One of the biggest changes to UK data privacy law comes into effect on 25 May 2018. The General Data Protection Regulation (the GDPR), means that the individual will have more control over how their data is used and will ensure that organisations protect personal data better. To reflect these changes and new obligations, as a data controller registered with the Information Commissioner's Office (reference number: ZA381290), Bishton Community Council (the Council) has prepared this new Privacy Notice which now explains what we do with personal data, how it's used and the rights of an individual under the new law. Many documents are now only held electronically so the same arrangements will be applied to an electronic document as for paper documents.
Alongside updating our Privacy Notice, the Council has also taken this opportunity to update our policy on Document Retention in order to ensure that we only retain documents for appropriate timescales and destroy securely, documents which are no longer of use or relevant.
All bodies require at least one lawful basis for processing personal data. The Council intends to rely principally on the basis prescribed in the new law that the work we carry out is a “public task”. The Council performs public functions and exercises powers that are set out in law, in the interests of the residents of our area. We believe this basis will apply to almost all the data processing we perform, but on occasion we may choose to rely on an alternative or supplementary legal basis under the GDPR, which we will explain if and when these arise.
This Privacy Notice does not provide exhaustive detail of all aspects of the Council’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for such information should be sent to the Clerk via the Contact Us page.
People who use Bishton Community Council services
The Council will need to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have an allotment plot to see if they would be interested in being an allotment representative or assisting with events on the allotment site. In line with the Council’s Document Retention Policy, we would also only hold details of individuals for as long as it is required.
Job applicants, current and former employees
When individuals apply to work at the Council, we will only use the information they supply to us to process their application. Where we want to disclose information to a third party, for example, where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau, we will not do so without informing them beforehand unless the disclosure is required by law. Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted in line with the Council’s Document Retention Policy.
Once a person has taken up employment with the Council, we will compile a file of personal data relating to their employment. The information contained therein will be kept secure and will only be used for purposes directly relevant to that person’s employment. For example, we will hold bank account details in order for salaries to be processed and paid in a timely manner or, reimbursement of costs reasonably incurred in the performance of duties. We will necessarily need to share some of this information with our payroll service provider who is also obliged under the GDPR to keep these details securely.
It is a requirement of the role of Clerk that some personal information will necessarily be made public on the Council’s website and correspondence. For example, a contact telephone number and/or home address. Additionally, all data stored on the Clerk’s computer is password protected.
Once their employment with the Council has ended, we will remove contact information from the Council’s website and retain the information file in accordance with the Council’s Document Retention Policy, prior to destruction or deletion.
Bishton Community Councillors
Once a person has taken up the role of Community Councillor a file of personal data will be compiled. The information contained therein will be kept secure and will only be used for purposes directly relevant to that person’s duties. For example, we will hold bank account details in order for reimbursement of costs reasonably incurred in the performance of duties, we will hold email contact details in order to disseminate information to Councillors necessary for the conduct of the Council’s affairs.
It is a requirement of the role that some personal information will necessarily be made public on the Council’s website. For example, contact details (e-mail address and telephone number) and a Register of Interests of Councillors.
Once a person ceases to be a Councillor, we will remove contact information from the Council’s website and retain the information file in accordance with the Council’s Document Retention Policy, prior to destruction or deletion.
All data stored on the Clerk’s computer is password protected.
Providers of services to the Council
Where services required by the Council have been put out to tender, we will only use the information from suppliers to evaluate proposals. Information from unsuccessful suppliers will be held retained after the tendering exercise in accordance with the Council’s Document Retention Policy, prior to destruction or deletion.
Once a supplier has been selected, the Council will compile a file of data relating to the provision of the service. The information contained therein will be kept secure and will only be used for purposes directly relevant to the contract. For example, we will hold bank account details in order for payment or data to enable contract performance monitoring.
Once a supplier has completed a contract, we will remove contact information from the Council’s website and retain the information file in accordance with the Council’s Document Retention Policy, prior to destruction or deletion.
Visitors to our website
The Council uses a third party, Vision ICT, to host our website and collect anonymous information about users' activity on the site. For example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. If you are a user with general public access, the website does not store or capture personal information, but merely logs a number called an IP address which is automatically recognised by the system.
The website employs cookie technology to help log visitors to our web site. A cookie is a string of information that is sent by a website and stored on your hard drive or temporarily in your computer's memory. The information collected is used for the administration of the server and to improve the service provided by the website. No personal information is collected or stored this way so this information cannot be used to identify individuals. You can manage these cookies as you wish, you can even decide to stop the site from using them. but you may be asked for information again. To learn more about cookies and how to manage them visit aboutcookies.org
This Privacy Notice only covers the Council’s website. The Council does not give any guarantees about the accuracy of the content or the security of any other website that you may access through a link on our website. If you visit other websites in this way, you should read their privacy notices covering the use of personal information.
People who contact us via email, social media
If you send the Council a private or direct message via email or social media, the message will not be shared with any other organisations. We may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you, unless you consent to this. We suggest that you keep the amount of confidential information you send to us via email to a minimum. Please be aware however, that you have a responsibility to ensure that any such contact you make with us is within the bounds of the law.
Individuals applying for a grant
When individuals apply for a grant under the Council’s Small Grants Scheme, they submit their information in an Application Form, providing details of the proposal and an outline of the potential cost. Those who are awarded grants are asked to provide a short report and a final account of how the money was used. Any personal information that is provided in the application will only be used for the purpose of reviewing the grant application and the ongoing administration and management of any grants that are awarded. We will also publish information about projects on our website, including the amount of grant awarded, the purpose of the grant and the recipient.
Once a project has concluded, the Council will retain the information in accordance with the Council’s Document Retention Policy, prior to destruction or deletion.
Access to personal information
The Council tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about an individual, we will:
· give you a description of it;
· tell you why we are holding it;
· tell you who it could be disclosed to; and
· let you have a copy of the information in an intelligible form.
To make a request to the Council for any personal information you need to put the request in writing, addressing it to the Clerk to the Council at the address provided in the introduction to our Data Privacy Notice above. If you agree, we will try to deal with your request informally, for example, by providing you with the specific information you need over the telephone.
Disclosure of personal information
The Council tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We will encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. In most circumstances we will not disclose personal data without consent. There are however, circumstances where we can pass on personal data without consent. For example, to prevent and detect crime.
If the Council wishes to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.