This privacy notice explains how the Ashdon Parish Council collects, uses and protects personal data that we hold
Your personal data - what is it?
Personal data is any information relating to a living person who can be identified from that data directly or indirectly such as name, photograph, identification number, location data or online identifier. There are also special categories of personal data referred to as ‘sensitive personal data’ and the categories include genetic data, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.
The processing of personal data is governed by the principles set out in General Data Protection Regulation (the GDPR) 2016 and the Data Protection Act 2018
Who are we ?
How do we proces yor personal data ?
We comply with our obligations under the GDPR and the principles of the Data Protection Act (DPA) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the GDPR and DPA, we have a legal duty to protect any personal data we collect from you. We will use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.
What is the legal basis for processing your personal data ?
The legal basis for processing your personal data will depend on the reasons for collecting it. Generally, the legal basis for processing by the Ashdon Parish Council will be:
1. To perform a function or provide a service required by statute;
2. To comply with a legal obligation;
3. Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at our request prior to entering into a contract;
4. Where disclosure is in the vital interests of yourself or another person;
5. With your explicit consent
Who will your data be shared with?
In most cases we will not disclose your personal data without your consent; however there are situations where consent would not be required such as when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information.
- For the detection and prevention of crime / fraudulent activity;or
- If there are serious risks to the public or to other professionals; or
- To protect a child; or
- To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them; or
- Where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality.
When using personal data for research purposes, the data will usually be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.
We do not sell personal information to any other organisation for the purposes of direct marketing
How long do we keep your personal data?
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
a. Right of access: to request a copy of your personal data which we hold about you.
b. Right to rectification: to request that we correct any personal data if it is found to be inaccurate or out of date;
c. Right to erasure: to request that your personal data be erased where it is no longer necessary for us to retain such data;
d. Right to withdraw consent: to withdraw your consent to the processing at any time.
e. Right to data portability: to request that we provide you with your personal data.
f. Right to restrict processing: to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
g. Right to object: to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/ exercise of official authority); direct marketing and processing for the purposes of scientific / historical research and statistics;
h. Right to complain: to lodge a complaint with the Information Commissioner’s Office.
You can access the personal information that we hold about you at any time by submitting a request to Ashdon Parish Council. This request should be in writing and clearly specify the information you require.
Please email the clerk at firstname.lastname@example.org or write to Mallards, Midsummer Hill, Ashdon, Saffron Walden, Essex CB10 2LZ.
You can ask to change information you think is inaccurate, you should let us know if you disagree with something we have written. We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
If you would like to make a request in regards to the processing of your personal data please contact the Ashdon Parish clerk, details above.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
If having exhausted the complaints process you are still of the opinion that your request or review has not been dealt with satisfactorily, you can complain to the Information Commissioner’s Office or by calling them on 0303 123 1113 or writing to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wimslow, Cheshire. SK9 5AF