Derbyshire Dales District Council
Privacy Notice - May 2018
How we use your information
This privacy notice tells you what to expect when Derbyshire Dales District Council collects personal data/information. Personal data is your name plus other information about you such as your home address, email address, telephone number and additional personal details.
The Council uses information about individuals to carry out specific functions that we are legally responsible for. This privacy notice applies to information we collect about:
People who use regulatory/statutory services that we are obliged to provide e.g. planning, environmental health, licensing, electoral registration, bin collections etc.
People who choose to use our services e.g. purchasing tickets for events, signing up to receive information alerts etc.
Those who wish to make a complaint about a council service.
Those who make requests for information under data protection and freedom of information.
People who apply to join the Council’s housing register or who apply for help because they are homeless.
People whose image is captured by Council owned CCTV or through photography or through the use of voice recording systems..
Job applicants and our current and former employees.
Current and former Elected Members.
Visitors to our website.
In many instances the Council has a legal basis to process your personal data, for instance payment of Council Tax or registration of electors. However some services are nonregulatory and people may choose to receive such services from us, for example pest control or leisure activities.
One of our core functions is to safeguard and manage your personal data and ensure it is held safely and securely to ensure we protect your personal identity at all times.
Personal data may be captured by us when you:
Complete an application form for one of our services.
Send us a letter, fax or an email.
Telephone our offices.
Call into one of the Council buildings and speak to one of our staff.
Attend an interview.
Attend public meetings run by us.
Register to use electronic communications.
Submit information on-line or through creating an on-line account.
Personal data about you may also be provided through one of our partners or other third parties who have authority, or have asked your permission to transfer your data to us.
Some data that we collect about you may be sensitive, for instance information about your health or disability or about your religious belief. We will only ask for this data if there is a legitimate need for us to have such information to deliver services to you. Occasionally the Council may collect equal opportunities monitoring information, for example as part of recruitment of staff or monitoring usage of specific services. Such data will be kept anonymous and separate from customer/employee records.
For certain services we are required to collect financial/banking data to enable us to either make a payment to you or to take payment for services we provide. This data will be kept secure at all times and will be subject to additional security procedures. We use a range of different financial service providers to process such data including Lloyds Bank, Nat West Bank, Santander Bank and the Post Office.
Details of the data we collect and the reasons why we collect it can be found at http://www.derbyshiredales.gov.uk/your-council/data-information/data-protection
How we store your personal data
Your personal data will be stored electronically or in hard copy files as appropriate. The Council uses a variety of different systems to process and store personal data.
The majority of personal data held electronically is stored on databases that are located within the Council. Some data may be stored outside the Council on servers within the UK but are subject to strict government standards of security. From May 2018 if your personal data is stored outside of the UK we will notify you when you initially make contact with us.
Our delivery partners
Derbyshire Dales District Council has a number of partners who deliver services on our behalf. If these partners have access to and process personal data these are classed as third party processors.
Arvato CRM Solutions who are based in Chesterfield deliver benefits administration and collect business rates and council tax on behalf of the Council. Arvato also process receipt of monies for the Council and accounts payable.
Serco are contracted to deliver domestic and commercial waste collections for properties within the district. Serco employees only have property details and do not routinely have access to personal data. Occasionally customer data will be shared with Serco employees to resolve issues. This will be provided in a safe and secure manner.
Derbyshire Building Control Partnership provides a service to residents and businesses across the district and has access to building related data. Some of that data may include personal data of residents e.g. details of people building an extension to a property or installing a wet room for a disabled person.
The Council is currently in the process of outsourcing the management of its Leisure centre which will create a new delivery partner. Current customers will be notified of the new arrangements for personal data.
Our partners may also sub contract some of the services they are responsible for to others e.g. printing of council tax bills, outstanding debt collection etc.
All partners and sub-contractors handling personal data must meet high standards of security.
Sharing personal data
In general the Council will not share your personal data without your consent. However it is required to share some data with other local authorities and government bodies/agencies or other third parties. This will only be done in line with the Data Protection Act. The following is an example:
Data matching purposes to prevent and detect fraud and corruption.
The Council will inform you at the point of collection if you data will be shared routinely with other bodies that have a right to that data.
The Council does not routinely share your data amongst its various departments without your prior knowledge and consent. This is because personal data is provided for specific purposes and not for use across the whole Council or its partners. If we feel it will be of value to share data with another department we will explain this to you.
Occasionally we will be required under law to share personal data with other organisations such as the Inland Revenue, Police, courts etc. We may also have to share information with our insurers and their associated Solicitors should you make a claim against the Council. Any information being shared will be transferred in a secure manner with appropriate audit trails in place.
Our Housing Strategy team are part of a partnership for the delivery of advertising and letting of properties. The Home-Options system is jointly owned by a number of councils and allows access to Registered Providers in the East Midlands. Each Council is responsible for their own data sets but given the nature of the service, data is routinely shared amongst the partners.
A number of information sharing agreements are also in place that allow data to be shared amongst named organisations. You will be informed about any such agreements when you provide your data to us. Some agreements though are for the purpose of the detection and prevention of crime or emergency aid or child protection. In these circumstances you may not be notified that sharing will take place.
The Council will not use your personal data to market services to you unless you have given your explicit consent to receive such information.
With the exception of the Register of Electors we will never sell your personal data to others. The Council is required to make available for sale the Register of Electors to certain groups of people.
If you have given the Council permission to send you detail of our services via email or text message you have a right to ask the Council to stop sending information in this way.
Withdrawal of consent
The Data Protection Act gives individuals a right to withdraw consent to the processing of personal data. This does not however apply to regulatory services that we have a legal obligation to provide or when we are fulfilling a contract to deliver a service to you. Consent can only be withdrawn for services that you have chosen to subscribe to such as electronic newsletters, on-line consultation exercises, promotional emails etc. We will process consent withdrawal requests as soon as we are physically able to do so.
Retention of your personal data
The Council will retain your personal data for a set time. The length of time will depend on the type of data being collected. When the retention period has elapsed your data will be deleted or destroyed in a secure manner. The Council’s retention policy can be found at http://www.derbyshiredales.gov.uk/your-council/data-information/data-protection
Visitors to our website
Use of automated decision makingIn general the Council does not use automated decision making as part of processing your personal data. If automated decision making is to be used then you will be notified on initial contact with the Council.
Access to your own personal data
Derbyshire Dales District Council tries to be as open as it can be in terms of giving people access to their personal data. Individuals can find out if the Council and its delivery partners hold any personal data by making a Subject Access Request under the Data Protection Act.
Deletion of personal data
You have a right under certain circumstances to ask the Council to remove the data that they hold on you. However many services that the Council provide are regulatory or statutory services which require data to be retained. As such, all requests to have data removed will be dealt with on their individual merit.
Our Data Protection Officer
In line with the regulations for public authorities the Council has assigned the Data Protection Officer responsibility to the Director of Resources
This post is supported by an Information Governance Officer and data protection is monitored by an internal Information Governance Board.
The Data Protection Officer is part of the Corporate Leadership Team and can be contacted at email@example.com or by phone on 01629 761245 or in writing to Data Protection Officer, Derbyshire Dales District Council, Town Hall, Bank Road, Matlock Derbyshire, DE4 3NN.
Privacy notice review
This Privacy Notice will be kept under regular review to ensure that it is fit for purpose.
Other sources of advice and guidance
The Councils Data Protection Policy can be found at http://www.derbyshiredales.gov.uk/your-council/data-information/data-protection. This outlines the Councils role and responsibility for data protection.
Further information on data protection can be found on the Information Commissioners website at https://ico.org.uk