We collect, hold and use data about people and organisations with whom we work and in order to conduct our business. This may include members of the public, current, past and prospective employees, clients, customers, contractors, partners and suppliers. In addition, we may be required to collect and use personal data in order to comply with our statutory obligations.
We must abide by the principles of the Data Protection Act which make sure that personal information is:
Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and where necessary kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed
Processed in a manner that ensures appropriate security of the personal data
Accountability is central to the data protection act. Data controllers are responsible for compliance with the principles and must be able to demonstrate this to data subjects and the Information Commissioners Office.
Notification is a statutory requirement of the Act and we must notify the Information Commissioner's Office (ICO) and give details about our processing of personal information.
The ICO publishes certain details in the register of data controllers, which is available to the public for inspection. Our entry in the Data Protection Public Register is available via this link Data Protection Public Register. Enter Z649690X, which is the Council's Data Protection Registration number.
Back to Access to information webpage