This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data, and keep it safe.
We hope the following will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We will notify you of any significant changes, but you are welcome to come back and check it whenever you wish.
Contents
- Legal basis for processing your data
- Your personal data
- What sort of personal data might we collect?
- When do we collect your personal data?
- Why we use your personal data
- How we protect your personal data
- How long will we keep your personal data?
- Who do we share your personal data with?
- Where your personal data may be processed
- What are your rights over your personal data?
- Contact details
1. Legal basis for processing your data.
The parish council is a public authority and has certain powers and obligations. Most of your personal data is processed for compliance with a legal obligation which includes the discharge of the council’s statutory functions and powers.
The law on data protection sets out a number of different reasons for which a council may collect and process your personal data, including:
Consent:
In specific situations, we can collect and process your data with your consent. this will be used lawfully, fairly and in a transparent way. Your personal data will only be collected for valid purposes that will always be made clear to you and not used in any way that is incompatible with those purposes. They will be accurate and kept up to date.
Contractual obligations:
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example: if you request information from us we will collect the information you give us to provide the information, such as an address, so that we may send you the information you have asked for.
Legal compliance:
We may need to collect and process your data to comply with the discharge of the parish council’s statutory functions and powers. We will process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract, such as for works in the parish which the council commissions. Or to pass details of people involved in fraud or other criminal activity affecting the council to law enforcement agencies.
Public task:
It is Brompton Regis Parish Council’s official task to ensure that data is used in the public interest and that it is processed correctly.
For example: Data will be kept and destroyed securely ensuring that appropriate technical and security measures are in place to protect your personal data from loss, misuse, unauthorized access and disclosure.
2. Your personal data
Personal data is any information about a living individual which allows them to be identified from any data. Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
3. What sort of personal data might we collect?
- Your name, address, title and aliases, contact details such as email and telephone numbers and videos.
o For example, we collect notes of any enquiries, complaints or comments you make to the council. - Where they are relevant to the services we provide, or where you provide them to us, we may process copies of documents to prove your age or identity where the law requires this (such as your passport and driver’s license). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
- Where we pay you for a contract or activity financial identifies such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers and claim numbers. It is always your choice whether you share such details with us.
- We may include sensitive or other special categories of personal data such as criminal convictions, racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received, political beliefs, trade union affiliation, genetic data, biometric data and data concerning sexual life or orientation if that is relevant to your contact with the council and our response. See below re sensitive personal data.
Sensitive personal data
These types of data are described in the GDPR as “Special categories of data” and require higher levels of protection. The council needs further justification for collecting, storing and using this type of data.
For example: information about your physical or mental health, your racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation.
In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
4. When do we collect your personal data?
- When you contact us by any means for any reason.
- When you ask us to email you information about our work.
- When you book any kind of appointment with us.
- When you fill in any forms for us.
- When you have given a third party permission to share the information they hold about you.
- We collect data from publicly available sources (such as Electoral Register) to inform our work or from sources such as the Lands Registry when you have given your consent to share information or where the information is made public as a matter of law.
5. Why we use your personal data
- To deliver public services. To understand your needs to provide the services that you request and to understand what we can do for you and inform you of other relevant services.
- To confirm your identity in relation to provision of some services.
- To contact you by post, email or telephone.
- To prevent and detect fraud and corruption in the use of public funds and where necessary for law enforcement purposes.
- To enable us to meet all legal and statutory obligations including any delegated functions.
- To conduct safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice. The aim being to ensure that all children and adults-at-risk are provided with a safe environment and to protect individuals from harm and injury.
- To promote the interests of the council and to maintain our own accounts and records.
- To seek your views, opinions or comments and to notify you of changes to our facilities, services, events, councilors and other role holders.
- To send you communications which you have requested.
- To process relevant financial transactions including grants and payments for goods and services supplied to the council.
- To allow the statistical analysis of data so we can plan the provision of services.
- If you wish to change how we use your data, you will find details in the “What are my rights?” section below.
- Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
- You have a right to access any personal data we hold about you.
6. How we protect your personal data
We know how much data security matters and we treat your data with the utmost care and take all appropriate steps to protect it.
- We secure access to all transactional areas of our website using ‘https’ technology.
- We employ the appropriate software on all our computer systems to ensure that they are protected from infiltration by unauthorised outside parties. All systems have strong password protection and where necessary data is encrypted. Protection software is maintained to the latest level at all times.
7. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. We will keep some records permanently if we are legally required to do so.
We may have legal obligations to retain some data in connection with our statutory obligations as a public authority
For example: The council is permitted to retain data in order to defend or pursue claims. In some cases the law imposes a 3 year time limit (for personal injury) or 6 years for contract claims.
We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim.
8. Who do we share your personal data with?
We may share your personal data with trusted third parties, such as:
Other local authorities, Community groups, Charities, Not-for-profit organizations, credit reference agencies, contractors, for fraud management, to handle complaints, and so on.
We may need to share your personal data so that they can carry out their responsibilities to the council to perform their specific services.
For example: We could be carrying out a joint venture in relation to events in the community.
- If Brompton Regis parish council and/or any of the above organizations also hold your data then we are collectively responsible to you for your data.
- Where each of the parties listed above are processing your data for their own independent purposes than they have an obligation to you to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data.
- If you have any questions or wish to exercise any of your rights or wish to raise a complaint, you should do so directly to the relevant party.
9. Where your personal data may be processed
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
10. What are your rights over your personal data?
An overview of your rights
Access to the personal data we hold about you, and why we hold it. Your request will be responded to within one month. It may sometimes be necessary to provide a holding reply, for instance if the Clerk is on leave. There are no fees or charges for the first request but additional requests for the same personal data which are manifestly unfounded or excessive may be subject to an administration fee.
Correction or deletion of your personal data when incorrect, out of date or incomplete. When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it to comply with a legal obligation).
If you ask for processing of your personal data or remove your consent for processing it we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent by contacting our Clerk.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
To lodge a complaint with the Information Commissioner’s Office.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or online at www.ico.org.uk/concerns
11. Contact details
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, or you wish to exercise your rights at any time please contact our Data Protection Officer who will be pleased to help you:
Email us at: clerk@bromptonregispc.org.uk
Write to us at: Brompton Regis Parish Clerk, 3 Sminhays Cottages, Brendon Hill, Watchet, TA23 0LG
Policy last updated 22/1/2024