Overarching privacy notice
This privacy notice explains the different types of data we may collect, how we may collect it, our lawful basis for processing, who we may share data with and how we manage personal data in relation to storage and retention. Please note this is an overarching privacy notice. Individual services have in place specific service privacy notices to make data processing more transparent.
Why we collect personal data
Wyre Council is committed to complying with the Data Protection Act and the General Data Protection Regulations (GDPR) 2016. Looking after personal data is very important to us, and we want you to be confident that your personal data is kept safely and securely and that you understand how we are using the data we hold about you. In order to carry out our duties as a local authority we have to collect a vast amount of personal data for the following reasons;
- To deliver our statutory and non-statutory services and fulfil our legal obligations
- To prevent and detect fraud and crime and assist with law enforcement functions
- To process financial transactions including grants, payments and benefits, or where we are acting on behalf of other government bodies
- To protect individuals from harm and injury and
- To seek opinions and feedback about the services we provide
Wyre Council is registered with the Information Commissioner as a Data Controller, which allows us to process the data specified in our application. Our registration number is Z5682712.
The type of information we collect and how we collect it
In order to carry out the council’s responsibilities we will need to collect a variety of different types of data. This may include ‘personal data’ such as your name and address, a date of birth, your bank account details, or maybe an email address. We may also need to collect more ‘sensitive’ personal data, known as ‘special category data’ for example details relating to health and social care. Whatever data the council collects, the council will endeavour to process the data lawfully, fairly and in a transparent manner.
There are a number of different ways the council may collect your data; we may collect it over the phone or via email, we may use an online form or by monitoring our CCTV systems. Data may be collected directly from you or we may have gathered it from other sources, for example the police or a utilities company. However we collect data, please be assured that we will only collect what is relevant and will ensure it is limited to what is necessary. In retaining your data, the council will ensure that it is stored in the most appropriate filing system to ensure the data can be easily accessed and where necessary kept up to date. We will also take appropriate measures to safeguard your data and implement security standards and controls to prevent any unauthorised access to it.
Our lawful bases for processing
The council is required to ensure all personal data is processed lawfully, fairly and in a transparent manner. Processing is only lawful if there is a lawful basis for doing so. The council has to find and document their lawful basis for processing your data. Article 6 of the GDPR sets out the lawful bases for processing, namely:
- Consent: the individual has given clear consent for the council to process their personal data for a specific purpose
- Contract: the processing is necessary for a contract the council has with an individual, or because they have asked the council to take specific steps before entering into a contract
- Legal obligation: the processing is necessary for the council to comply with the law
- Vital interests: the processing is necessary to protect someone’s life
- Public task: the processing is necessary for the council to perform a task in the public interest or
- Legitimate interests: the processing is necessary for the council’s legitimate interests or the legitimate interest of a third party unless there is a good reason to protect the individuals personal data which override those legitimate interests
If the council is processing ‘special category data’, we will also need to identify both a lawful basis for processing under Article 6 of the GDPR and satisfy a specific condition for processing in compliance with Article 9 of the GDPR.
How we may share your data
To ensure that the council provides you with an efficient and effective service and meets all of its statutory responsibilities we may sometimes need to share your personal data internally within the council as well as externally with other third party organisations, these may include, but not exclusive to, other local government bodies, the NHS, police, HMRC, DWP, the courts, legal representatives, contractors and other community organisations. A privacy notice will usually set out who your data is shared with, unless an exemption is applicable.
The council is also required by law to protect the public funds it administers. We may share information you have provided to us with other bodies responsible for auditing or administering public funds, for the prevention and detection of crime. This may include the Cabinet Office, the council’s external auditors, the Local Government Association or the Department for Communities and Local Government.
Service specific privacy notices will inform the data subject with whom the council will be sharing their personal data with and we will strive to ensure that the third party has the necessary technical measures in place to protect the data and that these responsibilities are documented within a contract, service level agreement or data sharing agreement.
If we wish to use or share your data for any purpose other than for the reason it was originally collected and communicated to you, we will inform you to either gain consent or provide you with our lawful basis for processing such data.
At no time will your information be passed to organisations external to Wyre Council for marketing or sales purposes or for any commercial use without your prior explicit consent.
The use of personal data for marketing
We will only send you information about our services and/or products if you have given us your consent to do so. You can opt out/unsubscribe at any time by contacting the council.
How long will we keep your personal data
The amount of time personal data is kept before being disposed of will vary depending on why it was collected, how it is used, and in line with any legislation or regulatory timescales. Our service specific privacy notices and information asset registers will give you more details about how long your personal data will be kept for. Please contact the council’s Data Protection Officer if you wish to view any of these documents.
What your rights are as a data subject
As a data subject you have the following rights under the GDPR:
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Further information on these rights can be obtained visit the Information Commissioner’s website or contact the council’s Data Protection Officer to exercise these rights.
Use of CCTV
CCTV is installed across the borough in our town centres and also in some of our council premises for the purposes of public and staff safety and the prevention and detection of crime. Signs are displayed notifying the public and staff that CCTV is in operation. The signage provides details of who to contact for further information about the images captured.
We will only disclose CCTV images to third parties for the purposes of public safety or for the prevention and detection of crime. CCTV images will not be released to the media for entertainment purposes or placed on the internet. You have the right to see CCTV images of yourself and be provided with a copy of the images. Please contact the council if you wish to do so and the necessary arrangements will be made.
A cookie is a small text file that is sent from a website to your computer (or mobile device) when you visit certain web pages. A cookie is not a program and in its most basic form a cookie just stores the name of the website you visited, and a unique user ID. It cannot be used to identify you personally.
Transfers to third countries
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as the US. This is a transfer to a “third country”. We will endeavour to tell you if your data is being held or shared with a third country and we will ensure the appropriate contractual provisions are in place to ensure that there are strict rules regarding both the confidentiality and security of your information.
The council may also work with suppliers and partners who make use of cloud and/or hosted technologies. We will endeavour to undertake data security due diligence on our partners and ensure that these partners conform to appropriate accreditations.
Changes to this privacy notice
We may change this privacy notice from time to time in order to reflect changes in the law and/or our privacy practices. Following any changes, the updated notice will be published on our website. This privacy notice was last updated on the 21 May 2018.
How to contact us
The council has nominated the following Data Protection Officer who will be able to answer any questions you may have in relation to how the council handles your personal data or if you need to make a complaint if you think the council has not handled your data correctly:
Data Protection Officer
Tel: 01253 887372