Uttlesford District Council Overarching Privacy Notice
This privacy notice explains how Uttlesford District Council, (as a Data Controller) collects, uses and protects personal data that we hold.
Your personal data
Personal data is any information relating to a living person who can be identified from that data directly or indirectly such as name, photograph, identification number, location data or online identifier. There are also special categories of personal data referred to as 'sensitive personal data' and the categories include genetic data, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.
The processing of personal data is governed by the principles set out in General Data Protection Regulation (the GDPR) 2016 and the Data Protection Act 2018.
Who we are
Uttlesford District Council is the data controller. This means it decides how your personal data is processed and for what purposes.
How we process your personal data
We comply with our obligations under the GDPR and the principles of the Data Protection Act (DPA) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the GDPR and DPA, we have a legal duty to protect any personal data we collect from you. We will use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.
The legal basis for processing your personal data
The legal basis for processing your personal data will depend on the reasons for collecting it. Generally, the legal basis for processing by the council as a public authority will be:
- To perform a function or provide a service required by statute;
- To comply with a legal obligation;
- Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- Where disclosure is in the vital interests of yourself or another person;
- With your explicit consent;
- In very limited circumstances, the council may be able to rely on 'legitimate interest' of the Authority but only when these interests override those of the individual and when the council is not acting in its role as a public authority.
Sharing your data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other departments within the council to deliver services and with other local authorities. Personal data may be shared where necessary with other organisations that provide services on our behalf such as contractors carrying out repairs to council houses. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
Sometimes we have a legal duty to disclose your information to other organisations or make it available in a public way. This is often because it forms part of an application or legislation requires it or where court orders are in place. In these situations we do not have an option but will be clear about how we use your information.
In most cases we will not disclose your personal data without your consent; however there are situations where consent would not be required such as when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:
- for the detection and prevention of crime/fraudulent activity
- if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
- where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality
On occasions the council will undertake research into various topics. When using personal data for research purposes, the data will usually be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.
We do not sell personal information to any other organisation for the purposes of direct marketing.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep data for a set time period. However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
a. Right of access: to request a copy of your personal data which we hold about you.
b. Right to rectification: to request that we correct any personal data if it is found to be inaccurate or out of date;
c. Right to erasure: to request that your personal data be erased where it is no longer necessary for us to retain such data;
d. Right to withdraw consent: to withdraw your consent to the processing at any time (this will only apply in certain circumstances; please contact the council's Data Protection Officer who will explain if your consent can be withdrawn).
e. Right to data portability: to request that we provide you with your personal data and where possible directly to another controller (where applicable)- please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you; and in either case where we process the data by automated means;
f. Right to restrict processing: to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
g. Right to object: to object to the processing of personal data (where applicable) - please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/ exercise of official authority); direct marketing and processing for the purposes of scientific / historical research and statistics;
h. Right to complain: to lodge a complaint with the Information Commissioner's Office.
Subject Access Request
You can access the personal information that we hold about you at any time by submitting a Subject Access Request (SAR) to the council.
Submit a request
Your request should be in writing and clearly specify the information you require.
Online
Complete our Subject Access Request form.
Email: dpo@uttlesford.gov.uk
Post
Uttlesford District Council
Council Offices
London Road
Saffron Walden
CB11 4ER
What you can ask for
You can ask to change information you think is inaccurate, you should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
If you would like to make a request in regards to the processing of your personal data please contact the Data Protection Officer. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the council's Data Protection Officer.
Email: dpo@uttlesford.gov.uk
Data Protection Officer
Uttlesford District Council
Council Offices
London Road
Saffron Walden
CB11 4ER
If having exhausted the complaints process you are still of the opinion that your request or review has not been dealt with satisfactorily, you can complain to the Information Commissioner's Office.
Telephone: 0303 123 1113
Information Commissioner's Office
Wycliffe House
Water Lane
Wimslow
SK9 5AF