Data Protection and Privacy Statement
We are fully committed to full compliance with the requirements of the Data Protection Act 1998. We have a Data Protection Policy to ensure that the Council, and people working on its behalf (including employees, temporary staff, contractors, volunteers, consultants, partners and their staff, and Members of the Council) are aware of their obligations under the Data Protection Act 1998 and comply fully with that Act.
Statement of Policy
We need to collect and use information about people with whom we work in order to operate and carry out our functions. These may include members of the public; current, past and prospective employees; clients; customers and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of central government. We must handle this information properly, however it is collected, recorded and used, whether it is on paper, in computer records or recorded by other means.
Treating information lawfully and appropriately is very important to our successful operations, and essential to maintaining confidence between us and those with whom we carry out business. We fully endorse and adhere to the Principles of the Data Protection Act 1998.
Handling personal/sensitive data
We will:
-
Use personal data in an efficient and effective way to deliver better services
-
Strive to collect and process only the data or information which is needed
-
Use personal data only for those purposes described when we collect it, or for purposes which are legally permitted
-
Strive to ensure information is accurate
-
Only keep information for as long as necessary
-
Securely destroy data which is no longer needed
-
Ensure the appropriate technical and organisational security measures are in place to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data)
-
Ensure information is not transferred abroad without suitable safeguards
-
Ensure the public are informed about their rights to access information
-
Ensure that the rights of people about whom we hold information can be fully exercised under the Data Protection Act 1998
Rights under the Data Protection Act 1998 include:
-
The right to access personal information within 40 days of request
-
The right to prevent processing in certain circumstances
-
The right to correct, rectify, block or erase information regarded as wrong information
We will:
-
Ensure that we have an officer specifically responsible for data protection
-
Provide guidance and training for Members and Officers at an appropriate level
-
Ensure that any breaches of this policy are dealt with appropriately
The Principles of Data Protection
The Data Protection Act says that anyone processing personal data must comply with 8 principles of good practice. These principles are legally enforceable.
In summary, they require that personal data:
-
Is processed fairly and lawfully and is not processed unless specific conditions are met
-
Is obtained only for one or more specified and lawful purposes and is not processed in any manner incompatible with that purpose or purposes
-
Is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed
-
Is accurate and kept up to date
-
Is not kept for longer than is necessary for the purpose or purposes
-
Is processed in accordance with the rights of data subjects under the Act
-
Is kept secure
-
Is not transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection