Infection Control Fund privacy notice

We keep this privacy notice under regular review and it was last updated on 2 July 2021.

Kent County Council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Who we are

Kent County Council collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Benjamin Watts.

The Adult Social Care Infection Control Fund was first introduced in May 2020 and was initially worth £600 million. The purpose of this fund is to support adult social care providers, including those with whom the local authority does not have a contract, to reduce the rate of COVID-19 transmission within and between care settings, in particular by helping to reduce the need for staff movements between sites.

The personal information we collect and use

Information collected by us

In the course of the Infection Control Fund project, we collect the following personal information when you provide it to us:

  • contact details (email address, telephone number)
  • service details (Care Quality Commission location and provider ID)
  • financial (creation of payment files, issuing remittance invoices, making payments of the Infection Control Fund).

We also obtain personal information from other sources as follows:

  • service name - NHS Capacity Tracker, Care Quality Commission location ID
  • job title - Provider, Commissioning Team (KCC)
  • organisation- Provider, Commissioning Team (KCC)
  • Care Quality Commission Location ID- NHS Capacity Tracker
  • Care Quality Commission Provider ID- NHS Capacity Tracker, provider
  • email address- Provider, Commissioning Team (KCC)
  • contact telephone number- Provider, Commissioning Team (KCC).

How we use your personal information

We use your personal information to:

  • email to confirm allocation of Infection Control Fund through Grant Agreements or Variation Agreements
  • respond to emails
  • advise when reporting links are open for completion
  • questionnaires (reporting on the Infection Control Fund is a requirement from the Department of Health and Social Care. As a Local Authority we are required to provide the Department of Health Social Care details of how the Infection Control Fund has been distributed. Questions are set within the DOHSC templates, and this informs the Infection Control Reporting Points questions and providers are required to confirm how the funds have been spent).

Reasons we can collect and use your personal information

We rely on Article (6)(1)(a) consent – you have given your clear consent for us to process your personal data for a specific purpose.

How long your personal data will be kept

We will only hold your personal information for as long as necessary. To work out how long we need to keep your information for we use our retention schedule (see retention MN10.1.04 for this project). The criteria for determining retention periods are statutory or other industry requirements, legal liability or other legal requirements and best business practice.

Information will be held on a secure MS Teams site, with limited access, and records will be electronically transferred to the Commissioning Team (KCC) once the project has ended.

Who we share your personal information with

We routinely share information in the following ways:

  • provider name or location ID with the Kent County Council Finance team
  • provider name or location ID with the Kent County Council Commissioning Team.

This data sharing enables us to ensure that you receive the most relevant and up to date information regarding the dissemination of the infection control fund.

We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.

We will share personal information with our legal and professional advisers in the event of a dispute, complaint, or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity.

Your rights

Under the UK GDPR you have a number of rights which you can access free of charge which allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office.

Depending on our reason for using your information you may also be entitled to:

  • object to how we are using your information
  • ask us to delete information we hold about you
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • stop us using your information in certain ways.

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise a right, please contact the Information Resilience and Transparency Team at

Your right to withdraw your consent

Where we rely on your consent to process your personal information, you can withdraw your consent to our use of your data at any time. You can do this by contacting the Infection Control Mailbox at or by calling 03000 422 197.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


Please contact the Information Resilience and Transparency Team at to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer, Benjamin Watts, at

The United Kingdom General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner who may be contacted on 0303 123 1113.

Read our corporate privacy statement.