Data Protection 2018 Privacy Notice
Who are we?
Dunkeswell Parish Council acts as ‘Data Controller’ for any personal data you provide us with. This means we will ensure that data you give us is processed in line with our Organisations policies and ensuring your rights under the new Data Protection laws including the General Dat Protection Regulations, Data Protection Act 2018.
Should you have any queries regarding this Privacy Notice or the data we may hold about you please contact the Parish Clerk at firstname.lastname@example.org, Telephone 01404 892757 or by post to Dunkeswell Parish Council, ℅ 16 Liberator Way, Dunkeswell, Devon, EX14 4XF.
What information are we collecting?
Personal Data is any information that can identify you, where you live or work and includes written, photographic, video, email address & telephone number for example. It could be information directly from yourself or indirectly from another agency for example ;- Planning Application where we gain all or some information or an email enquiry.
Personal data includes names, titles, aliases, photograph’s, images, contact details such as phone numbers, email addresses and Home/work addresses. If relevant to the Parish Councils work we may process gender, age, marital status, work details, family composition and may include CCTV footage for the prevention and prosecution of crime.
Other information, such as criminal convictions, racial or ethnic origin, mental and physical health, details of injuries, political beliefs, trade union affiliation, biometric data and data concerning sexual life or orientation is known as Sensitive Personal Data and is a special category of data which can only be processed in certain circumstances.
The processing of Personal Data is governed by legislation which applies in the United Kingdom which includes the General Data Protection Regulation (GDPR) and other legislation relating to personal data and rights, such as the Human Rights Acts.
Principles on which this document was formed
Data must be processed lawfully, fairly and transparently.
Data is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent.
Data should be adequate, relevant and limited i.e. only the minimum amount of data
should be kept for specific processing.
Data must be accurate and where necessary kept up to date.
Data should not be stored for longer than is necessary, and that storage is safe and secure.
Data should be processed in a manner that ensures appropriate security and protection.
How we collect & use this information?
We collect your personal data in the following ways –
Direct contact with you – via email, phone call, letter, website, Facebook & Twitter
Outside agencies – Planning & Tree Applications/District Councils
We may use this information to respond to your enquiries and to communicate important information. We should always have a lawful basis for the processing of your personal data. Usually this will be for a specific purpose and with your consent. For example, we may hold your name. Address, phone number for the purpose of contacting you following a request for information from us or for invoicing and record keeping Or it may be because there is a contract between us.
We may also process your data if it is necessary to do so in order that we can perform a task which is in the public interest, has a clear basis in law or if it is a vital interest (where processing is necessary to protect someone’s life).
If we collect Personal information/data for one reason we will not use it for a different purpose without your consent, unless there is a legal basis for doing so.
Please be aware, should you choose to not provide your personal data or decide to withdraw your consent for us to use it, we may not be able to effectively respond to your request.
How we hold & store your information
Personal data we receive is held & stored securely. In some cases the information is in paper form, this can be due to the need to keep records/receipts and for contact purposes. The other way we hold personal information is in electronic form accessed via computer for example email, Planning Applications, general correspondence. The IT system belongs to the Parish Council and is password protected to protect any personal data from loss, misuse or unauthorised access.
Who do we share your Personal Data with?
In some circumstances it is necessary to share personal data with other organisations, where possible we limit/anonymise documents, but where it is necessary; we may share your details with other services & organisations. We will not share your personal details outside of our organisation unless we have a lawful reason to do so and will aim to explain when we need to do so and ensure we have your consent if that is necessary.
Please note – We do not currently transfer data outside of the European Economic Area (EAA) but please be aware our website is accessible from overseas, so any data which is publicly visible, such as a picture at a local event, may be viewed overseas.
What is meant by ‘Other Organisations’ ‘Services’ & ‘Third Parties’
Dunkeswell Parish Council (DPC) needs to works with other organisations to provide services that you may request. For Example, You may inform us that a path or bridleway is overgrown, in this instance Dunkeswell Parish Council has it’s own Footpaths Warden and the request will be processed within DPC without further communication or sharing with a third-party. However, If a pothole or street lamp is reported faulty we may find we need to pass on your details to a third-party. In these circumstances, we will however, only share the information which is needed by the other organisation and will explain when we are doing so. If we and the other data controller are processing your data jointly for the same purposes, we would be acting as joint data controllers which means we are all collectively responsible to you for your data. If the organisation is processing your data for their own independent purposes then each one will be independently responsible to you. Should you have cause to complain, you should do so directly with the Data Controller of that organisation. In all cases we may need to retain your details to provide an update if you have requested this.
How long will we hold your Personal Data?
We will keep your personal data only for as long as it is necessary to do so, keeping within the guidelines of the Data Protection Act 2018. We will keep some documentation/records permanently as we are required to do so in law. We also may retain documents for an extended period, for example Finance records, to comply with HMRC requests. DPC use the guidelines in the Retention of Documents Policy (SLCC) where various time periods cover different documents. These are destroyed/deleted on a regular basis as they are no longer needed. As a general rule, our aim is to only keep data for as long as we need it.
What Rights do you have?
You have the right to access your own information, to request amendments & deletion (under certain circumstances) of all your personal data. You can object to the processing of your data, request a copy of the information held or withdraw your consent to any processing which relies solely on your consent. If any of these apply, please contact the Parish Clerk in the first instance using the contact details at the top of this document.
How do you make a Complaint
If you need to make a complaint about the way we have dealt with your Personal Data please contact the Parish Clerk in the first instance. Please ensure you include as much information as possible in order that we can investigate this thoroughly. Your complaint will investigated in accordance with the Councils procedures.
Should you find you are still unhappy with way in which your data has been used, you can refer the matter to the Information Commissioners Office at; Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or Email; email@example.com or Telephone 0303 1231113