Corporate Information Governance Privacy Notice

Information collected by us
The information we collect from you will be the minimum we need to deliver our service and will include the following personal data:
•  name
•  address
•  contact details
•  date of birth
•  proof of identity (we ask for this in relation to a data subject  requests)
•  Images of you (we ask for this in relation to CCTV footage requests)

Once you have provided the necessary information to locate the material you have requested, we seek out and collate information from all service areas of the council that are holding information as described in your request. If your request is a data subject request, this means we are likely to obtain and process all the information held by a service area about you. This includes Children’s Services, Revenues and Benefits Services, Housing Services, Adult Social Care, Legal Services, Planning and Regeneration etc. The information we obtain can therefore include both personal and special category information about you. You should view each services individual Privacy Notices to see what information they are processing about you as appropriate.

We collect your personal information for the following purposes:
•  The processing of Freedom of Information requests
•  Responding to Data Subject Requests
•  Responding to requests for information covered by the Environmental Information Regulations
•  Dealing with all Data Protection matters including any alleged data security incidents and /or personal data breaches

We will hold your personal information for 3 years. At its expiry date the information will be reviewed, and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this your personal information will be securely destroyed.

The lawful basis on which we collect and use your personal data is that
•  Processing is necessary for compliance with a legal obligation
•  Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We also process special category data, and the condition for processing this is
•  processing is necessary for reasons of substantial public interest and is authorised by domestic law.

This is supported by Section 10 of the DPA 2018, particularly Schedule 1, Part 2 – Substantial Public Interest conditions, paragraph 6 (statutory etc and government purposes) (2)(a). Where the relevant access regimes detailed in UK GDPR, DPA 2018, FOIA and EIR place a statutory obligation on the council to comply with requests for information.

We hold the information in line with the following legislation:
•  Freedom of Information Act 2000
•  Environmental Information Regulations 2004
•  Data Protection Act 2018
•  UK General Data Processing Regulation (UK GDPR)

We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. We may share information with the following for these purposes:
•  The Information Commissioner
•  The Local Government and Social Care Ombudsman
•  Other internal council departments
•  Local health providers
•  Other local councils