CORPORATE PRIVACY NOTICE
This notice explains your rights and the council’s obligations relating to the personal information we collect from you and what we may do with it
For the purposes of data protection laws, East Herts Council is the “data controller” for the processing of your personal information and is registered as such with the Information Commissioner’s Office.
The personal information that you provide will be processed in accordance with the provisions of the EU General Data Protection Regulation 2016 (GDPR) (effective from 25 May 2018) the Data Protection Act 2018 and any subsequent data protection laws applicable within the UK.
Most of the personal information collected by local councils is necessary to enable us to provide you with specific statutory services – for example, Housing Benefit or for Council Tax purposes. However, on occasion we may seek your consent to process your information for non-statutory purposes, for example, when conducting customer surveys. In these cases, you will be asked by the individual department collecting your information to confirm you are happy to provide your consent for us to use your personal information. Where consent is given, you have the right to be forgotten if you no longer want us to process your information, in which case we are required to securely delete all of your personal data from our systems. Again, details will be provided by individual departments within their ‘local’ consent notices.
If you have any queries or concerns relating to the way in which we handle your personal information, please contact the Council and ask for the Data Protection Officer in the first instance.
We use your information in a number of different ways:
- The Council has a duty to protect public funds it administers, and may use information held about you for the prevention and detection of fraud and other lawful purposes.
- For the purpose for which you provided the information e.g. processing information given on a benefit claim form for the purpose of handling your benefit claim, and to monitor the council’s performance in responding to your request.
- To allow the council to communicate and provide services appropriate to your needs, highlighting any free services or additional help available to you.
- For insight purposes which allows us to analyse patterns and trends of service usage. We use this insight for service and financial planning to help us create policy and inform decision making.
- To ensure that the council meets its duties, including obligations imposed under the Equality and Health and Safety Acts.
- Where necessary for law enforcement functions, for example, licensing, planning enforcement and food safety where the council is legally obliged to undertake such processing.
- Where the processing is necessary to comply with legal obligations eg the prevention and/or detection of crime.
- To process financial transactions including grants, payments and benefits involving the council, or where the council is acting on behalf of other government bodies eg Department for Work and Pensions.
- To allow us to verify your identity when seeking services from the council.
- Where otherwise permitted under the Data Protection Act 2018.
We are keen to ensure that we are providing our citizens with services that they need. Therefore, we may contact you for the purpose of making you aware of services or support which we think may be of interest to you.
From time to time we may also seek your feedback on how we are performing or seek your views on services which you have been using.
Sharing your information
We may share your information with other sections of the Council and with third parties such as government bodies, the police, housing associations, other local authorities, health care organisations, but only where it is necessary, either to comply with a legal obligation, or where permitted under the Data Protection Act, such as for the purpose of fraud and crime prevention.
The council requires its third parties to abide by the Data Protection Act 2018 / EU General Data Protection Regulation 2016 (GDPR) and routinely undertakes checks with its providers before information is shared, to ensure that there are sufficient systems and procedures in place to protect your information
We will not use your personal data for marketing products or services without your prior consent.
Data matching to prevent fraud
We may share information provided to us with other bodies responsible for auditing, administrating public funds where undertaking a public function. We do this to prevent and detect fraud.
We participate in the Cabinet Office’s National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
How long we keep your information
We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary, in accordance with the Council’s retention policy (link attached).
To help use keep your information up-to-date
- please give us accurate information
- tell us as soon as possible about any changes to your personal information
- tell us if you notice mistakes or inaccuracies in the information we have about you
How we protect your personal information
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to seek to safeguard the information you provide to us.
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact Neil.Prior@eastherts.gov.uk
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- You can also request copies of your personal information in an easily readable format to use with other organisations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance by contacting our Data Protection Officer. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like further information about this privacy notice, please contact:
[The Council’s Data Protection Officer]