This document explains how Thorney Parish Council handles and processes data, what we use data for and your rights concerning your personal data.
1. What do we mean by ‘Personal Data’?
‘Personal Data’ is any information about a living individual which allows them to be identified from that data, for example through a name, photograph or email address. Identification can be through direct use of the data or by combining it with other information. The processing of personal data is governed by the General Data Protection Regulation (GDPR) and supporting legislation such as the Human Rights Act.
2. Who are we?
This privacy notice is provided to you by Thorney Parish Council, a statutory local authority which is a registered data controller with the Information Commissioner’s Office.
3. What other Data Controllers do we work with?
Thorney Parish Council also works with other data controllers, including:
- Principal Authorities (District & County Councils).
- Government Departments.
- Affiliations & Professional Bodies.
- Not for Profit Entities.
- Community Groups.
- Credit Referencing Agencies.
There may be instances where we need to share your personal data with such bodies so that they can carry out their responsibilities to the Council. In certain instances, the Council may be a joint data-controller with other organisations, and you may exercise any of your rights with any data controller who is handling your personal data. A description of what personal data Thorney Parish Council processes and for what purposes is set out within this Privacy Notice.
4. What does Thorney Parish Council process?
The Council will process some or all of the following personal data where necessary to perform its general tasks:
- Names, titles and aliases.
- Contact details (email/phones/address).
- Where relevant services are provided by the Council, or where you provide them to us, we may process information such as gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition and dependents.
- Where actives are paid for, such as hiring Council services, bank details and transaction histories.
- The data we process may include sensitive personal data.
5. How we use sensitive personal data.
We may process sensitive personal data in order to comply with legal requirements and obligations to third parties.
Sensitive Personal Data is defined under the General Data Protection Regulation as a special data category which requires a higher level of protection with all such data justified. The Parish Council may only utilise and process such data on legitimate grounds, such as:
- Limited circumstances with your written consent.
- Where we must carry out our legal obligations.
- Where it is required in the public interest.
Less commonly, we may process this type of personal data where it is needed in relation to legal claims or where it is needed to protect your interests, or somebody else’s interests and you are not capable of giving your consent, or where you have already made the information public.
6. Consent for processing sensitive personal data.
In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full details of the personal data that we would like and the reason we need it so that you can carefully consider whether you wish to consent.
7. General Compliance.
The Council has taken all necessary steps to ensure compliance with data protection legislation. Thorney Parish Council ensures that all data held is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes that we have told you about and limited to only those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purpose we have told you about.
- Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, authorized access and disclosure.
8. The Council may use your personal data for some or all of the following purposes:
- To deliver public services including to understand your needs and provide services that you request and to understand what we can do for you, informing you of any other relevant services.
- To confirm your identity in order to provide some services.
- To contact you through approved channels.
- To help us evaluate our performance as a local authority.
- To prevent and detect fraud and corruption in the use of public funds, and where necessary, law enforcement functions.
- To enable us to discharge our statutory functions as a local authority.
- To carry out appropriate safe-guarding policies.
- To promote the interests of the Council.
- To maintain the Council’s accounts and records.
- To seek your views, opinions and comments.
- To notify you of relevant changes to our facilities, Council membership and elections.
- To send you communications that you have requested or may be of interest to you.
- To process relevant financial transactions including grants and payments for goods and services and services supplied to the Council.
- To allow for the statistical analysis of Council services for future planning and provision.
9. The Legal Basis for Processing Personal Data.
The Council is a statutory public authority and holds both discretionary powers to perform tasks and statutory duties that it must complete. The vast majority of data processed by the Town Council is processed in accordance with the Council’s statutory duties. We may process personal data where it is necessary for contractual obligations to you, such as hiring or using a Council run facility. Where additional consent is required, consent will be sought prior to the data being used.
10. Sharing your personal data.
This section provides information about the third parties with whom the council may share your personal data. These third parties have an obligation to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data. It is likely that we must share personal data with:
- Approved data controllers and contracted agents, such as Information Centre partners.
- Our agents, suppliers and contractors where contractors provide services on our behalf such as newsletter distribution.
- On occasion, with other local authorities or not for profit bodies with which we are carrying out joint ventures, such as partnership working with other Councils.
11. Data Retention.
We will keep some records permanently if we are legally required to do so. We may keep other records for an extended period of time on legitimate public interest grounds. A full schedule of document retention periods is detailed in our Data Retention Policy.
12. Your Rights Concerning Personal Data.
You have statutory rights concerning the use and management of your personal data. When exercising your rights and in order to process any request made by you, we may need to verify your identity for your security. In such cases we will need you to supply the Council will proof of your identity before exercising your rights.
I. The right to access your personal data held by the Council (Subject Access Request)
At any point you can contact the Council to request a copy of any of your personal data held by us, as well as why this information is being held, and where the information was obtained from. Requests will be responded to within a 30 day window.
There are no fees or charges for making a Subject Access Request. Excessive requests which are manifestly unfounded or malicious may be subject to administration fees or refusal.
II. The right to correct and update the personal data we hold on you.
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
III. The right to have your personal data erased.
If you feel that the Council should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold. When we receive such requests, we will confirm whether your data has been deleted, or the reasons as to why it cannot be deleted.
You should note that a request to erase your personal data may impact on the services provided to you by the Council, and you may be required to supply your personal data again if you wish to use Council services.
IV. The right to object to the processing of your personal data or to restrict it to certain purposes only.
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request, we will contact you and let you know if we are able to comply or if other legal obligations prevent us from ceasing the processing of data.
V. The right to data portability.
You have the right to request that we transfer some of your data to another controller. We will comply with your request where it is feasible to do so, within one month of receiving your request.
VI. The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
You can withdraw your consent easily by telephone, email or by post (see contact details below)
VII. The right to lodge a complaint with the Information Commissioner’s Office (ICO).
You may contact the Information Commissioners Office on 0303 123 1123 or at the Commissioner’s Office Address:
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If we wish to use your personal data for a new purpose not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing.
Contacting us about this policy.
This policy is overseen and enforced by the Parish Council’s Data Controller. If you have questions concerning Data Protection, please contact the Data Controller:
Anthony Hovell, Parish Clerk, 9, Laurel Drive, Thorney, Peterborough PE6 0QT
Review Date: 14/09/2023