Privacy Notice For Mettingham Parish Council

1. Introduction

Mettingham Parish Council have provided this privacy notice to help explain why and how we collect, use and protect your information whilst acting as a Parish Council. The use of your personal information is important to you and us, and the purpose of this document is to clearly acknowledge the Mettingham Parish Council responsibilities in relation to the General Data Protection Regulation (GDPR) and the additional provisions set out in the UK Data Protection Act.

 

This Privacy Notice applies to all personal information held by us in all formats, and applies to all employees, elected members, contractors, agents, representative and temporary staff, working for or on behalf of body.

2. Definitions

Personal Data means any information related to an identified or identifiable natural (living) person (‘data subject’) i.e. a person that can be directly or indirectly identified by reference to a name, ID reference number, email address, location data, or physical, physiological, genetic, mental, economic, cultural or societal identifier

 

Special Personal Data previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation.  Records of criminal personal data must also be treated in a similar way.

 

Data Controller determines the purposes and means of processing personal data.

 

Data Processor is responsible for any operation which is performed on personal data on behalf of the controller e.g. collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

 

Third Party is someone / somebody who is not the Data Controller, the Data Processor or the Data Subject.

3. Who we are

Local Councils (Town and Parish Councils) are the first tier of governance and are the first point of contact for anyone concerned with a community issue. Local councils are democratically elected local authorities, and they represent concerns of local residents and provide services to meet local needs. Our responsibilities include looking after community buildings, planning, street lighting and allotments.

 

Mettingham Parish Council are the ‘data controllers’ for the information which is collated and processed. This means we are responsible for deciding how we can use your information.

 

We regard lawful and correct treatment of personal information as critical to our successful operations, maintaining confidence between us those with who we carry out business.

 

If you have any questions concerning your personal data, please contact the Parish Clerk.

4. How the law protects you

GDPR says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it with other parties. The GDPR states we must have one or more of these reasons:

  • Statutory obligation or legal duty;
  • To fulfil a contract we have with you;
  • We have a legitimate interest; or
  • We have your consent.

 

More information on how the law protects you can be found on the ICO website.

5. Our Responsibilities

GDPR Article 5 provides us with the main responsibilities to abide by, to ensure that personal data is:

  1. Processed lawfully, fairly and transparent;
  2. Collected for specified, explicit and legitimate purposes;
  3. Adequate, relevant and limited to what is necessary;
  4. Accurate and kept up to date;
  5. Kept for no longer than is necessary; and
  6. Processed securely.

 

For further information on our responsibilities, please see the ICO website.

 

We aim to ensure we treat personal information correctly, in accordance with the law.

 

All personal information provided by you is held securely and in confidence by us in our computerised and other records. We maintain strict security standards and procedures with a view to preventing unauthorised access to your data. All our staff and all third parties we may hire are required to observe our privacy standards.

 

The GDPR states that special personal data requires more protection and additional conditions for processing. We will process any special personal information only for the purposes for which you provide it, unless permitted by law.

 

Breaches

The councils will always treat any data breach as a serious issue, and all potential breaches will be thoroughly investigated. If you need to report a breach, please contact the Parish Clerk.

6. Your Rights

The GDPR provides you with the following rights:

The right to be informed

You have the right to be informed about the collection and use of your personal data, and this outlined in this privacy notice.

The right of access

You have the right to request access to the personal data we may hold about you.

The right to rectification

You have the right to request that inaccurate personal data we hold is rectified.

The right to erasure

In certain circumstances, you have ‘the right to be forgotten’ and have your personal data erased.

The right to restrict processing

In certain circumstances, you have the right to request the restriction or suppression of your personal data.

The right to data portability

In certain circumstances, you have the right to request to obtain your own personal data for your own use or to give to other organisations.

The right to object

In certain circumstances, you have the right to object to your personal data being collated, stored and processed.

Rights in relation to automated decision making and profiling.

You have the right to request that we do not make our decisions based on solely an automated process, and you can object to an automated decision and ask that a person reviews it in certain circumstances.

The right to withdraw of consent

In our discretionary service provisions, you have the right to withdraw your consent at any time.

The right to complain

You have the right to complain through our complaints procedure, and then the Information Commissioner.

Any requests in relation to your rights with regards to the personal data we hold should be made verbally or in writing to the [Town / Parish contact information].

 

For further information on your rights, please see the ICO website.

7. Your responsibilities

You are responsible for making sure you give us accurate and up to date information, and to let us know if any personal information we hold is incorrect.

8. When do we collect information about you?

We collect information about you from different places, including:

  • Directly from you;
  • From a third party;
  • From publicly available sources;
  • From other organisations or agencies.

 

We will only collect your personal information in line with the relevant regulations and the law, and this may relate to any of our statutory or discretionary services you apply for, currently hold or have held in the past.

 

We will obtain personal information through a number of different mediums such as telephone, email, in person, post, or online. At the point of data collection, the lawful basis for processing will be determined and explained.

 

To fulfil our statutory obligations, we will have to collate and process your personal data. Where we are providing discretionary services, or we are entering into a contract with you, if you choose not to give us your personal data it may delay or prevent us from fulfilling this role.

9. What personal information do we collect?

Depending upon the service we are delivering, we may hold; your name, address, email address, telephone number, views / opinions.

10. How do we use your information?

We require your personal information for a number of statutory and discretionary obligations and we will not use your personal data for other purposes other than for what it was collated unless we have obtained your consent or for other lawful purposes (i.e. detection and prevention of fraud).

 

11. How long do we keep your information?

We will hold your personal information in accordance with statutory responsibilities and contractual requirements

  • Minutes and agendas
  • Bye Laws
  • Planning

 

12. Data Sharing

We may share your personal information with third parties when the law allows or when we have gained your consent. Where personal information is shared, it will be shared in a secure manner. The council will be transparent and as open as possible about how and with whom data is shared with what authority and for what purpose.

13. Transferring your information overseas

Currently, we do not transfer any personal information outside of the European Economic Area (EEA).