Privacy and Cookies

This privacy policy tells you what to expect when we collect personal data, including sensitive personal data, about you.

We collect and process personal data, to enable us to carry out all of our functions and tailor services to our customers. Under the Data Protection Act 1998, Epsom and Ewell Borough Council is the 'data controller'

Personal Data We Collect About You

We may from time to time collect personal data & sensitive personal data about you. For example, when you

  • apply or sign up to use our services;
  • send us feedback;
  • complete a questionnaire;
  • complain;
  • contact us in any way for any other reason.

We may receive information about you from other sources (such as credit reference agencies) and third parties (such as the police), when conducting investigations, which we will add to the information which we already hold about you.

Sometimes we must collect your information by law, for example in relation to Council Tax.

How We May Use Your Personal Data

We will use your personal data in accordance with this privacy policy, and in any privacy statement that you may be given at the time your information is obtained from you.

If you give us information for a particular reason to meet your requirements, you will have consented to our processing it for that reason.

Sometimes we will not need your consent to process your data, for example where the information is required by law, for example when applying for Housing Benefit.

We may also use your data to collect feedback. You may receive an automated feedback message to a number you called us on, either via text message or phone call. This feedback is used to improve the quality of service that we can provide. It is possible to opt out of this service by informing one of our customer service advisers.


See here for information on our use of cookies

Disclosing and Sharing Your Personal Data

Our teams across the council will not share confidential or sensitive information, unless we have your prior consent or there is another legal reason for doing so. For example, if we want to share information about your health we will ask you for your consent when this information is originally obtained.

In some cases information, including sensitive personal data may be shared without you even knowing about it or consenting to this. This might be the case where telling you about the sharing would be likely to prejudice a criminal investigation, or prevent a vulnerable person receiving proper protection. We can share health information in a medical emergency with nurse or a doctor who is subject to the same restrictions on disclosure of confidential information as the Council.

Under the Representation of the People Act 2000 and related consequential regulations, the Council's Electoral Registration officers have the power to inspect and copy records held by the Council for the purposes of maintaining the electoral register. This means that any information held by the Council may be processed for the purposes of maintaining the electoral register.

Under the Local Government Act 1972, every local authority is required to make arrangements for the proper administration of their financial affairs and to comply with this duty, the Council's Internal Audit officers can access any record held by this Council. This means that information held about you may be processed for the purpose of discharging this duty.

Under the Welfare Reform Act 2012 and related regulations, the Council has lawful authority to share information with the DWP, local authorities and authorities that administer Housing Benefit, and between local authorities and social landlords, in relation to the services that the Council provides under this Act, for specified purposes, without your consent.

Keeping your Data Secure

We are committed to ensuring that your information is securely held.

We manage, maintain and protect all information according to legislation, our policies and best practice. We have security measures in place to maintain and safeguard the confidentiality, integrity and availability of our systems and data. All information is stored, processed and communicated in a secure manner, with those authorised to use it.

We use technical and organisational measures to safeguard your personal information.

When we no longer require to keep information about you, we will review it and archive it for any relevant legal retention period and ultimately dispose of it in a secure manner.

We use all reasonable efforts to safeguard your personal data, however the council acknowledges that the use of the internet is not entirely secure and for this reason we cannot guarantee the security of personal data which is transferred from you or to you via the internet. We will ensure that personal data is sent in an encrypted secure manner.


We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of e.g. quality assurance, training, fraud prevention and compliance.

Fraud Prevention, Fraud Detection and Criminal Investigations

Epsom and Ewell Borough Council is under a duty to protect the public funds that it administers. For fraud prevention & detection purposes and in carrying out criminal investigations, we may search the files of credit reference agencies (such as Experian) and fraud prevention agencies (such as the National Anti-Fraud Network) who will record the search. We will take this action where it is proportionate and reasonable. We may disclose information about you for these purposes to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other organisations (such as banks or credit card companies) may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also share your personal data with other bodies responsible for auditing or administering public funds for the detection and prevention of fraud. For further information see the National Fraud Initiative - Fair Processing Notice.

Your Rights and Requests for Information About You that we Hold

You have the right, subject to the payment of £10, to request access to personal data which we may hold about you. This is known as a Subject Access Request. If you wish to exercise this right please download this form.

What to do if you have any Questions or Complaints

Should you be dissatisfied with anything in this policy, or have any questions about anything on this page, please Contact Us.

Should you then remain dissatisfied with any aspect of this privacy policy, you may wish to complain to the Information Commissioner whose address is:

The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Telephone: 03456 30 60 60 or 01625 54 57 45 or visit the ICO Website.

We may change this privacy policy from time to time to take account of changes in the law and government guidance.