Privacy and the coronavirus pandemic

Privacy Notice relating to Covid-19

This privacy notice explains how Buckinghamshire Council will use personal data in response to the coronavirus pandemic.

Processing activity

Your data will be used to:

  • prevent or mitigate the impact of the virus
  • record details of volunteers who are willing to help us
  • share details of volunteers with other organisations to help with resourcing
  • share information with other organisations who are allowed to process confidential information in relation to Covid-19 purposes as defined by the Secretary of State
  • collect (including from external sources), store and transfer data for the purposes of the vaccination programme

Public Health will lead, if required, on outbreak management and surge testing that may then require further collection and sharing of data to manage in identified postcode areas.

Data sharing from UK Health Security Authority (UKHSA)

We receive personal identifiable data, relating to tests for coronavirus, from UKHSA as part of the national effort to protect the public from a communicable disease. This enables us to locally control and prevent the spread of coronavirus (COVID-19).

The data we receive (which can include name, date of birth, age, gender, address, postcode, NHS number, ethnicity and COVID-19 test details) is what we need for our work to help control, understand and prevent the spread of coronavirus and is part of our responsibilities to protect the health of our residents.

More information is available on PHE’s privacy information page.

Data requirements

Depending on the service you are using this data may include:

  • name
  • address
  • date of birth, age, gender, ethnicity
  • postcode
  • NHS number
  • any information which could be used to identify people who are vulnerable to the virus or otherwise require support due to the virus (eg health information)
  • any information which illustrates a person’s needs (eg health information)

Lawful basis for processing

The lawful bases for processing your personal data are:

  • Legal Obligation – we need to process the personal data to comply with a statutory obligation (Article 6(1)(c))

The Health Service (Control of Patient Information) Regulations 2002 r3(4)

Health and Safety At Work Act 1974 s2 & s3

The Civil Contingencies Act 2004

  • Public Task – we need to process the personal data in the exercise of official authority (public functions and powers that are set out in law) or to perform a specific task in the public interest that is set out in law (Article 6(1)(e)) as supplemented by DPA2018 s8(c))

The Civil Contingencies Act 2004

The Local Government Act 1972 s139

  • Substantial Public Interest as supplemented by DPA2018 s10(3) and Schedule 1 Part 2 Para 6
  • National Health Service Act 2006, s2B(1)
  • Part 2 of the Local Authorities (Public Health Functions and Entry to Premises by Local Healthwatch Representatives) Regulations 2013 (SI 2013/351)

The Civil Contingencies Act 2004

  • Consent (Article 6(1)(a))

Data sharing

We may share data with the following:

  • other Council services, public bodies and authorities
  • Central Government
  • emergency services
  • NHS agencies, including NHS Test and Trace
  • healthcare organisations
  • utility companies
  • voluntary organisations/volunteers

Please refer to our Corporate Privacy Policy for further details of how we process your personal data and your rights.