Processing personal data privacy notice

Safeguarding measures

The Council takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place both technically and by means of training and policies. The Council also has annual independent technical health checks and system audits.​​​​

Shared Service

OneSource is a shared back office support service for Havering, Newham and Bexley Councils. We provide a shared service solution covering a range of transactional, operational and strategic services. There is a data sharing agreement between the Councils to share resources. OneSource services includes HR, Finance, Payroll, Legal, Facilities Management and ICT.

Use of 'cookies'

The Council’s website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to analyse and track how you interact with our website and portal. This helps us to improve our website and deliver a better more personalised service.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Transferring your information outside of Europe

On exceptional occasions we transfer data outside of the UK and Europe. The information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, application support, the use of a hosted solution or a social care matter. If data is hosted or transferred we ensure that the council is compliant with the data protection laws and that there is adequate and appropriate protection of the data.

As the UK will be subject to Article 45 of the GDPR, data transfers will only be permissible if we comply with one of the following:

  1. Transfers will be permissible if the country is approved to have an adequate level of data protection and formally accepted as an ‘adequate’ third country
  2. Transfers can be made if the UK makes use of model contractual clauses (approved by the European Commission and/or the relevant Supervisory Authority)
  3. Transfers can be made if the UK makes use of ad-hoc contractual clauses (approved by the relevant Supervisory Authority)
  4. Transfers may be made on the basis of approved codes of conduct/approved certification mechanisms; or Supervisory Authority agreed binding corporate rules (BCRs) may be used to transfer data to/from the UK, when dealing with transfers between organization within a corporate group ( probably not applicable to Councils).