Menu

Contact Centre privacy notice

Last updated: 1 April 2026

Who we are

We provide a wide range of statutory and other services to local people and businesses and needs to collect, use and process personal information about you. When we do so, we are regulated under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Our Data Protection Officer is Benjamin Watts.

The personal information we collect and use

Information collected by us

When you contact our Contact Centre, we may collect the following personal information depending on the nature of your enquiry and the service you are contacting us about. This can include your:

  • name
  • telephone and mobile number
  • email address
  • address
  • date of birth
  • details of your enquiry or request along with relevant information needed to process that request, for example:
    • National Insurance number
    • gender
    • any reasonable adjustments you may require.
  • any other personal information you choose to provide during your contact with us.

If you contact us via telephone, webchat or SMS, we may also collect:

  • call recordings
  • webchat transcripts
  • SMS message content
  • AI-generated summaries or sentiment analysis of your interaction (where applicable).

You should also read the privacy notice relating to the specific service you are contacting us about, as additional information may be collected and processed by that service.

Where there is a payment to be made over the telephone the recording function is turned off, and therefore no payment information is recorded to comply with Payment Card Industry Security Standards (PCI DSS).

How we use your personal information

We use your personal information to:

  • understand and respond to your enquiry
  • provide information, advice, or services you have requested
  • refer your enquiry to the appropriate KCC service or department
  • monitor and improve the quality of our services
  • train and support our staff
  • investigate and respond to complaints or feedback,
  • ensure the safety and wellbeing of our staff and service users.

We may use artificial intelligence (AI) tools, such as automated assistants or chatbots, to help answer common questions or direct your enquiry. These tools are used to support our staff and improve your experience. No automated decisions are made about you.

How long your personal data will be kept

We will only hold your personal information for as long as necessary. The following retention periods apply to Contact Centre records:

Retention periods by data type
Type Retention period
Call recordings3 months
Web chat transcripts3 months
SMS logs3 months
CRM log out of hours3 months

After these periods, the information is securely and permanently deleted. If your enquiry is passed to another of our services, the information may be stored in that service’s systems and retained in line with their specific privacy notice.

For performance and reporting purposes, we also retain call data (also known as metadata) for 2 years, which captures details such as:

  • the telephone number you called on
  • the telephone number dialled
  • the date and time of each call
  • the call duration
  • how the call was routed across our services.

Reasons we can collect and use your personal information

We rely on the following lawful bases under the UK GDPR:

  • Article 6(1)(e) – Public task: the processing is necessary for us to perform a task in the public interest or for our official functions.
  • Article 6(1)(a) – Consent: where you have requested or agreed to receive information via SMS or other optional communications. We will not use your number to send you information other than the original SMS requested.
  • Article 9(2 (e) Relates to data manifestly made public by the data subject.
  • Article 9(2)(g) – Substantial public interest: where we process special category data to meet our legal obligations and support the delivery of our services.

Who we share your personal information with

We may share your information with:

  • our other departments and services to respond to your enquiry
  • third party suppliers who are commissioned by the council to deliver services that you have requested
  • Capita PLC, who operate the Contact Centre on our behalf
  • Amazon Web Services (AWS), who provide the secure cloud-based telephony platform (Amazon Connect) used to manage and record calls
  • Financial system Sequence Shift to process payments.

Capita act as data processors under contract with us and are required to comply with our data protection policies and the UK GDPR. They only access your information where necessary to deliver the Contact Centre service and are bound by strict confidentiality and security obligations.

We will not share your information with any other third parties unless required or permitted to do so by law.

You should also read the privacy notice relating to the specific service you are contacting us about, as additional information may be collected and processed by that service.

Your rights

Under UK GDPR you have rights which you can exercise free of charge which allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you (Subject Access Requests)
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office
  • withdraw consent (if applicable).

Depending on our reason for using your information you may also be entitled to:

  • ask us to delete information we hold about you
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • object to how we are using your information
  • stop us using your information in certain ways.

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the United Kingdom General Data Protection Regulation.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Contact

Contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

Contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk .

The United Kingdom General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner who may be contacted via the Information Commissioner's website or telephone 0303 123 1113.

Read our corporate privacy statement.