East Cambridgeshire District Council is committed to protecting the privacy of our users and customers. This privacy notice is intended to inform you on how we gather, define and use your information. All your personal information will be held and used in accordance with the UK General Data Protection Regulation (UK GDPR).
We commit to:
- Only keep your data to provide services and do what the law says we must
- Keep your records safe and accurate
- Only keep your data as long as we have to
- Collect, store and use your data in a way that does not break any data protection laws
Things you can do to help us:
- Tell us when any of your details change
- Tell us if any of the information we hold on you is wrong
When you use this website, you are agreeing to this statement and any additional privacy statements on individual pages within the website.
We regard the lawful and correct treatment of personal data as vital to maintaining the confidence of the many people we deal with. Data protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside the council. The law says we must have one or more of these reasons - as a lawful basis to process:
- When you consent to it, or
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- Fulfilling a vital interest on behalf of the data subject, or
- Fulfilling a public task, or
- When it is in our legitimate interest
Any personal information you give us will only be used in accordance with principles found in the Data Protection Act. For more information about the Data Protection Act visit: www.ico.org.uk (external link)
What information will we collect about you?
By providing services for you, we ask for a wide range of information, some of which might be sensitive. The required information will vary according to which service you are accessing. We will only collect the information we require from you in relation to the specific service you have requested.
How we use your information
We then use your personal information to deliver services, fulfil an obligation or answer queries you have. Only those authorised to process your data can access your data. We work hard to ensure our staff can only see the data they need to perform their tasks. All our staff are trained to understand data protection and what they need to do to keep your data secure.
What if I choose not to give personal information?
We may need to collect personal information by law, carrying out a public task or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean we cannot perform services or give assistance to you. Any data collection that is optional would be made clear at the point of collection.
Your rights relating to your information
- The right to be informed: this is the information given to you in a privacy notice
- The right of access: you can see the personal information we hold about you
- The right to rectification: if you feel your information is incorrect you can ask for it to be corrected
- The right to erase: there are some circumstances when you can ask for your personal information to be erased
- The right to restrict processing: there are some circumstances when you can ask for the processing of your personal information to be restricted
- The right to data portability: you may request to acquire and reuse your personal information for your own purposes
- The right to object: you can object to processing if you feel your personal information is not being used for the purposes that you gave it to us for
- Rights in relation to automated decision making and profiling: you have the right to know if your personal information is used in an automated process which could result in an unfavourable decision against you
The legal basis for processing your information
We process your information as is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In certain circumstances the processing of your information will be necessary for compliance with a legal obligation or for the performance of a contract.
How we share your information
We may need to pass your information to other people and organisations that process information, or provide a service, on our behalf. These providers are obliged to keep your details securely, and use them only for the intended specified purpose.
We may share your information with partners of the Council where it helps to provide a public service. Partners will keep your details securely, and use them only for the intended specified purpose.
We may disclose information within and to other partners of the Council where it is necessary, either to comply with a legal obligation, regulation, court order, legal process or enforceable governmental request.
We may disclose information when necessary to prevent risk of harm to an individual.
If we need to disclose sensitive or confidential information, we will do so with your prior explicit consent or where we are legally required to. We shall inform you of any disclosure of information where possible.
We also share information for the purpose of protecting public funds, and for the prevention and detection of crime.
How long we hold your information
We keep your information for as long as required according to the retention policy of specific Council departments. This may vary according to National Law. All of your data is stored with the European Union (EU).
Your right to access your information
In regard to all of the above you can request access to information that we hold about you, this is called a Data Subject Access Request. To help you in this process we have prepared a form that you can download and complete: Data Subject Request Form you will be required to provide proof of identity. We must respond to you within one calendar month (however if we feel the request is complex we may ask for an extension of this period).
If the information we provide is incorrect you must write to us and tell us what information is incorrect and ask that it be corrected. If we do not agree that the information is incorrect you may ask us to record your disagreement. There is no charge for this service; however a charge may be incurred if the request is deemed to be manifestly unfounded or excessive, particularly if it is repetitive. In certain circumstances, it may be the case that your request is denied and will write to you and inform you if that is the case.
Where can I find more information about my rights?
The Government has set out a number of data protection principles and rights for you that we must follow when using your personal data. These principles and rights are detailed in the Data Protection Act. How we comply with these principles and rights is explained in our Data Protection Guidance.
If you wish to complain about the way in which your personal data has been processed then your complaint will be dealt in accordance with our Complaint's Procedure. If you are still unhappy with the decision, you have a right of appeal to the ICO.
Other legal requirements in regards to personal information
The information you give when you complete and return a form electronically or on paper will be held in accordance the Data Protection Act 2018.
East Cambridgeshire District Council is required by law to protect the public funds it administers. In order to do this we may share information provided to us with other bodies responsible for auditing or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
We participate in the Cabinet Office’s National Fraud Initiative (NFI); a data matching exercise to assist in the prevention and detection of fraud. We also are part of a multi-country Fraud Hub. The purpose of the Hub is expanding on the NFI with the purpose for the prevention and detection of fraud using cross county data matching.
We share data with the ONS, who have a lawful basis to process personal data under the Data Protection Act 2018. Data is shared for the purpose of producing statistics only. Data will be kept securely, for no longer than is necessary, and will not be transferred to any third parties except where explicitly stated.
We always use a secure connection when collecting personal financial information from you and conform to PCI Standards. All forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol for encryption. Most web browsers (e.g. Microsoft Explorer, Mozilla Firefox, Safari, Google Chrome, etc.) support SSL. The link between your web browser and the server is secure if your web browser displays a small padlock or key symbol somewhere in the frame, or the address bar shows a web address beginning https://, rather than http://.
Contacting East Cambridgeshire District Council
If you have any questions or comments about this Privacy Notice please contact: The Data Protection Officer, The Grange, Nutholt Lane, Ely, Cambs, CB7 4EE (email: firstname.lastname@example.org)
Changes to this policy