Draft Data Protection Policy Adopted 9th May 2018
PRIVACY NOTICE GENERAL Adopted 9th May 2018
PRIVACY NOTICE for staff, Councillors Adopted 9th May 2018
RETENTION OF DOCUMENTS POLICY – ADOPTED 11.4.18
Subject Access Request Procedure Adopted 9th May 2018
DATA BREACH POLICY Adopted 9.5.18
Fair Processing Notice
How Cotgrave Town Council uses your information
Cotgrave Town Council is committed to compliance with Data Protection legislation. Keeping your personal information accurate and secure is a vital part of providing efficient services to you.
The council will only use the information it holds about you for the purpose you provided it except in the circumstances outlined in this notice. It will also only collect the minimum information necessary to fulfil that purpose.
When you provide information you will be told what it will be used for and whom it will be shared with. However, you need to be aware that the council is required to share your information, on occasion, between different sections of the council, and with other agencies to help reduce crime or investigate fraud.
The council also works closely with other councils and community organisations and often needs to share information with them in order to deliver your services.
However, the council will not supply these organisations with your information unless it is satisfied that equal measures are in place to protect the information from unauthorized access.
The council has a responsibility to promote social wellbeing and works in partnership with other councils and agencies such as the Police, Fire and Rescue Service, the voluntary services and the Health Service in order to preserve life, reduce accidents, reduce crime and disorder and improve health.
To promote this social wellbeing the council may need to share your personal and sensitive information with other councils and partner agencies.
What is Personal Data?
Personal Data is information that relates to a living individual who can be identified either:
- from the information combined with any other information which is already in the possession of, or likely to come into the possession of, the person or organization holding information
- The information includes any expression of opinion about the individual, and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data will therefore cover basic details such as name, address, date of birth and telephone numbers.
- The council must always comply with the 8 Principles of Data Protection when handling your personal information.
These principles state that data must be:- - fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with your rights
- secure
- not transferred to other countries without adequate protection
What is Sensitive Personal Data?
Certain data is also categorised as ’Sensitive Personal Data’, for example:
- racial or ethnic origin
- physical or mental health or condition
- sexual life
- offences (including alleged offences)
- religious or other beliefs of a similar nature
The law says explicit consent should be sought to before using your Sensitive Personal Information. Usually your consent will be sought when you make an application for council services.
Why does the council collect and retain Personal Data?
In order to provide you with efficient and effective services Cropwell Bishop Parish Council needs to collect personal data. The council may also need to share your personal data with other service providers who are contracted to carry out services on their behalf. These providers are obliged to keep your personal details secure and use them only to fulfil your service request. The council will process the information you provide in a manner that is compatible with the Data Protection Act and in particular aims to comply with the principles stated above. Cropwell Bishop Parish Council will use information about you for the provision of services and specifically for the following:-
- for all law enforcement, regulation and licensing, criminal prosecutions and court proceedings which the council is obliged to undertake
- all financial transactions to and from the council including payments, grants and benefits; where monies are due or outstanding the council reserves the right to use all the available information at its disposal to protect public funds
Sharing information with other partner agencies
The council has a responsibility to promote social wellbeing and to work with other councils and partner agencies such as the Police, Fire and Rescue Service, the voluntary services and the Health Service in order to preserve life, reduce accidents, reduce crime and disorder and improve health. To promote this social wellbeing the council may need to share your personal and sensitive information with other councils and partner agencies.
The sharing of sensitive personal data where your consent has not been directly secured will only occur in order to promote community wellbeing for example in saving life, reducing crime, reducing accidents and improving health and will be on a “need to know” basis.
Further Information
If you require further information about the use of your data or wish to make a subject access request for copies of your personal data held by Cotgrave Town Council please contact:
Mrs Julie Stephenson
Cotgrave Town Council
Cotgrave Leisure Centre
Woodview
Cotgrave
Nottingham
NG12 3PJ
Tel: 0115 9893876
Email: clerk@cotgrave-tc.gov.uk
General Data Protection Regulation 2016
On 25th May 2018 the existing data protection act 1998 ceases to exist and is replaced by the General Data Protection Regulations 2016. This regulation is currently going through parliament and will be called the Data Protection Bill. The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come.
What is the difference between the DP Bill and the GDPR?
The GDPR has direct effect across all EU member states and has already been passed. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DP Bill is the details of these. It is therefore important the GDPR and the Bill are read side by side.
For more information please click on the following link.
https://ico.org.uk/for-organisations/data-protection-bill/