×
Home
Mission
Covid-19
News
VIEW ALL NEWS
Manifesto
News Update
2020+ CONSULTATION
POLLINATING PROSPERITY: ANNUAL SUMMARY 2018/2019
MIDTOWN VALUE: BUILDING CAPITAL FOR LONDON’S FUTURE
UN GLOBAL GOALS &
UKSSD PARTNERSHIP
About
THE DESTINATION OF CHOICE FOR BUSINESS IN LONDON
WHERE COMPETITIVE ADVANTAGE COMES WITH THE POSTCODE
THE PLACE WHERE THE FUTURE IS EVEN MORE EXCITING THAN THE PAST
A COMMUNITY OF VILLAGES CREATING A LEGACY OF SOCIAL GOOD
Campaigns
BEE THE CHANGE
FUTURE LONDON
HOLBORN UNDERGROUND STATION UPGRADE
BEE WILD
A NEW LANDMARK FOR MIDTOWN
MIDTOWN BIG IDEAS EXCHANGE
VISIT WEBSITE
GUIDED WALKS
FREE GUIDED WALKS
BESPOKE WALKS FOR BUSINESSES
DISTRICT SERVICES
ROADWORKS REPORTING A STREET ISSUE CRIME PREVENTION
CONTACT
MAINTAINING RECORDS OF STAFF, CUSTOMERS AND VISITORS TO SUPPORT NHS TEST AND TRACE

Organisations in certain sectors should collect details and maintain records of staff, customers and visitors on their premises to support NHS Test and Trace.

SECTORS THAT THIS GUIDANCE APPLIES TO:

There is a higher risk of transmitting COVID-19 in premises where customers and visitors spend a longer time in one place and potentially come into close contact with other people outside of their household. To manage this risk, establishments in the following sectors, whether indoor or outdoor venues or mobile settings, should collect details and maintain records of staff, customers and visitors:

Hospitality, including Pubs, Bars, Restaurants and Cafés
Tourism and Leisure, including Hotels and Museums

INFORMATION TO COLLECT:

The following information should be collected by the venue, where possible:

Staff:

The names of staff who work at the premises
A contact phone number for each member of staff
The dates and times that staff are at work

Customers and visitors:

The name of the customer or visitor. If there is more than one person, then you can record the name of the ‘lead member’ of the group and the number of people in the group
A contact phone number for each customer or visitor, or for the lead member of a group of people
Date of visit, arrival time and, where possible, departure time
If a customer will interact with only one member of staff (e.g. a hairdresser), the name of the assigned staff member should be recorded alongside the name of the customer

No additional data should be collected for this purpose

Many organisations that routinely take bookings already have systems for recording their customers and visitors – including restaurants, hotels, and hair salons. Due to the COVID-19 outbreak, more organisations are planning to implement an ‘advanced booking only’ service to manage the numbers of people on the premises. These booking systems can serve as the source of the information that you need to collect.

You should collect this information in a way that is manageable for your establishment. If not collected in advance, this information should be collected at the point that visitors enter the premises, or at the point of service if impractical to do so at the entrance. It should be recorded digitally if possible, but a paper record is acceptable too.

HOW RECORDS SHOULD BE MAINTAINED

To support NHS Test and Trace, you should hold records for 21 days. This reflects the incubation period for COVID-19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing. After 21 days, this information should be securely disposed of or deleted. When deleting or disposing of data, you must do so in a way that does not risk unintended access (e.g. shredding paper documents and ensuring permanent deletion of electronic files).

Records which are made and kept for other business purposes do not need to be disposed of after 21 days. The requirement to dispose of the data relates to a record that is created solely for the purpose of NHS Test and Trace. All collected data, however, must comply with the General Data Protection Regulation and should not be kept for longer than is necessary.

General Data Protection Regulation (GDPR)

The data collected is personal data and must be handled in accordance with GDPR to protect the privacy of your staff, customers and visitors.

Personal data that is collected for NHS Test and Trace, which you would not collect in your usual course of business, must be used only to share with NHS Test and Trace. It must not be used for other purposes, including marketing, profiling, analysis or other purposes unrelated to contact tracing, or you will be in breach of GDPR. You must not misuse the data in a way that is misleading or could cause an unjustified negative impact on people e.g. to discriminate against groups of individuals.

Appropriate technical and security measures must be in place to protect customer contact information, and the ICO has produced guidance on this. These measures will vary depending on how you choose to hold this information, including whether it is collected in hard copy or electronically. We would prefer you to record and protect information electronically, but we understand this might not be possible.

You must ensure that individuals are able to exercise their data protection rights, such as the right of erasure or the right to rectification (where applicable).

WHEN INFORMATION SHOULD BE SHARED WITH NHS TEST AND TRACE

NHS Test and Trace will ask for these records only where it is necessary, either because someone who has tested positive for COVID-19 has listed your premises as a place they visited recently, or because your premises have been identified as the location of a potential local outbreak of COVID-19.

NHS Test and Trace will work with you, if contacted, to ensure that information is shared in a safe and secure way. You should share the requested information as soon as possible to help us identify people who may have been in contact with the virus and help minimise the onward spread of COVID-19.

NHS Test and Trace will handle all data according to the highest ethical and security standards and ensure it is used only for the purposes of protecting public health, including minimising the transmission of COVID-19.

If you are contacted by NHS Test and Trace

Contact tracers will:

Call you from 0300 013 5000
Send you text messages from ‘NHStracing’
Ask you to sign into the NHS Test and Trace contact-tracing website

Contact tracers will never:

Ask you to dial a premium rate number to speak to them (for example, those starting 09 or 087)
Ask you to make any form of payment or purchase a product or any kind
Ask for any details about your bank account
Ask for your social media identities or login details, or those of your contacts
Ask you for any passwords or PINs, or ask you to set up any passwords or PINs over the phone
Disclose any of your personal or medical information to your contacts
Ask about protected characteristics that are irrelevant to the needs of test and trace
Provide medical advice on the treatment of any potential corona virus symptoms
Ask you to download any software to your PC or ask you to hand over control of your PC, smartphone or tablet to anyone else
Ask you to access any website that does not belong to the government or NHS