PRIVACY (DATA PROTECTION) POLICY
- This policy is provided to you by Wombourne Parish Council which is the ‘data controller’ for your personal data. It sets out our approach to the handling of personal data. This is defined as any information which allows you (residents, employees, service users and others) to be identified from that data such as your name, photographs, CCTV images, email address, or address.
- We can be contacted at Civic Centre, Gravel Hill, Wombourne, South Staffordshire WV5 9HA. Tel: (01902) 896300 or email@example.com. The Council will abide by all of the law that applies to the processing of personal data including the General Data Protection Regulation (the “GDPR), the Human Rights Act 1998 (which sets out a person’s ‘right’ to respect for family life etc.) and the Data Protection Act 2018.
- The council will comply with the data protection principles. These say that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way. We do this by providing privacy notices/ information.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. Again through the giving of notices/ information.
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date.
- Kept in a form that identifies you only as long as necessary for the purposes we have told you about. The Council has retention/ erasure guidance that it follows.
- Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
How we lawfully process personal data
We may also process personal data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the use of sports facilities, or a room at the Civic Centre.
Sometimes the use of your personal data requires your consent. We will first obtain your consent to that use.
Sharing your personal data
- Third parties who we pass personal information on to (who then become ‘controllers’ in their own right) have their own obligations to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data.
Where we make use of a data processor i.e. someone who processes your information on our behalf, then we will ensure we use someone who has in place appropriate security and who commits to meeting their legal obligations under the GDPR.
6. You have the following rights with respect to your personal data:
- The right to access personal data we hold on you
- The right to correct and update the personal data we hold on you
- The right to have your personal data erased
- The right to object to processing of your personal data or to restrict it to certain purposes only
- The right to data portability
- The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
- The right to lodge a complaint with the Information Commissioner’s Office. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
You can contact the Information Commissioners Office on 0303 123 1113 or via their website www.ico.org.uk or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.