Privacy Policy 2018


1. INTRODUCTION


As a Local Authority, Daventry District Council processes a considerable amount of information, including personal data about the citizens it serves, to allow it to provide services effectively. The Council recognises that this information is important to their citizens and that it has a responsibility to these citizens regarding the information it holds about them. As such, it takes seriously its responsibilities to ensure that any personal information it collects and uses is done so proportionately, correctly and safely and is committed to protecting the privacy and security of those individuals.


Privacy notice

This notice explains what we do with any information that you provide us with, or is gathered automatically, to ensure you remain informed and in control of your information.


The personal data you supply to Daventry District Council will be processed in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679). It will only be used for the specified purpose for which you have given it or for purposes that are compatible with that. Any personal data you have given us will not be passed to third parties for commercial purposes. This notice is for guidance only and does not form a contract.


Information will be shared among officers, councillors and other partner agencies where the law allows or requires it, to help improve the service you receive and to develop other services. We may also be legally required to share your personal data with law enforcement bodies such as the Police, government authorities and other organisations, for the prevention and detection of crime. If you do not wish certain information about you to be exchanged within the Council, you can request that this does not happen, although this may affect the ability of the Council to provide some services to you.


Privacy Notices for specific Services


Anti-Social Behaviour Reporting

Business Rates

Care & Repair (DFG & Home Repair Assistance)

Council Tax

Customer Services

Creditors

Debtors

Development Control

Electoral Services

Environmental Health

Housing Benefit and Council Tax Reduction

Housing Options

Insurance Claims

Legal Services - District Law   

Planning Policy

Taxi Licensing   
 


Questions?

Any questions you have in relation to this policy or how we use your personal data should be sent to dataprotection@davcentrydc.gov.uk or addressed to The Data Protection Officer, Daventry District Council, Lodge Road, Daventry, Northamptonshire, NN11 4FP. A copy of the privacy notice can be found in the reception.


2. ABOUT US


Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Daventry District Council (data controller number Z7520115) and Electoral Registration Officer Daventry District Council (data controller number) Z6053684. For the purposes of data protection law, Daventry District Council will be the controller.


3. WHAT INFORMATION WE COLLECT


Personal data you provide

As a local authority, the council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.


If you use a specific council service, we will usually let you know how that service will use your personal information via a separate privacy notice.


The Data Protection Act 2018 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:


  • Process all personal information lawfully, fairly and in a transparent manner.
  • Collect personal information for a specified, explicit and legitimate purpose.
  • Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
  • Ensure the personal information is accurate and up to date.
  • Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
  • Keep your personal information securely using appropriate technical or organisational measures.


Information from third parties

We sometimes receive personal data about individuals from third parties. For example, if we are partnering with another organisation (e.g. you provide your information to Department of Work and Pensions or other government authorities).


Sensitive personal data

We collect and store sensitive personal data (such as information relating to health) about some of our customers. We’ll take extra care to ensure your privacy rights are protected.


Accidents or incidents

If an accident or incident occurs on our property, then we’ll keep a record of this (which may include personal data and sensitive personal data).


3. HOW WE USE INFORMATION


We only ever use your personal data where it is necessary to:

  • enter into, or perform, a contract with you;
  • comply with a legal duty;
  • protect your vital interests;
  • for our own (or a third party’s) lawful interests, provided your rights don’t override the these.

Outside of these reasons we will obtain your consent.


Daventry District Council will use your personal data for the purpose or purposes it was collected (or else for closely related purposes) and at all times within the rules set out in Data Protection legislation.


This means that we will process personal data so we can get in touch, or provide you with a service.


4. DISCLOSING AND SHARING DATA


Information will be shared among officers, councillors and other partner agencies where the law allows or requires it, to help improve the service you receive and to develop other services. We may also be legally required to share your personal data with law enforcement bodies such as the Police, government authorities and other organisations, for the prevention and detection of crime or fraud. If you do not wish certain information about you to be exchanged within the Council, you can request that this does not happen, although this may affect the ability of the Council to provide some services to you such as:

  • NHS
  • District Councils
  • Police
  • Fire Service
  • HMRC
  • DWP
  • Voluntary organisations


For some services, we process your personal information under a contract e.g. the waste and recycling contract.


Where we do not directly provide the service, we may need to pass your personal information onto the organisations that do. These providers are under contract with the Council and have to keep your details safe and secure, and use them only to provide the service.


We will not send your information to marketing agencies.


Before sharing information the Council will ensure that:

  • Privacy Notices are completed if appropriate.
  • Technical security such as encryption and access controls are in place to keep information secure.
  • Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
  • Data Protection Impact Assessments are completed to assess any risks or potential negative effects.
  • Common retention periods and deletion arrangements are set for the information.
  • Subject access rights are catered for.


5. MARKETING


Newsletters and magazines

Council newsletters, magazines, and waste collection information, are provided as a benefit to our customers. We send these out to all our customers.


6. HOW WE PROTECT DATA


We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information. 


Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our employees receive data protection training and we have a set of detailed data protection procedures which employees are required to follow when handling personal data.


Payment security

All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.


If you use a credit card too we will pass your credit card details securely to our payment provider (Capita). Other payment methods) are handled in a similar manner. Daventry District Council complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.


Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.


CCTV

Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Daventry District Council. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.


Daventry District Council complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.


7. STORAGE


Where we store information

Daventry District Council stores our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.


For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).


How long we store information

We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion. Once your information is no longer needed it will be securely and confidentially destroyed.


8. KEEPING YOU IN CONTROL


We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights under the Data Protecton Act 2018 and EU general Data Protection Regulation, which are as follows:


  • The right to be informed via Privacy Notices such as this.
  • The right of access to any personal information the council holds about you. To request a copy of this information you must make a subject access request in writing, either via a letter to  Data Protection Officer, Daventry District Council, Lodge Road, Daventry, Northamptonshire, NN11 4FP, or via email to: dataprotection@daventrydc.gov.uk.
  • To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence or passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.
  • From 25th May 2018 the Council will not charge subject access requests. You are entitled to receive a copy of your personal data within 30 calendar days of our receipt of your subject access request.
  • The right of rectification, we must correct inaccurate or incomplete data within one month.
  • The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
  • The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
  • The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
  • The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
  • You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.


Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.


If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer email dataprotection@daventrydc.gov.uk.


We can provide you with a template subject access form which includes guidance on how to make your request (and will help us respond more quickly). Please contact us for a copy of this.


Complaints

You can complain to Daventry District Council directly by contacting our data protection officer using the details set out above.

 

If wish to make a complaint  which does not directly relate to your data protection and privacy rights, you can do so in accordance with Daventry District Council's complaint policy.

 

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk