Skip to sub navigation Skip to main content

Self-isolation COVID-19 payments - Privacy Notice

This privacy notice explains how the council will collect data from individuals following the Government’s Test and Trace Support Scheme from 12 October 2020.

This new Covid-19 one-off payment scheme is for those on low incomes nationally who need to self-isolate and are unable to work from home in areas of high risk. For more details about the scheme see the Government’s guidance.

This privacy notice should be read alongside our main Privacy Notice.

Data Controller

The Department of Health and Social Care (DHSC) has commissioned NHS Test and Trace on behalf of the government and is the joint data controller for the purposes of providing Test and Trace data to Ashfield District Council.

Ashfield District Council are the joint data controller for the purposes of assessing eligibility, administering and making payments under the Test and Trace Support scheme.

A Data Sharing Agreement is in place between the parties to ensure and demonstrate compliance with the data protection legislation.

What information do we collect?

As advised by the Government, the council may need to collect the following information upon receipt of your application for a self-isolation support payment:

  • full name
  • full residential address
  • email address
  • mobile telephone number
  • home telephone number
  • proxy applicant details (as above where you may nominate someone else to complete this application on your behalf)
  • employer name and address
  • NHS notification number (the unique reference you will be given by NHS Test and Trace Service to self-isolate)
  • bank account details
  • your National Insurance number
  • proof of self-employment such as recent business bank statement (within the last 2 months), most recent set of accounts or evidence of self-assessment

The above information is called ‘Personal Data’. In addition to this we will also need to collect ‘Special Category Data’ from you in relation to your health:

  • health data to confirm your positive test for COVID-19 or that you have been in close contact with someone who has tested positive for COVID-19.

Why we need your information and how we use it

If you have been told by the NHS to self-isolate, either because you have tested positive for COVID-19 or you have been in contact with someone who has tested positive, you may be entitled to some financial support during your self-isolation period as a result of this new Government initiative. As a result, if you make an application for this funding the council need your information in order to assess whether you are eligible for the payment.

A one-off Test and Trace Support payment or provision from the discretionary fund to remain at home to help stop the spread of the virus.

What we use your personal data for

We will carry out checks with the NHS Test and Trace Service and the Department for Work and Pensions (DWP), for verification purposes, Her Majesty’s Revenue and Customs (HMRC), for tax and National Insurance purposes, and potentially with your employer in validating your application. 

Information relating to your application will also be sent to the DHSC to help understand public health implications, allow us to carry out anti-fraud checks and determine how well the scheme is performing.

The local authority will put in place checks to prevent fraud and ensure compliance through welfare check-ins, phone calls and employment checks.

We will not share this data with other organisations or individuals outside of Ashfield District Council for any other purpose.

We will provide information to HMRC in relation to any payments we make because Self-Isolation Payments are subject to tax and National Insurance contributions. If you are self-employed, you will need to declare the payment on your self-assessment tax return.

What is our lawful basis for processing the personal data and special category data?

To remain compliant with data protection legislation, the council must have a legal basis to process your personal data. Our lawful basis in the processing that we’ll undertake in assessing your eligibility for, and in making any self-isolation payment to you, is based on a legal obligation.

Where we use personal information to confirm that someone is eligible for a self-isolation payment, the sections of the law that apply are:

  • GDPR Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller with a clear basis in law.

The additional conditions required for processing special category data are:

  • GDPR Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare;
  • Data Protection Act 2018 Schedule 1 Part 1 (2) - health or social care purposes

Separately, we have special permission from the Secretary of State for Health and Social Care to use confidential patient information without people’s consent for the purposes of diagnosing, recognising trends, controlling and preventing, and monitoring and managing communicable diseases and other risks to public health.

This is known as a ‘section 251’ approval and includes, for example, using your test results if you test positive for COVID-19 to start the contact-tracing process.

The part of the law that applies here is section 251 of the National Health Service Act 2006 and Regulation 3 of the associated Health Service (Control of Patient Information) Regulations 2002.

You can find more information on this via the NHS Contact Tracing Privacy Notice.

Data Processors and other recipients of your data

These are the recipients with which your personal data is shared:

  • Her Majesty’s Revenue and Customs (HMRC) for tax and National insurance purposes
  • your employer for verification checks purposes.

Ashfield District Council’s Revenues and Benefits Department will only share your data with other departments within the council or externally where there is a legal basis to do so.

International Data Transfers and Storage

None

Personal data disposal and retention

We will only keep your personal data for as long as it is needed for the purposes of the COVID-19 emergency, and for audit and payment purposes.

Your rights

As defined in the data protection law, GDPR Article(s) 12-23 and Data Protection Act 2018, you have the following rights:

  • the right to be informed about the collection and use of your personal data. This is outlined on this page
  • the right to erasure. If at any point you’d like us to delete the personal data you provided, please advise us and we will delete all information related to you where possible
  • the right to object to us processing your personal data. If you do so, we will delete all the personal data we hold in relation to you
  • the right to rectification. If the information held is in any way incorrect, you can contact the data controller and request that the information be rectified
  • your right to get copies of your information – you have the right to ask for a copy of any information about you that is used.

In certain circumstances exemptions to these rights may apply. Further information is available on the Information Commissioner’s Office website.

Further information

If you consider that your personal data has been misused or mishandled by us, you can raise this with the data controller. In this instance, the data controller is the Data Protection Officer who can be contacted by: 

If you remain dissatisfied you can make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
WILMSLOW
SK9 5AF.

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Security

The council use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.

Changes to our policy

The Council keep their privacy notices under regular review, and will make new versions available on the privacy notice section of the website. This privacy notice was last updated on 7 October 2020.