COVID-19 Community Testing Privacy Notice

This Privacy Notice sets out what you need to know about how Doncaster Council will use your information for a COVID-19 test. The Council is committed to meeting its data protection obligations and handling your information securely. You should make sure you read and understand this notice before submitting your information to us.

Community Testing Programme

Community Testing is to be rolled out throughout the borough. Several sites will be established within localities to undertake, COVID-19 Lateral Flow Tests (LFTs) will be undertaken. These are for people who are showing NO symptoms of the virus. It is envisaged that most people will test negative. However, it is possible that some will receive a positive result if they are asymptomatic, e.g. a person infected with COVID-19 who has not developed symptoms.

Attendance will be voluntary, but we would like to encourage people to attend.

Depending on the circumstances appointments may be bookable online or via telephone, with most being arranged by walking up to a test centre. Whichever way you access a test slot, you will be asked to provide certain information to allow us to manage your appointment.

Once on site, you will administer a self-swab test and just over thirty minutes later you will be advised, preferably via text message, of your result.

What information about you do we need to collect?

If you consent to a test, when booking an appointment, you may be asked to provide:
  • Your name
  • Email address (to confirm your booking)
  • Date of birth
  • Telephone number
  • Gender
  • House number and home postcode
  • Advise where you found out about the testing service that is being provided
  • Whether you consider yourself to have a disability
  • Ethnicity
  • Job Role
  • Employer

How do we collect information about you?

Information will be collected from you directly, this may be via our online booking solution or from you when you contact us by phone

If you are a walk-up customer, you will be asked this information by the registration staff on site.

How will your information be used?

Your information will be used to manage your test booking and appointment, to administer the test and provide details of the result directly into the NHS Test and trace system. Please note that NHS Digital are the data controller for this system, and you need to refer to the privacy notice below for further details of how they will use your information.

Information held by the Council will be used to assist the Public Health team to manage the pandemic more effectively in the borough. If you were to test positive, the Public Health team will use this information to help them to identify if there any COVID hotspots. They will also use the details be able to contact trace anyone you have been in close proximity to, and will offer support via their welfare calls process to affected persons.

The Legal Basis for using your information

The legal basis which we rely on to use the information is:

GDPR Article 6:-

(1)(c) to do so is necessary because of a legal obligation that applies to the Council
(1)(e) to do so is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority
(2)(g) processing is necessary for reasons of substantial public interest
(2)(i) processing is necessary for reasons of public interest in the area of public health

Who will your information be shared with?


Information regarding your appointment booking will be held within the Council and not shared with anyone else. All information will be administered by and for, the Public Health team.

When you attend for the test you will be asked to provide some of the information we are collecting again. This will be entered directly into a database provided by NHS Digital on behalf of the Department of Health and Social Care and used by the NHS test and trace teams. If you receive a positive test the information will be used by the Public Health team for tracking and tracing, for welfare calls and to monitor the spread of the virus.

The Council will never sell your information to anyone else.

How long will we keep your information?

We will keep your information for different periods of time, depending on what we are using it for. We only keep your information for as long as we need to, after which we will securely delete the information – the table below sets out typical timescales for each activity:


Time information kept for

Covid19 request and outcomes

A maximum of 1 year for personal details (in line with Government requirements during this Pandemic)

Following this period only numbers of positive/ negative results will be kept (no personal details)

Transfers to countries other than the UK

In order to provide an online booking service the Council will be using a system called Calendly which is based outside the United Kingdom and the European Union (EU) and is located in the United States. Only your name and email address will be transferred, all other data will remain within the UK.

Your rights

The law gives you specific rights over your information. These rights are:
  • to be informed of our use of information about you;
  • of access to information about you;
  • rectify information about you that is inaccurate;
  • to have your information erased (the ‘right to be forgotten’);
  • to restrict how we use information about you;
  • to move your information to a new service provider;
  • to object to how we use information about you;
  • not to have decisions made about you on the basis of automated decision making;
  • to object to direct marketing; and,
  • to complain about anything the Council does with your information (please see the ‘Complaints’ section below).
Some of the rights listed above apply only in certain situations, and some have a limited effect. Your rights are explained further in the Individuals’ Rights Procedure on our website, as is how to make a request under one or more of them. You can request information about yourself by making a subject access request on this page of the Council’s website.

Changes to this privacy notice

This notice is kept under regular review to make sure it is up to date and accurate.

Data Protection Officer (DPO)

The Council is required by law to have a DPO. The DPO has a number of duties, including:
  • monitoring the Council’s compliance with data protection law;
  • providing expert advice and guidance on data protection;
  • acting as the point of contact for data subjects; and,
  • co-operating and consulting with the Information Commissioner’s Office (see ‘Complaints’ below).
The Council’s Data Protection Officer can be contacted by email at 


If you are unhappy with the way in which your information has been handled you should contact the Council’s Data Protection Officer so that we can try and put things right. Alternatively, and if we have been unable to resolve your complaint, you can also refer the matter to the Information Commissioner’s Office (ICO).

The ICO is the UK's independent body set up to uphold information rights, and they can investigate and adjudicate on any data protection related concerns you raise with them. They can be contacted via the methods below:


Telephone: 0303 123 1113

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.



Last updated: 07 July 2021 11:07:11