Privacy Notice
Ashfield District Council is registered as a data controller with the Information Commissioner's Office (ICO) (registration number: Z5623481).
Ashfield District Council is committed to protecting your privacy when you use our services. This privacy notice tells you what to expect when the council collects personal information. It also explains when and why we collect this information, how we use it, the conditions under which we may disclose it to others, how we keep it secure and what rights you have in relation to the data we hold about you.
If you have enquires about this privacy statement or about use of your personal data, you can contact us at:
Data Protection Officer
Ashfield District Council
Urban Road
Kirkby in Ashfield
Nottingham
NG17 8DA
email:DPO@ashfield.gov.uk
What is the purpose of this privacy statement?
This privacy statement tells you what to expect when Ashfield District Council collects personal data. It applies to information we collect about:
- visitors to our website
- people who register for an online account
- people who register for and use our services
- people who are referred to us by other persons, agencies, organisations
- people who contact us with an enquiry or complaint
- job applicants and our current and former employees or people who volunteer for the council
- people who participate in publicity for the council
- people who are recorded on CCTV operated by the council.
What is personal data?
Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual).
The following types of personal data may be used:
- personal contact details such as name, address, phone number, etc.
- personal identifiers such as an NHS number
- visual images, personal appearance and behaviour
- personal or professional opinions about an individual
- family details
- employment
- housing needs
- lifestyle and social circumstances
- pension or financial activity records
- offences (including alleged offences).
There are 2 classes of personal data — 'normal' personal data, as shown above and 'special categories' of personal data. Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you.
This is likely to include anything that can reveal your:
- racial or ethnic origin
- religious or philosophical beliefs
- Trade Union membership
- physical or mental health
- genetic or biometric data for the purpose of uniquely identifying a natural person
- sexual life or orientation
- political opinions.
Where 'normal' personal data is involved, the basis for processing under the UK GDPR would normally be Public Task. However, there are other bases available as necessary.
Where 'special categories' of personal data are involved, then more rigorous procedures are necessary and:
- explicit consent of the person concerned must be obtained; or
- one of the conditions in schedule 1 of the Data Protection Act 2018. For example, conditions relating to employment or the substantial public interest conditions, must be satisfied.
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer by:
- email: DPO@ashfield.gov.uk
- telephone: 01623 450000.
Notification of change of Privacy Notice
We may modify this privacy notice at any time, but if we do so, we will notify you by publishing the changes on this website (www.ashfield.gov.uk).
If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email. If, after being informed of these changes, you do not end your association with Ashfield District Council, you will be considered as having expressly consented to the changes in our privacy notice.
If you disagree with the terms of this notice, or any updated version of this notice, you may exercise your rights to end your association with Ashfield District Council, at any time. This notice was last updated in May 2018.
How do we collect and use your personal information?
Why do we collect your information?
We obtain information about you when you are registered within the district, for example, when you register to pay Council Tax, when you register for council services or when you apply for services for example, applying for a council property or to receive benefits etc.
Why do we need your personal information?
We may need to use some information about you to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- to undertake public tasks
- to uphold legal rights and obligations
- check the quality of services
- to help with research and planning of new services.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to perform public tasks
- it is necessary to perform our Legal Obligations
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes.
If we have consent to use your personal information, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact us by email at DPO@ashfield.gov.uk and tell us which service you’re using so we can deal with your request.
If you would like more information about the basis on which personal data is processed, please visit the Information Commissioners Office (ICO) website.
We only use what we need!
Where we can, we only collect and use personal information to meet the obligations set out above.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We don’t sell your personal information to anyone else.
What rights do you have in relation to your personal data?
You have a number of rights in relation to your personal data. Please note that not all rights are automatic and some may not be available in certain circumstances where a lawful exception applies. For instance, this could be because a copy of your personal data may need to be kept or used for the purposes of complying with a legal obligation, for use in legal proceedings, for prevention or detection of crime or for a monitoring officer investigation, etc.
Your rights | Summary | Exceptions |
---|---|---|
Right to find out about the personal data we hold about you and access a copy of it (personal information request) |
This applies to both paper and electronic records. You can ask us whether we hold your personal data and you can request a copy of the information we hold. Requests should be in writing. If you are unable to ask for your records in writing we will make sure there are other ways you can. |
Some of the information requested may be exempt from disclosure. This could be because it relates to another individual, it is subject to legal professional privilege, its disclosure would result in serious harm to someone, it may stop us preventing or detecting a crime or another lawful exception applies. |
Right to withdraw your consent |
If you have provided us with consent for use of your data, for instance, marketing purposes, you have the right to withdraw your consent to stop the further use of your data for that purpose The right to withdraw your consent will only affect future use of your data. It will not affect the validity of any pre-existing use |
This right is not available where your data can be used without consent, for instance, where we are under a legal obligation to use your information or another lawful exception applies |
Right to raise a concern or enquiry about use of your personal data |
For enquiries, please see our Freedom of information page. To make a complaint about how your personal data is being managed, please contact the Data Protection Officer at DPO@ashfield.gov.uk |
|
Right to contact the Information Commissioner's Office |
For independent advice about data protection, privacy and data sharing issues, or if you are dissatisfied with how we have handled a complaint about use of your data, you can write to the Information Commissioner’s Office at the following address: Wycliffe House Or email: casework@ico.org.uk |
|
Right to rectification of your personal data |
You may ask for your personal information to be corrected if information we hold is inaccurate or for incomplete information to be completed. |
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it. This right may not be available in limited circumstances where a lawful exception applies. |
Right to erasure of your personal data (right to be forgotten) |
You can request that some or all of your data be erased where:
|
This right is not available where a lawful exception applies or where the retention of the data is necessary for:
|
Right to restriction of use of your personal data |
You have the right to ask us to restrict what we use your personal information for where:
|
This right is not available where a lawful exception applies or in respect of data being used for:
|
Right to object to the use of your personal data |
You can object to use of your data:
|
This right may not be available in limited circumstances where a lawful exception applies |
Right to ask for an automated decision to be reconsidered by a human |
Where we notify you that a significant decision has been taken about you without any human input, you can request that:
|
This right is not available in respect of data being used on the basis of:
|
You can ask to have your information moved to another provider (data portability)
It’s likely that data portability won’t apply to most of the services you receive from the council.
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.
You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when Ashfield District Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we using your information.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.
We’ll complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but when we need to share your information, it will be because one of the exemptions in the Data Protection Act 2018 applies. For example:
- for the purpose of prevention and detection of crime,
- apprehension or prosecution of offenders
- assessment and collection of tax etc
- information required to be disclosed by law. For example, if the court orders that we provide the information
- functions designed to protect the public
- for the purpose of assisting in the prevention and detection of fraud.
Personal data will be disclosed to the National Fraud Initiative (NFI) for the purpose of assisting in the prevention and detection of fraud. The National Fraud Initiative (NFI) matches electronic data within and between public and private sector bodies to prevent and detect fraud.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so.
How we record what personal data we hold
Please see our Information Asset Register in the related document section of this web page for details of what information we hold, the basis for processing the information, how long we keep your data and who we may share it with and why. The register is divided into service areas enabling you to search it more easily.
How do we protect your information?
We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
- pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Where in the world is your information?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.
If we need to send your information to an ‘unsafe’ location we’ll always seek advice from the Information Commissioner first.
How long do we keep your personal information?
There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.
For each service the schedule lists how long your information may be kept for.
How you use this website (something called Google Analytics)
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are.
We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.
Unless the law allows us to, we do not:
- share any of the data we collect about you with others, or
- use this data to identify individuals.
Cookies (not the edible ones) and how you use this website
To make this website easier to use, we sometimes place small text files on your device (for example your iPad or laptop) called cookies. Most big websites do this too. They improve things by:
- remembering the things you’ve chosen while on our website, so you don’t have to keep re-entering them whenever you visit a new page
- remembering data you’ve given (for example, your address) so you don’t need to keep entering it
- measuring how you use the website so we can make sure it meets your needs.
By using our website, you agree that we can place these types of cookies on your device.
We don’t use cookies on this website that collect information about what other websites you visit (often referred to as privacy intrusive cookies).
Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. You can manage and/or delete these files as you wish.
To learn more about cookies and how to manage them, visit AboutCookies.org or watch a video about cookies.
Other people’s cookies
We use videos from YouTube and feeds from other websites such as Facebook and Twitter. These websites place cookies on your device when watching or viewing these pages.
Below are links to their cookie policies:
Turning off cookies
You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of this website.
There is more information about how to delete or stop using cookies on AboutCookies.org. You can also opt out of being tracked by Google Analytics.
Your Credit or Debit Card information
If you use your credit or debit card to make payments, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard, and don’t store the details on our website or databases.
We have various methods and payment providers. Our corporate Payment Card Industry payments solution(s) are provided by Capita. Capita are a validated PCI payments system supplier.
Where can I get advice and more information?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at DPO@ashfield.gov.uk or by calling 01623 450000.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Or email casework@ico.org.uk.
Further guidance on the use of personal information can be found at ico.org.uk.