General Data Protection Regulations (GDPR)
The GDPR sets out high standards for the handling of personal data and protecting individuals’ rights for privacy. It also regulates how personal data can be collected, handled and used.
The GDPR applies to anyone holding Personal Data about people, electronically or on paper. We have also notified the Information Commissioner that we hold personal data about individuals.
When dealing with personal data, it is our policy that our staff and councillors must ensure that:
Data is processed fairly, lawfully and in a transparent manner
This means that personal information should only be collected from individuals if staff have been open and honest about why they want the personal information.
Data is processed for explicit and legitimate purposes only
Data is relevant to what it is needed for, data will be monitored; only data that is needed should be held.
Data is accurate and kept up to date and is not kept longer than it is needed, personal data should be accurate, if it is not it should be corrected.
Data no longer needed will be shredded or securely disposed of.
Data is processed in accordance with the rights of individuals, Individuals must be informed, upon request, of all the personal data held about them.
Data is kept securely, there should be protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Storing, and accessing data
We recognise our responsibility to be open with people when taking personal data from them. This means that we must be honest about why we need a particular piece of personal information.
We may hold personal data about individuals such as their names, addresses, email addresses and telephone numbers. These will be securely kept at our office and are not available for public access. All data stored on our office computers are password protected.
Individuals have the right
to have their data rectified if it is incorrect
the right to request erasure of the data
the right to request restriction of processing of the data
the right to object to data processing
Children's privacy protection
We understand the importance of protecting children's privacy in the interactive online world. Our Website is not designed for, or intentionally targeted at, children of 16 years of age or younger. It is not our policy to collect or maintain intentionally any information (including photographs) about anyone under the age of 16 without the express specific consent of the parent or guardian.
Anti-Money laundering regulations
The Money Laundering and Transfer of Funds (Information) (Amendment) (EU Exit) Regulations 2019 (S.I.2019/253 and The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692) and supplemental legislation set out the rules for ensuring that certain UK businesses properly assess money laundering and terrorist financing risks and carry out appropriate checks say we must, in many cases, gather evidence of the identity of those we deal with.
As a result, we may do an independent computer identity check on individuals with another service provider and we may ask individuals to show us some form of personal or business documents (as required by the various regulations), including photo ID, to check their identity.
The service provider who carries out the check will record the fact that we have carried out a search The service provider may also reveal Personal Data to a Credit Reference Agency to confirm identity. That Agency may keep a record of the search, but they will not carry out a credit check and an individual’s credit rating will not be affected. We use these third party search agencies and to obtain information about individuals for these purposes only.
Our Website is hosted on servers in the UK or in the wider EEA. We take the security of Personal Data seriously.
We have strict procedures and security features in place to ensure that our paper and computer systems and databases are protected against unauthorised use, loss and damage and guarded against access by unauthorised persons.
We undergo periodic reviews of our security policies and procedures to ensure that our systems are secure and protected. However, as the transmission of information via the Internet is not completely secure we cannot guarantee the security of your information transmitted to or from us.
If an individual wishes to:
• access, confirm, correct, rectify, update, supplement, block, restrict or delete their Personal Data
• object to our use of their Personal Data
• have any questions about our processing of their Personal Data
• transfer their Personal Data from us to another person or business
We will provide the individual with all rights in relation to their Personal Data to which they are entitled under applicable law.
If they are unhappy with the way that we have handled their Personal Data, they can make a complaint to the Information Commissioner’s Office responsible for data protection in the UK. Contact details are typically available online, or alternatively they may ask us for assistance.
HOW TO CONTACT US
A full copy of our GDPR policy is available in writing, on request.