skip through navigation (Access Key = S ) Jump to Accessibility Information (Access Key = 0 ) Jump to Home Page (Access Key = 1 ) Jump to News (Access Key = 2 ) Jump to Site Map (Access Key = 3 ) Jump to Search Box (Access Key = 4 ) Jump to Frequently Asked Questions (Access Key = 5 ) Jump to Help Page (Access Key = 6 ) Jump to Complaints (Access Key = 7 ) Jump to Terms and Conditions (Access Key = 8 ) Jump to Feedback Form (Access Key = 9 ) Jump to content (Access Key = N ) Jump to Business and Advice (Access Key = B ) Jump to Leisure and Culture (Access Key = C ) Jump to Council and Community Diary (Access Key = M ) Jump to Environment and Planning (Access Key = V ) Jump to Community and Learning (Access Key = G ) Jump to Do It Online (Access Key = O ) Jump to Children and Young People (Access Key = P ) Jump to A to Z Services (Access Key = T ) Jump to Your Council (Access Key = Y ) Jump to A too Z site Index (Access Key = Z ) jump to Read Speaker functionality (Access Key = L) Jump to Printer Friendly Version (Access Key = F) Jump to Text Only (Access Key = J) Jump to Change Contrast (Access Key = K)
Data protection
What are an individual's rights under the Act?
An individual data subject is entitled, on making a written request, to be supplied with a copy of any personal data held about him or her. Such a request must be addressed to the Information Rights Officer and must be responded to within 40 days. Spelthorne is permitted by law to charge a fee of up to £10. Spelthorne charges £10 for the supply of information under the Act.
Making a request for information under the Act
Request form
Online form Data protection enquiry or Word format (41kb)
A data protection - Subject Access Application Form - request form you fill in online, but print and send back in the post to us, with £10.00

Data protection enquiry link to the on-line form or Word format (41kb)

Or contact us to be sent a "Subject Access Application Form".
When you receive it, please complete it carefully sign and date it and then send it together with the fee of £10.00 (ten UK pounds) to the address shown below.
Cheques/Postal Orders etc. should be crossed and made payable to 'SPELTHORNE BOROUGH COUNCIL'. Do not send cash through the post. If you require further information please contact us.
The principles of data protection
The Data Protection Act 1998 makes provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.  Data protection is governed by eight principles. These are:
  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 of the Act is met in the case of sensitive personal data, at least one of the conditions in Schedule 3 of the Act is also met (see below)

  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

  4. Personal data shall be accurate and, where necessary, kept up to date

  5. Personal data processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes

  6. Personal data shall be processed in accordance with the rights of data subjects under this Act

  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
Conditions
The first Data Protection Principle (see above) requires that a data controller must meet one or more of the following conditions before any data can be held and processed:

Schedule 2 conditions (the general conditions)
Processing may not take place unless one of the following criteria are met:
  • with the consent of the individual
  • to perform a contract with the individual
  • under a legal obligation
  • to protect the vital interests of the individual
  • to carry out public functions
  • to pursue the legitimate interests of the data controller unless prejudicial to the interests of the individual
Schedule 3 conditions (sensitive data)

The Act introduces a new category of sensitive data which includes the following information relating to the data subject:
  • racial or ethnic origin
  • poltical opinions
  • religious beliefs or similar
  • membership of trades unions
  • condition of mental or physical health
  • sexual life
  • commission or alleged commission of any offence
  • court proceedings for any offence committed or alleged , result of proceedings and any sentence received.
in order to hold and process sensitive data, one or more Schedule 3 conditions must be met which are:
  • with the explicit consent of the individual
  • under a legal obligation in the context of employment
  • to protect the vital interests of the individual where consent cannot be given or withheld
  • by certain non-profit bodies about their members
  • where the information has been made public
  • in legal proceedings
  • to carry out certain public functions
  • for medical purposes
Terminology
Some of the terminology used by the Act is explained below:

Data Controller: this is the person or organisation controlling the contents and use of data and the purpose for which it is held. This is Spelthorne.

Personal Data: is information held about living, identifiable individuals, including expressions of opinion about them. This includes printed output from a computer hand-written, pieces of paper, images of documents (Document image Processing) and anything else that contains personal information.

Data Subjects: these are individuals about whom information is held. They have the right to see information held about them.

Notification: Spelthorne along with other data controllers have to notify the Information Commissioner of the data they hold, the purposes for which it is held and used, the sources of the data and the persons or organisations to whom it may be supplied.

Contact us
Data Protection Officer
Spelthorne Borough Council
Council Offices
Knowle Green
Staines
TW18 1XB

Tel:  01784 451499
Fax:  01784 463356
E-mail dataprotection@spelthorne.gov.uk