The Government recently announced changes to the financial support available to businesses as a result of the national restrictions imposed in response to the coronavirus pandemic. More information about these changes can be found on the GOV.UK website.
If you apply, we may need to process personal data to assess whether you are eligible to receive financial support, and if so, to provide a payment to you. This privacy notice sets out what personal data we will use, how we will use it, and why we need to, when an applicant applies for this support.
Data controller
We are the data controller for the purposes of assessing eligibility, administering and making payments under the Government’s national restriction support grant scheme.
Categories of personal data we collect and process
Much of the data we collect relates to your business and as such does not constitute personal data. For businesses such as sole traders and those operating from residential addresses, we recognise that some business data may also constitute personal data and as such we list here for completeness all of the information we will collect from you and process as part of your application even though not all of this information is subject to the provisions afforded under the Data Protection Act or General Data Protection Regulation.
We collect and process the following data that you provide to us when completing your application for a grant payment. Note that depending on the answers to the questions you provide during the application process you may only be asked to provide some of the following information:
- business name
- business address
- company registration number
- VAT registration number
- business rates account number
- Council Tax account number
- business contact name
- contact telephone number
- email or correspondence address
- photo ID of applicant
- bank details for payment
- existence of a food safety registration
- trader’s licence registration number
- Hackney carriage or private hire licence number
- description of lease, rental or licence agreement
- description of premises occupied
- evidence of fixed property costs
- evidence of fixed costs
- recent business bank statement
- description of financial impact on the business of Covid-19
- confirmation that there has been no receipt of state aid
What we use your personal data for
We will carry out checks with our own records, and potentially with the Department for Work and Pensions (DWP) and Her Majesty’s Revenue and Customs (HMRC), to validate your application. We will also provide information arising from your application to the Department of Business, Energy and Industrial Strategy to gauge the effectiveness of the scheme.
We will use the information you provide as part of your application to carry out anti-fraud checks.
With the exception of our data processors as described below, we will only share this data with other organisations or individuals outside of North Somerset Council for the purposes of validating the eligibility of your application and conducting anti-fraud checks as described previously.
Our lawful basis for processing the personal data
We must have a legal basis to process your personal data. Our lawful basis in the processing that we’ll undertake in assessing your eligibility for, and in making any grant payment to your business, is based on an obligation placed upon us by central Government.
Where we use personal information to confirm that a business is eligible for a payment under the scheme, the section of the law that applies is:
- GDPR Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
In this case the authority to process grant applications is vested in North Somerset Council by the Coronavirus Local Restrictions Support Grant announced by the Government on 24 September 2020 and updated on 29 October 2020.
Data Processors and other recipients of your data
These are the recipients with which your personal data is shared. In addition to the Government departments named above, we will share the information you provide with the following organisations:
Liberata Uk Ltd whose staff will process your application on behalf of North Somerset Council.
International Data Transfers and Storage
The information you provide will be held securely on computer equipment located in the UK. No information will be processed outside of the UK.
Personal data disposal and retention
We will only keep your personal data for as long as it is needed for the purposes of the COVID-19 emergency, and for audit and payment purposes.
Cookies
Cookies are small text files that are placed on your browser. Find out how we use cookies on our website.
Your rights as a data subject
By law, you have a number of rights as a data subject and this does not take away or reduce these rights. Your rights under the EU General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 applies.
All information is processed in accordance with the North Somerset Council data protection policy.
These rights are:
- your right to get copies of your information – you have the right to ask for a copy of any information about you that is used.
- your right to get your information corrected – you have the right to ask for any information held about you that you think is inaccurate, to be corrected
- your right to limit how your information is used – you have the right to ask for any of the information held about you to be restricted, for example, if you think inaccurate information is being used.
- your right to object to your information being used – you can ask for any information held about you to not be used. However, this is not an absolute right, and we may need to continue using your information, and we will tell you if this is the case.
- your right to get information deleted – this is not an absolute right, and we may need to continue to use your information, and we will tell you if this is the case.
If you are unhappy or wish to complain about how your personal data is used as part of this programme, you should contact the council’s information governance manager at dpo@n-somerset.gov.uk in the first instance.
If you are still not satisfied, you can complain to the Information Commissioners Office.
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Security
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
Data Protection Officer
As a public body we are obliged to appoint a Data Protection Officer whose responsibility includes to act as a point of contact for data subjects, i.e. those people for whom we process personal data.
Our data protection officer is:
Nicholas Brain - Head of Legal and Democratic Services, Town Hall, Walliscote Grove Road, Weston-super-Mare, BS23 1UJ
You can email the Data Protection Officer at dpo@n-somerset.gov.uk
Automated decision making or profiling
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Changes to our policy
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on our website. This privacy notice was last updated on 11 November 2020.