implies it is mandatory togive this inormation when inthis case it is voluntary.

Doesnt saywho other thirdparties are.

Conusing language.

7

7 7

15



16/19

Title that people willunderstand.

Title doesnt mean muchto the public.

Small print, not easy todo (i.e. contact branch).Opt out statement notnext to statement aboutmarketing inormation.

Unclear, oputtingnotice seems like adifcult or expensiveprocess. People may notknow what a subjectaccess request is.

Unnecessarilycomplicated language.Use o I or me, we or usetc adds to conusion.

Clear ino about howto fnd out more.Easy, ree access.

Clarity about whopersonal inormation isshared with and why.

(iv) I i i i i icos i l iagreem . i i rative ee c illbecome due an le immediately and will notto the terms of any default notice issued by you.

Using your personal information

6. Personal information which you supply to us may be used in anumber of ways, for example:

To make lending decisions For fraud prevention For audit and debt collection For statistical analysis

(i) We may share your information with, and obtain informationabout you from, credit reference agencies or fraud preventionagencies. If you apply to us for insurance we will pass yourdetails to the insurer. Information provided by you may be putonto a register of claims and shared with other insurers toprevent fraudulent claims.

(ii) We will not disclose any information to any company outsidethe XXXX Bank Group except to help prevent fraud, or ifrequired to do so by law.

(iii) For further information on how your information is used, howwe maintain the security of your information, and your rights toaccess information we hold on you, please contact: (clear weblink/freephone etc..)

i I i i i i ii l i

. i i i illl i i l ill

l i i .

I l l i i

li i ll i l ,i , i i i i

i i li i l ll i:

i i il ii i i

i li i l

ii i l i ii li i i

i i l i l I ll ili i i i i i

iii i l i ii i

i li i i i i il

i i l i l

i i l i i.

ill i i i il i l i i

i i i i i lii .

ii . lli i i i . i i

i .

I

.

i I i i i i ii l i

. i i i illl i i l ill

l i i .

l i i i l i, l :

l i i ii

i ll ii i l l i

i i i i , i i i, i i i

i . I l i illil i . I i i

i l i i il l i .

ii ill i l i i il , i

i l .

iii i i i i i ,i i i i i , ii i l , l : l

li ..

(iv) I i i i i icos i l iagreem . i i ative ee c illbecome due an le immediately and will notto the terms of any default notice issued by you.

DPA Statement6. I/we agree that You and any lender resulting from this

application (the Lender) shall be entitled to use and process,by any medium, the information given by me/us which may beacquired during the lifetime of any loan for the followingpurposes:

(i) to provide data and search the files of credit referenceagencies or fraud prevention agencies whether before orduring the lifetime of any loan granted me/us by the Lender

(ii) to disclose the data to credit reference agencies whenrequired by them for future applications for finance by me/usor my/our financial associates unless I/we successfully file adisassociation with the credit reference agencies

(iii) to disclose the data to any other company within the XXXXBank Group or to any third party at any time for the purpose ofassessing my/our application and administering and enforcingany subsequent loan

(iv) to disclose the data to any third party who replaces my/ourLender

By submitting your personal data you CONSENT to it beingprocessed.

We will share information about you within the XXXX BankGroup and also with other selected companies to provide youwith information about products/services which we believemay be of interest to you.

Under the terms of the Data Protection Act 1998 you have theright to make a subject access request. All requests must bemade in writing to our head office. There is a charge for thisservice.

If you do not wish to receive marketing information from XXXX Bank Group or other

companies please inform your branch.

73

Examples:

16

http://prevpage/http://prevpage/http://prevpage/http://prevpage/http://print/http://print/http://print/http://quit/http://quit/http://quit/http://print/http://prevpage/


17/1917

My accountPrivacy policy

Retail is part of Retail Group plc which includes Retail

International and Retail Direct. This privacy policy explainshow we use any personal information we collect about youwhen you use this website.

Topics:

What information do we collect about you?

How will we use the information about you?

Marketing

Access to your information and correction

Cookies

Other websites

Changes to our privacy policy

How to contact us

What information do we collect about you?

We collect information about you when you register with usor place an order for products or services. We also collect

information when you voluntarily complete customer surveys,provide feedback and participate in competitions. Websiteusage information is collected using cookies.

How will we use the information about you?

We collect information about you to process your order,manage your account and, if you agree, to email you aboutother products and services we think may be of interest toyou.

We use your information collected from the website topersonalise your repeat visits to our website.

If you agree, we shall pass on your personal information to ourgroup of companies so that they may oer you their productsand services.

Retail PLC will not share you information for marketingpurposes with companies outside the Retail Group.

In processing your order, we may send your details to, and also use information from credit reference agencies and fraudprevention agencies.

Marketing

We would like to send you information about products andservices of ours and other companies in our group whichmay be of interest to you. If you have consented to receivemarketing, you may opt out at a later date.

You have a right at any time to stop us from contacting youfor marketing purposes or giving your information to othermembers of the Retail Group.

If you no longer wish to be contacted for marketing purposes,please click here.

Return to top

Access to your information and correction

You have the right to request a copy of the informationthat we hold about you. If you would like a copy of someor all of your personal information, please email or writeto us at the following address. We may make a small chargefor this service.

We want to make sure that your personal information isaccurate and up to date. You may ask us to correct or removeinformation you think is inaccurate.

Cookies

Cookies are text les placed on your computer to collectstandard internet log information and visitor behaviourinformation. This information is used to track visitor use of thewebsite and to compile statistical reports on website activity.

For further information visit www.aboutcookies.orgorwww.allaboutcookies.org

You can set your browser not to accept cookies and the abovewebsites tell you how to remove cookies from your browser.However in a few cases some of our website features may notfunction as a result.

Other websites

Our website contains links to other websites. This privacypolicy only applies to this website so when you link to otherwebsites you should read their own privacy policies.

Changes to our privacy policy

We keep our privacy policy under regular review and we willplace any updates on this webpage. This privacy policy waslast updated on 25 December 2008.

How to contact us

Please contact us if you have any questions about our privacypolicy or information we hold about you:

by email

or write to us at: Retail Group, Privacy Team, Main Road,Anytown.

Return to top

Clear inormation aboutthe identity o theorganisation.

Clear and straight-orward guidance onhow to access personalinormation.

Helpul privacyadvice.

My account

Please ll in all the elds marked *

First name*

Surname*

Email address*

Age*

We need this information because we sell age restricted goods.

Address*

Home phone number

Mobile phone number

Your information

Retail collects personal information when you register with us or

place an order for products or services. We will use this information

to provide the services requested, maintain guarantee records and,

if you agree, to send you marketing information. Retail PLC will not

share you information for marketing purposes with companies

outside the Retail Group. For more information explaining how we

use your information please see our privacy policy.

I would like to receive further information about your products

and services:

Privacy policy

It is acceptable toask or inormationlike age or gender iyou have a businessreason to do so.

Clear, comprehensivelinks to additionalinormation.

Clear reassurance aboutthird party disclosures.

At frst glance

In more detailExamples:

3



18/19

Asks or excessive

inormation and statesthat it is mandatory.

Should not have toaccept terms andconditions just toaccess a retail site.

Privacy policy isburied in the termsand conditions.

To access our website you must provide thefollowing information

First name*

Surname*

Email address*

Date of birth*

Address*

Home phone number*

Mobile phone number*

Profession*

Salary*

Fields marked * are mandatory

By using this website I agree to the Retail termsand conditions.

ACCEPT

Retail Group Terms and Conditions

1. This website is owned and operated by Retail Group Ltdin conjunction with its subsidiaries XYXY Inc and BAABCompany. All orders and purchases made through thiswebsite are subject to these online shopping terms andconditions.

2. Retail Group may without notice correct errors and updateinformation on this website. This may include informationon pricing and availability of stock. All prices listed onthis website are in pounds sterling and all charges will beprocessed in this currency.

3. Purchases made on this website, the use of this website andthese online retail terms and conditions are subject to thelaws of the United Kingdom.

4. Goods may only be purchased for lawful, non-commercialpurposes. In ordering items, you agree to pay for all chargesapplicable on that purchase order as stated.

5. Only persons aged 18 or over may purchase from thiswebsite. Items purchased cannot be delivered to addressesoutside the United Kingdom.

6. Retail Group Limited including its subsidiaries, associatesand aliated companies (we, us) take securityof information very seriously and are committed toprotecting your privacy.

7. By using this website you accept the conditions set out inthis privacy policy.

8. We process personal data in accordance with the DataProtection Acts of 1984 and 1998 and any other applicablelegislation (referred to as the data protection legislation)

9. We can assure you that we will never pass on the personaldata of data subjects to any third par ty recipients otherthan in accordance with the Terms set out below.

10. We may collect and process personal data for the purposesof business operations. This could include: administration,accounting and auditing, processing of your order,marketing, analysis, monitoring, business planning etc,in accordance with the notication requirements of theInformation Commissioner. We are registered with theInformation Commissioners Oce. Members of the Retail

Group may record, use, exchange, analyse and assess anyrelevant personal data.

11. We adhere to the Principles of data protection as set out inthe Data Protection Act 1998 and observe the conditionsrelating to the fair and lawful processing of personal data.We may from time to time send you details of goods andservices, new products, special oers, competitions whichwe think will be of interest to you.

12. By using this website you agree to the disclosure ofcollected personal data to carefully selected third partyrecipients for the purposes of advertising, marketing andpublic relations.

13. Information held by the credit reference agencies is usedby us and others to help verify the identity of customersand assess their ability to meet nancial commitments.Credit reference agencies may link the records ofnancial associates who have entered into joint nancialobligations. Once linked this association means that eachrecord will be taken into account when assessed by us.Further details about nancial association, disassociation

and credit reference agencies are available by contactingthe credit reference agencies directly.

14. We shall process personal data that is considered to besensitive personal dataonly in accordance with therequirements of the data protection legislation.

15. Should you wish to exercise your subject access rights asset out in data protection legislation, please contact us on087 [premium phone number] for details of fees anda copy of our data subject access rights procedure. It isa legal requirement of the Data Protection Act 1998 thatsuch requests must be made in writing.

My account Gifts News Contact usHome

Misleading guaranteethat inormation willnever be shared.

Unhelpul not toprovide contact details.

Subject access ismade to sound like adifcult, legalistic andexpensive process.

No opportunity to optin or out o receivingmarketing.

Examples:

7

18

Bad practice to collect

so much personalinormation just toaccess the websiteand doesnt say whatthe inormation will beused or.



19/19

Find out more

Please call 08456 306 060, or 01625 545 745

i you would preer to call a national rate number

e: [email protected]

w: www.ico.gov.uk

Inormation Commissioners OfceWyclie House, Water Lane,Wilmslow, Cheshire SK9 5AF.

June 2009

Contents|Back|Print|Quit

Documents

Privacy Notices Cop Final