The Council is committed to complying not only with the letter but also the spirit of Data Protection Legislation. The accuracy and security of your personal information is a key responsibility of the Council and is recognised as an overriding factor in securing your trust and confidence. The Council will only use the information it holds about you for the purpose you provided it or as permitted by law. It will also only collect the minimum information necessary to fulfil that purpose.
By law we must maintain a record of the data processing activities we are responsible for. This is contained in our Record of Processing Activities.
Personal Data is data (as defined by the act) that relates to a living individual who can be identified either:
Personal data will therefore cover basic details such as name, address, telephone number, and date of birth. Personal information can also include any expression of opinion about an individual, and any indication of the intentions of the data controller or any other person in respect of the individual.
The law says that for councils to use your basic personal information you must be made aware of what the information will be used for and whom it will be shared with. Generally this is achieved by seeking your consent when you make an application for Council services but it can also be achieved by providing you with information, for example, in a letter or in a notice and giving you an opportunity to say no. Certain types of personal data are also categorised as 'Sensitive Personal Data', for example:
The law makes additional provisions regarding the processing of Sensitive Personal Information especially in relation to sharing it and more details about this are given below.
In order to provide you with services, the Council needs to collect personal data for correspondence purposes and/or detailed service provision. The Council may also need to share your personal data with other service providers who are contracted to them to carry out services on their behalf. These providers are obliged to keep your personal details secure and use them only to fulfil your service request.
The Council will collect, process, store and use the information you provide in a manner that is compatible with the Data Protection Act. The Council's aim is not to be intrusive and it undertakes not to ask irrelevant or unnecessary questions. In addition the information you provide is subject to measures and procedures to minimise the risk of unauthorised access or disclosure.
Once your service has been delivered or your case has been closed, your information will be retained for a specified period to enable any further related services to be delivered and to you or to allow you or the Council to deal with any follow up issues about the quality of the service provided. The retention of personal information will be in accordance with the Council's Document Retention Policy and after the retention period has expired the information will then be destroyed in a controlled manner.
The Council is serious about delivering accessible, appropriate, timely and effective services and it is important that it can properly coordinate what it does for your benefit. To achieve this it aims to improve its centralised customer database so that it acts as a hub for all services. This means, for example, that the system can report any change of address to all the services that use the database, so you won't have to repeat it every time you contact the Council.
Over time the Council's aim is to ensure that it has one master record containing your basic details, together with information about the nature of your transactions. The database is not designed to provide intimate details of the services you have received but rather to ensure that the Council is not asking you to repeat basic information for each service you require. It will also help the Council to tailor services to meet your needs and ensure that your requests are being dealt with effectively and help to prevent them getting lost in the system.
You will always have the right to opt out of this or any other data sharing initiatives. However, remember that the Council is only collecting it for the purpose of improving the services on offer to you. It will not use your information for other purposes without your permission and will certainly not supply it for third party marketing purposes.
The Council has a responsibility to promote social wellbeing and to work with other councils and community partners such as Suffolk County Council, neighbouring district councils, the Police, Fire & Rescue Service, the voluntary services and the Health Service in order to preserve life, reduce accidents, reduce crime and improve health. To promote this social wellbeing the Council may need to share your personal and sensitive information with these other councils and partners.
If the Council needs to share your sensitive personal data with a third party it will only do so once it has obtained your consent and in all circumstances the Council will be open and informative about why the sharing is necessary and whom it will be shared with. Wherever possible your consent will be secured at the time the information is collected, for example, on the application forms for council services.
You need to be aware that the Council is periodically required to share your information with other agencies to help reduce crime or investigate fraud. An example of this is in reducing Housing Benefit fraud and involves the Council sharing Council Tax, Housing Benefit, Electoral Registration and other licensing and registration data to ensure that claimants are not claiming illegally. This is done under the direction and security of a National Government Agency known as The Audit Commission. The shared data is not used for any other purpose.
Where the Council has a genuine need to share sensitive personal data for a purpose for which it was not originally supplied and where it is impractical for the Council to seek your consent directly, it will seek consent by maximising awareness by publishing articles in newspapers, newsletters, leaflets and posters in community information centres, for example at our Customer Services Centre and at leisure centres, the Citizens Advice Bureau, libraries or health centres, or on this website.
These articles and posters will not identify you or any other individual but will provide information about the type of information to be shared so that you will be able to judge whether your personal information is likely to be used. A named officer and contact details will also be supplied to enable you to find out further information and, if necessary, allow you to stop your personal and sensitive information being used in this way.
The need to share this information for promoting social wellbeing will only be for the Council's legitimate business purposes and community projects where the balance of benefit to you and the community far outweighs the remote possibility that you or any other individual could suffer any detriment.
The likelihood of any such detriment will also be further reduced by strict data sharing protocols between the Council and partners and tight security in terms of the transfer of information. Access to your sensitive personal information will also be restricted to authorised individuals only and strictly on a 'need to know' basis.
You have a right to know what personal data is held about you and whom it is shared with. This is known as a Data Subject Access Request. You also have the right to correct any inaccuracies.
You simply need to write to or telephone the Council's Data Protection Officer. If the Council is working with other councils or community partners there may be more than one Data Controller. In such circumstances any additional Data Controller will be listed and the data they control will be explained.
The Council will usually send you a form to complete, which asks you for the type of information you are interested in - it may be Council Tax related, or relate to Planning. You can of course ask for everything but this can be time consuming and costly for a council to respond to so please narrow it down if you can.
You will also be asked for information about yourself and copy documentation to ensure that your personal information is not provided to someone else.
Copies of the information will then be supplied to you within the 1 month period required by the Act but usually well within that period.
You should be aware that in supplying you with your personal information, the Council cannot supply you with the personal information of anyone else and you may find that documents have been edited to remove third party names and addresses.
All organisations that handle personal information need to be registered with the Information Commissioner based at Wilmslow in Cheshire. The Commissioner is responsible for enforcing the Data Protection Act and providing guidance. The Register of Data Controllers is a public document and provides information about the classes of data held, the classes of data subjects and whom the data is disclosed to or shared with. Registrations are renewed each year and updated during the year as required and the Register of Data Controllers can be inspected at any time on the Information Commissioner's Office website.
If you need to complain about any data protection issues concerning the Council's use of your personal information you should in the first place telephone the council service that has been dealing with your personal information and speak to the relevant manager stating your concerns. If you are unsatisfied with the response or action taken by the manager, you should complete a Complaint Form. This can be completed online, downloaded as a PDF file or obtained from any of the Council's main offices. Your complaint will be dealt with in accordance with the Council's formal complaints procedure.