Corporate privacy notice
Everything we do with information about people, such as how we collect it and who we share it with, has to comply with the Data Protection Act and the General Data Protection Regulation (GDPR). A key part of this is being open about how we use information and what rights you have in respect of information we hold about you.
This notice sets out the broad information for the Council as a whole. Some services will tell you more about how they use your information as part of you deciding to access that service.
If anything in this notice is not clear, or if you have further queries, please get in contact with the Data Protection Officer using the details at the end.
2 What information do we hold?
We collect information about people who live in the Chiltern and South Bucks areas as well as people outside the counties who use services that we provide. What information we collect varies according the services people receive.
Most of the information we hold starts as a result of an individual directly contacting us wanting to use one of our services. The type of information we will keep about you is likely to be:
- Details about you such as full name, date of birth, and contact details such as phone number, address, and e-mail address where appropriate
- About any contact with you
- Information relevant to the services being provided
- Images captured by CCTV
In order to ensure that your information is used appropriately and that your privacy is respected, your personal information will be held used and processed in compliance with the requirements of all applicable legislation.
This means that:
- The council will take steps to ensure that your information is kept as safe as possible, and that it is always accurate and up to date
- Only those staff that need to do so will access your personal information
- Your records will be retained in accordance with the Council's Retention Schedule
We provide a wide range of statutory services. We are under legal obligations to provide many of these services and to deliver these we need to collect and use personal information of those using or affected by these services
Much of what we do is a result of legislation set nationally that requires or allows us to provide various public services across Chiltern and South Bucks. In such cases, if you access a council service then the law that requires or allows us to provide that service will be our legal basis for collecting and using your personal data, as we can't provide you with the service without it.
In a small number of cases we will process personal data solely on the basis of consent, such as where you might opt in to receive email updates or marketing details about certain council services. This will be clearly explained when you sign-up to that service.
We also collect and use information to support the local democratic process (administration of council meetings etc.) and as part of research to support the delivery and development of our statutory functions as set out above. Additionally, we collect and use information in line with our requirements as an employer (recruitment, personnel information, payroll and pensions etc.).
Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All staff and councillors receive training on data protection and information security.
5 Who we share information with and why?
We share information with a range of different types of people and organisations depending on the service being provided or the statutory requirement that we have to comply with.
The types of recipients include:
- Service users (and families where relevant)
- Central and Local government departments and organisations
- Our contractors (organisations that we commission to provide goods and services)
- Law enforcement agencies, such as Thames Valley Police
- Health and social care organisations and professionals
- Regulatory bodies, investigators and ombudsman
- Courts, tribunals and prisons
- Legal representatives
- Fraud prevention agencies
- Debt collection agencies
- Current, past and prospective employers
- Trade unions
- Press and the media
- Councillors and political parties
- Housing associations and landlords
- Survey and research organisations
- External auditors
We participate in the Cabinet Office's National Fraud Initiative, a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
We will give our Councillors personal data about you if you ask us to or if he/she reasonably needs it to carry out his/her duties, but the Councillor must not use it for other purposes.
This will be on the basis of legitimate interests and/or to comply with the law
6 How long we keep hold of information for?
We only keep information for as long as it is needed. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice.
7 What rights do you have
Individuals whose personal data we process have the following rights:
- Right of access (to receive a copy of your personal data)
- Right to rectification (to request data is corrected if inaccurate)
- Right to erasure (to request that data is deleted)
- Right to restrict processing (to request we do not use your data in a certain way)
Right to data portability (in some cases, you can ask to receive a copy of your data in a commonly-used electronic format so that it can be given to someone else)
- Right to object (generally to make a complaint about any aspect of our use of your data)
- Right to have explained if there will be any automated decision-making, including profiling, based on your data and for the logic behind this to be explained to you
Any such request can be submitted to the Data Protection Officer. Whether we can agree to your request will depend on the specific circumstances and if we cannot then we will explain the reasons why.
If you are unhappy with any aspect of how your information has been collected and/or used, you can make a complaint to the Data Protection Officer via our website using the following links
Make a complaint
You can also report concerns to the national regulator, the Information Commissioner's Office [ICO]. Their details can be found on their website: ICO - How your information has been handled
If we are processing your information based on you giving us consent to do so, you have the right to withdraw your consent at any time. Doing so may mean we are unable to provide the service you are hoping to receive and the implications of you giving or withdrawing your consent will be explained at the time.
If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact us using the details below and tell us which service you're using so we can deal with your request.
9 Electoral Services
To verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service. You can find more information about this at Register to Vote Privacy Notice
Post: Data Protection Officer, The Gateway, Gatehouse Road, Aylesbury HP19 8FF