Blue Badge Service

To comply with the UK General Data Protection Regulation (UK GDPR), where personal data relating to a data subject is collected, Lancashire County Council would like to provide you with the following details.

Identity and contact details of the data controller

  • Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ

Contact details of the data protection officer

  • Our Data Protection Officer is Joanne Winston. You can contact him at dpo@lancashire.gov.uk or Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ

Reasons for processing your personal data

The Lancashire County Council Blue Badge Service is responsible for administering the statutory Blue Badge Scheme, which enables eligible individuals with disabilities or health conditions affecting mobility to access goods and services by allowing them to park closer to their destination.

Core Functions and Activities

The service undertakes the following activities:

  • Processing Applications: Receiving, assessing, and determining eligibility for Blue Badge applications, including renewals and replacements.
  • Assessment Procedures: Conducting desktop or in-person mobility assessments where required, based on information provided by applicants or healthcare professionals.
  • Issuance and Management: Issuing Blue Badges to eligible applicants and maintaining a register of badge holders.
  • Enforcement and Fraud Prevention: Investigating misuse or fraudulent use of Blue Badges and taking enforcement action where necessary.
  • Appeals and Reviews: Managing appeals and reconsideration requests from applicants whose applications were declined.
  • Service Planning and Improvement: Using data to evaluate service performance, improve policies, and plan future service delivery.
  • Compliance and Reporting: Ensuring compliance with relevant legislation and reporting to government departments such as the Department for Transport.

Legal basis for processing personal data

The legal basis for processing your personal data, in accordance with the UK GDPR Article 6 is:

(c) Legal Obligation: the processing is necessary for us to comply with the law. We will cite the applicable legislation if we need to rely on this basis for processing.

Processing is necessary for compliance with a legal obligation to which the council is subject. This includes obligations under:

  • Chronically Sick and Disabled Persons Act 1970
  • The Disabled Persons (Badges for Motor Vehicles) (England) Regulations 2000

(e) Public Task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. We will cite the applicable task/function and its' basis in law if we wish to rely on this basis for processing.

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the council. The Blue Badge Scheme is a statutory function with a clear basis in law, designed to support individuals with mobility impairments in accessing services and facilities.

Legal basis for processing special categories of personal data

The legal basis for processing special categories of personal data relating to you, in accordance with the UK GDPR Article 9 is:

(g) Processing is necessary for reasons of substantial public interest.

  • Schedule 1, Part 2 of the Data Protection Act 2018


Specifically, the condition met is:

  • Paragraph 6 – Statutory and Governmental Purposes: Processing is necessary for the exercise of a function conferred on a person by an enactment or rule of law, or by the Crown.

This basis allows the council to process health-related data to determine eligibility for a Blue Badge, conduct assessments, and manage appeals or enforcement actions.

Relevant Legislation Supporting This Basis

  • Chronically Sick and Disabled Persons Act 1970
  • The Disabled Persons (Badges for Motor Vehicles) (England) Regulations 2000
  • Data Protection Act 2018
  • UK General Data Protection Regulation (UK GDPR)

Legal basis for processing criminal offence data

Our service will process criminal offence data where we have a legitimate requirement to do so. Where we process such data, we will rely on the following legal basis to do so:

This processing is further governed by the Data Protection Act 2018, specifically:

  • Schedule 1, Part 1, Paragraph 2 – Substantial Public Interest
    Processing is necessary for the exercise of a function conferred by an enactment or rule of law and is carried out with appropriate policy documentation in place.

Information we process about you

To administer the Blue Badge Scheme, we collect and process the following categories of personal data:

  1. Personal Data

We process standard personal data to identify applicants and assess eligibility:

  • Full name
  • Date of birth
  • Address
  • Telephone number
  • Email address
  • Place of birth
  • National Insurance number
  • Photograph (for badge production)
  • Details of any representative or advocate
  • Copies of identity and proof of address documents
  • Payment details (where applicable)
  1. Special Category Data

We process health-related data to determine eligibility under the scheme:

  • Medical information relating to mobility or other relevant conditions
  • Supporting evidence from healthcare professionals (e.g. GP or consultant letters)
  • Details of qualifying benefits (e.g. Personal Independence Payment, Disability Living Allowance)
  • Information from social care services (if applicable)

This data is processed under Article 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 for reasons of substantial public interest.

  1. Criminal Convictions and Offences Data

In cases involving misuse or fraud, we may process:

  • Data relating to criminal convictions or offences
  • Enforcement history or investigation details

This data is processed under Article 10 of the UK GDPR and Schedule 1 of the Data Protection Act 2018, under the control of official authority and with appropriate safeguards in place.

Recipients of the personal data that we process about you

To deliver the Blue Badge Scheme effectively and lawfully, we may share your personal data with the following recipients:

Internal Recipients

  • Authorised council officers involved in assessing applications, conducting mobility assessments, issuing badges, and managing appeals or enforcement.
  • Social care teams where relevant to your application or eligibility.
  • Corporate services such as finance or audit teams for payment processing and compliance.

External Recipients

  • Department for Transport (DfT) – for reporting and compliance with national Blue Badge Scheme requirements.
  • Software providers and contractors – who host or maintain the Blue Badge application systems on behalf of the council, under strict data protection agreements.
  • Healthcare professionals – such as GPs or consultants, where medical evidence is required to support your application.
  • Fraud prevention agencies – to detect and prevent misuse of the scheme, verify identity, and comply with legal obligations.
  • Other local authorities or enforcement bodies – where necessary for cross-border badge verification or fraud investigations.

Any transfers to another country

No

Retention periods

Lancashire County Council will only store your information for as long as is legally required or in situations where there is no legal retention period they will follow established best practice.

File type Description Security Retention period
Applications Completed application forms, supporting documents, eligibility assessments Stored securely in access-controlled systems; restricted to authorised staff
  • Applications –4Years
  • Declined applications – 12 months
  • Supporting documents destroyed 4 years from date of decision
Issued badges Records of badges issued, including badge number, issue and expiry dates Stored securely in access-controlled systems; restricted to authorised staff 4 years from the expiry of badge · Cancelled badges – 12 months · Expired badges – 12 months
Medical evidence Health-related documents submitted to support eligibility Stored securely; access restricted to assessment officers 12 months from date of application
Correspondence and identification Documents submitted for proof of identity and address Stored securely; access restricted to assessment officers 12 months from date of application
Correspondence and appeals Emails, letters, and notes relating to appeals or complaints Secure email and document management systems 12 months from the date of declining the application 4 years if the decision is overturned
Fraud investigation records Data relating to misuse or enforcement actions Stored securely; access restricted to enforcement and legal teams 4years from conclusion of investigation
Payment records Records of payments made for badge applications Stored in secure financial systems 4years to meet audit requirements

Your rights

You have certain rights under the UK General Data Protection Regulation (UK GDPR), these are those rights:

  • to be informed via Privacy Notices such as this.
  • to withdraw your consent. If we are relying on your consent to process your data, then you can remove this at any point.
  • of access to any personal information the council holds about yourself. To request a copy of this information you must make a subject access request in writing. You are entitled to receive a copy of your personal data within 1 calendar month of our receipt of your subject access request. If your request is complex then we can extend this period by a further two months, if we need to do this, we will contact you. You can request a subject access request, either via a letter or via an email to Information Governance Team, address below.
  • of rectification, we must correct inaccurate or incomplete data within one month.
  • to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
  • to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
  • to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
  • to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
  • in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.

If you want to exercise any of these rights, then you can do so by contacting:

Information Governance Team
Lancashire County Council
PO Box 78
County Hall
Preston
PR1 8XJ

Email: dpo@lancashire.gov.uk

To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.

Further information

If you would like more information about this specific service, then please Visit Blue Badges - Lancashire County Council to find contact details.

For more information about how we use personal information see Lancashire County Council's full privacy notice.

If you wish to raise a complaint on how we have handled your personal data, you can contact the Information Governance team who will investigate the matter.

Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ or email: dataprotection@lancashire.gov.uk

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).