The GDPR provides the following rights regarding the personal data the council, as a data controller, processes about you:
If you wish to ask us anything about data protection, want to ask for a copy of your data, or you have a complaint about how we have used or looked after your data, you may contact our Data Protection Officer at:
Data Protection Officer
Spelthorne Borough Council
Council Offices
Knowle Green
Staines-upon-Thames
TW18 1XB
Email: data.protection@spelthorne.gov.uk
If you are ever unhappy with how the council has answered your complaint, you can then contact the Information Commissioner's Office, at:
The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AX
Website: www.ico.org.uk/
Email: casework@ico.org.uk
A privacy notice will be provided to you explaining how and why we intend to process your data. This 'Privacy Notice' will be based on the general statement on our website but with details specific to the service you are involved with.
This information will be on the website, on the form you complete or you will be told verbally over the phone.
When we first gather information from you we will confirm that:
If we intend to use your data for a purpose other than that which we initially intended we will also issue you a further privacy notice prior to processing.
If you already have this information.
You can ask for a copy of the data we hold on you. This is also known as a Subject Access Request.
This applies to any personal data that we hold and we can tell you what data and what categories of data we hold.
To help us do this we will ask you to tell us which services are likely to hold your data, for example there may be a Housing Benefit file, employment records, housing file or a topic or area of correspondence you have had.
You will need to provide proof of your identify, including a utilities bill or bank statement with your current address and something confirming your identity such as a driving licence or birth certificate so that we can ensure that the correct data is provided to you and that your data and the data of others is adequately protected.
Data will, where ever possible, be sent to you electronically, and there is no charge. However if you request further copies, we may charge or consider if we can meet the request.
We will let you know the purpose(s) the data is processed for, and any other organisations we share the data with, also if any data we hold is collected from other sources.
For example
We may be given data from the Department of Work and Pensions regarding benefit applications.
In order to provide you with services such applications for Housing we will share your data with our Housing partners.
We have set periods (or retention schedules) that we hold data for, which vary depending on the service and we will tell you how long we will hold data for each relevant service. We will also tell you the legal basis we have for processing the data.
The data we hold is safely stored and processed. If any of your data is transferred outside the European Economic Area and to a territory without adequate security we would let you know but we do not believe we hold any data that falls into this category.
If your data is processed and automated decisions made or we conduct any profiling, we will also let you know of this. Further details on your rights regarding automated decisions and examples of when this may occur can be found at section viii. And we will let you know your rights to rectify inaccurate or incomplete data, to object to processing, restrict access to your data and to complain.
There are some circumstances in which we cannot provide your data.
The law permits us to reject a request that is manifestly unfounded or excessive. If we believe this to be the case we will let you know why we think this is the case.
If it is necessary to protect the rights and freedoms of others.
For example
If other family members' details are in your social care or housing file, we would need to either obtain their permissions to share this part of the file or redact that data.
Other exemptions are yet to be defined under the GDPR and this booklet will be updated once UK legislation is passed.
Current exemptions under the Data Protection Act 1998 may be reflected and these include:
This allows you to request that we delete our records or some of our records in so far as they identify you. It does not apply in all circumstances.
If you provided the information with your consent.
For example
You agreed to take part in a consultation or you signed up for a newsletter. You can withdraw your consent.
If we need the information to provide a service we are authorised to provide by law, for a legal obligation or we believe the data to be necessary for a task in the overriding public interest.
For example
A task carried out in the public interest will include a wide range of the council's functions such as:
So if you ask for your complaints of noise nuisance or antisocial behaviour to be erased, the council will have to consider whether there are overriding reasons in the public interest to keep those records.
This may be to ensure sufficient evidence is held to rectify the nuisance for the good of the community balanced against any possible detriment to you.
But if you ask for Council Tax records to be erased the council on balance is likely to say they need to be retained until the end of the statutory retention period to be sure all monies due are appropriately charged and collected.
This concerns correcting your personal data that is held.
If you believe the data held is not accurate, you can request that it is corrected without undue delay. Similarly if data is incomplete you can ask that it is completed.
We are obliged to correct incorrect data and incomplete data without undue delay.
However if we need to make further checks or dispute that the data we hold is incorrect we may restrict access to the data pending a decision.
Rectification can be achieved by adding to the record or creating a supplementary record. Even if we decide that the information is correct, we will place a statement from you on the record with the data you believe to be correct or stating your dispute.
And if we have made the data available on-line or to others, we will need to correct that data or ask the other party to do so.
You can ask that access to your records is limited in certain circumstances.
If you are contesting the accuracy of the data on record and we are seeking to verify it.
If the processing of your data is unlawful, but you want the record preserved.
For example
You object to the council processing school attendance data for your children as you believe the records are inaccurate. The council may restrict access to the data while your objection is being considered and the data verified.
An exception to this may be if the matter is being contested in court
And if we have made the data available on-line or to others, we will need to restrict that data or ask the other party to do so.
While there is a request for restriction of processing, we must inform you before lifting that restriction.
This allows you to be provided with a copy of your data in an accessible electronic format. This does not apply to all data.
For example
If you have used the Idea Store lending service you may ask to have a copy of your registration record and all transactions from the lending services.
At your request we can pass this data to another data controller.
Eg if you move to another authority you may wish to transfer details, but as this does not apply to data we process for a task carried out in the public interest so many of the Council's services will not be able to comply with such a request.
You have the right to object to the Council processing your data if you dispute the authority to processed data.
The GDPR provides a right to object to data processed under 'lawful authority' and 'legitimate interests'. We will focus primarily on lawful authority.
The GDPR provides for a local authority to process data to perform a task carried out in the public interests or with lawful authority.
This condition will cover almost all services that the council provides and some services will also be covered by a specific legal obligation to process the data.
Some examples were given in Right to be Forgotten, other examples are:
If you make an objection, you can ask that we restrict processing while you objection is being considered.
When the council has demonstrated overriding grounds to continue processing.
The council will have to demonstrate overriding grounds to continue processing your data under its lawful authority or a task carried out in the public interest, or to establish exercise or defend a legal claim.
You can also object separately to your data being used for direct marketing and for research. You can also object to your data being processed for research purpose unless the council has public interest justification for this.
When conducting research we will in most instances anonymise the data so your personal data cannot be identified. Or there may be projects where we combine data and then remove any personal identifiers. This way the outcomes are not linked to any individuals.
Some decisions are made by machine calculation of data held.
The regulation allows you to object to having decisions made by an automated process.
For example:
We match applicants for housing with suitable properties according to the established policy criteria and data held on their application record
This also includes profiling data which has a legal or other significant effect on you. Profiling could mean analysing and predicting your performance at work, your economic situation, your health, your location or movements, and you preferences or behaviour. The council is unlikely to undertake profiling that has a significant and/or legal impact but will at times use data held to identify populations impacted by policy and legislative changes.
For example
We may wish to notify and assist residents who are likely to be affected by changes in benefit law such as the bedroom tax, and will use the data we hold to decide who we need to contact about the changes.
For example
Your lettings bid will be processed and all applicants for the property will be ranked in report according to the range of factors relevant to their application. This will include the overcrowding, medical factors, the application's preference data.
You can ask for this automated decision to be explained to you and to have an officer review the decision / preference ranking for that offer.