How we use your information

The purpose of this web page is to inform members of the public about what to expect when Devon County Council collects personal data about them. We will collect personal data about different types of people including:

  • visitors to our websites
  • complainants and other individuals as part of complaints and requests for information
  • people who use our services, such as social care clients or other service users
  • people who contact the council requesting either information or a service
  • job applicants and our current and former employees.

Whenever we collect personal data from you we will ensure you are provided with a privacy notice which complies with data protection laws. We endeavour to make our privacy notices available online.

Visitors to our website

When someone visits our website, we collect certain information about these visitors, such as IP addresses and details of the pages which these people have visited. This information does not allow us to identify individuals but helps us to ensure our website is structured in the most effective and user-friendly way.

We will sometimes collect personal data via our website. In these circumstances, we will inform individuals why we wish to collect this information, what we will do with it and we will include details of who we will share this information with. This information will feature in a privacy notice which will be issued in accordance with our data protection policies.

Use of IP addresses

An IP address is a set of numbers that is automatically assigned to your computer whenever you log on to your internet service provider (or through your local area network (LAN). Web servers, the powerful computers that provide web pages for viewing, automatically identify your computer by the IP address assigned to it during your session online.

IP addresses may be collected for certain purposes (for example, to audit the use of our site). We do not link a user’s IP address to a person’s personal data, which means we will have a record of each user’s session but the user will remain anonymous to us.

Under certain circumstances, IP addresses and/or domain names may be linked to personally identifiable information, when this information is stored in databases managed by internet registrars or registries such as Network Solutions or ARIN.

Use of cookies

You can read more about how we use cookies on our Cookies page.

Search engines

Our website search is powered by Google. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Devon County Council or any third party.

Network security

We operate secure data networks that are protected by a firewall. Both the Council and our partners have security measures in place to attempt to protect our website against the loss, misuse and alteration of personal data that is under our control.

Information that you supply to us is restricted to only those staff that need access to this information for their jobs. We have a robust data protection policies in place to help our staff to ensure all personal data is handled professionally and in accordance with the law. Our staff are also required to undertake data protection training every two years.

People who call our Customer Service Centre

When you call our Customer Service Centre (My Devon) we may collect personal data for the purposes of dealing with enquiries. Certain calls may be monitored and recorded for training purposes. We will inform you if your call is being recorded.

People who email us

We are part of the GCSX network. Therefore, any email sent to us, including any attachments, may be monitored by the Council. Email monitoring or blocking software may also be used to protect the Council’s ICT Infrastructure against viruses and other forms of malware.  The Council has a robust Cyber Security policy in place to ensure that our network and the information assets managed as part of it are secured from cyber threats.

People who make a complaint to us

We handle numerous different types of complaints including those relating to:

  • data protection breaches
  • freedom of information responses
  • service specific complaints
  • social care complaints.

When we receive a complaint we will create a file containing the details of the complaint. This file may consist of paper and or electronic documents and will normally contain the identity of the complainant and any other individuals connected to the complaint.

Any personal data that we collect throughout the course of handling a complaint will be used to process the complaint and to check the level of service we provide. We may compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

The Council may have to disclose the complainant’s identity to the service which is the subject of the complaint. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal data contained in complaint files for two years from the closure of the complaint. It will be retained in a secure environment and access to it will be restricted to those who are responsible for responding to complaints.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Sharing your information

We are responsible for the delivery of a wide range of services to members of the public. Many of these services are delivered by the Council directly. Some of our services are delivered by contractors and providers on our behalf. The Council may need to share personal data with these contractors and providers, so they can deliver a service to you. We will undertake to only share information which is relevant and necessary for the provision of that service to you.

The Council may share your personal data internally across services to help provide a service to you. This information will be restricted to only those staff members that need access to this information. We will not share your information with any third-party organisations unless you have provided your consent for this sharing or the council is required to share this information by law.

Circumstances when the Council may be required to share your personal data without your consent may include instances where the information is required for the purposes of prevention or detection of crime, or the apprehension and prosecution of offenders. We may also be required to share your personal data for the purposes of safeguarding or protecting the welfare of yourself and others. In these circumstances we will only share information that is relevant for the intended purpose and information that is shared will be restricted to the minimum necessary.

If you believe that your personal data has been shared inappropriately, you have a right to complain about this. More information about how to make a complaint is available on our customer feedback page.

Reporting security incidents

We have a responsibility to monitor all incidents that may breach security and/or confidentiality of information. In the interest of maintaining strong security protocols, the council encourages all staff and members of the public to bring to our attention, incidents involving the loss of personal or sensitive business information.

If you have lost or found such information, please complete the Council’s Security Incident Reporting Form. For further advice and assistance please email or phone 01392 383000 and ask for the Information Governance Team. Please include your name and contact details so that we can contact you again if necessary.

Any personal data that is collected via this process will be kept secure and will only be used for the purposes of investigating the specific concern raised.

Job applicants, current and former employees

When individuals apply to work at Devon County Council, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data. This de-personalised information is published by the Council as part of our equality performance monitoring agenda.

Once a person has taken up employment with Devon County Council, we will create an employment file. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Access to personal data

We are committed to openness and transparency when it comes to people gaining access to their personal data. Individuals can find out if we hold any personal data by making a subject access request under data protection legislation. If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form.

To make a request for any personal data we may hold you need to complete our subject access request form or make a request in writing to; Information Governance Team, County Hall, Room 120, Topsham Road, Exeter, EX2 4QD. You can also email us at You may be asked to provide proof of your identity and proof of your address as part of this process. For more information call us on 01392 383000 and ask for the Information Governance Team.

Hotjar – to help us understand our users

We use Hotjar in order to better understand our users’ needs and to optimise our online services. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

How to contact us

For more information about how the Council will process your personal data, or for information on how to access information from us, please email us or write to:

The Data Protection Officer
County Hall, Room 120
Topsham Road