Customer Services Privacy Notice

Customer Services Team Privacy Notice

This information should be read in conjunction with Epsom & Ewell Borough Council’s Corporate Privacy Notice which can be found at

Everything we do with information about people, such as how we collect it and who we share it with, has to comply with the Data Protection Act and the General Data Protection Regulation (GDPR). A key part of this is being open about how we use information and what rights you have in respect of information we hold about you.

This notice sets out how Epsom & Ewell Borough Council’s Customer Service Team uses your information. 

If anything in this notice is not clear, or if you have further queries, please get in contact with the Data Protection Officer by emailing or by calling 01372 732000 and asking to speak to the Data protection officer.

What information do we hold

We collect information about people who live in Epsom and Ewell as well as people outside the county who use services that we provide.

Most of the information we hold starts as a result of:

  • An individual directly contacting us wanting to use one of our services.
  • A third party such as a Local Councillor or MP, making a referral to us, generally on the individual’s behalf and with their knowledge.

What information we collect varies according to the services people receive but may include:

  • Name, Address, Date of Birth, Contact details, information recorded as part of your contact with our services and details about third parties involved in supporting you

The information we collect is recorded on our databases and in electronic folders on Epsom & Ewell Borough Council’s secure network where it is accessible only to staff who need to see it to do their jobs. 

Why do we have it and what do we use it for

Much of what we do is a result of legislation set nationally that requires us to provide various public services in Epsom and Ewell and this includes Complaints, Comments and Compliments.  In such cases, if you access a council service then the law that requires us to provide that service will be our legal basis for collecting and using your personal data, as we cannot provide you with the service without it.

Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All staff receive training on data protection and information security.

Who we share information with and why

We may be required to share information with a range of different types of people and organisations depending on the service being provided or the statutory requirement that we have to comply with.  The types of recipients include:

  • Our contractors: organisations that we commission to provide goods and services
  • Law enforcement agencies, such as The Police
  • Health and social care organisations and professionals (such as NHS bodies and GPs
  • Regulatory bodies, investigators and ombudsman (for example, Local Government Ombudsman and Auditors)
  • Courts, tribunals and prisons
  • Legal representatives
  • Fraud prevention agencies
  • Councillors
  • Housing associations and landlords

We may also use your personal information if it is in your vital interests, where your life is or could be in danger. This will not happen very often, if at all, but it will help to identify and assist individuals whose vital interests are threatened, and /or who need additional support during emergencies or major incidents, for example emergency evacuation.

We will share data about you between council departments so that we can keep your details up-to-date and improve our service to you. We may also share information where we have your prior consent or there is another legal reason for doing so.

If we use a third party to provide you with council services we will pass your details to them in order that they can provide the service. The third party will only be able to use data to provide the services and for no other reason.  

How long we keep hold of information for

We only keep information for as long as it is needed.  

We will only hold your personal information for as long as necessary for business purposes or if we are required to keep it by law. There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.

What rights you have

(For full details please see our Privacy and Cookies page

You have various rights around the data we hold about you.

  • Right of access (to receive a copy of your personal data)
  • Right to rectification (to request data is corrected inaccurate)
  • Right to erasure (to request that data is deleted)
  • Right to restrict processing (to request we don’t use your data in a certain way)
  • Right to data portability (in some cases, you can ask to receive a copy of your data in a commonly-used electronic format so that it can be given to someone else)
  • Right to object (generally to make a complaint about any aspect of our use of your data)
  • Right to have explained if there will be any automated decision-making, including profiling, based on your data and for the logic behind this to be explained to you.

Any such request can be submitted to the Data Protection Officer. Whether we can agree to your request will depend on the specific circumstances and if we cannot then we will explain the reasons why.

If you have any questions about the information above please contact us at or call Customer Services on 01372 732000 and ask to speak to the Data protection officer

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House 
Water Lane

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Alternatively, visit or email