COYCHURCH LOWER COMMUNITY COUNCIL

Data Protection Privacy Notice

Coychurch Lower Community Council’s Intent/Commitment

“Coychurch Lower Community Council is committed to protecting an individual’s privacy when an individual uses  its services. Contained within this notice is the Council’s policy/practice that deals with personal data/ information and to fulfil the Data Protection legislation requirements which is regulated and enforced by the Information Commission Officer”.

  1. Coychurch Lower Community Council is a tier of Local Government. The Council provides services to the residents of the Ward of Coychurch Lower.
  2. Personal data/information can be anything that directly or indirectly identifies and relates to a living person. This can include information/data that when linked with other information can identify a person.
  1. Some information is deemed to be “special” and needs more protection due to its sensitivity. It is often information/data you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
  • Sexuality and sexual health
  • Religious or philosophical beliefs
  • Ethnicity
  • Physical or mental health
  • Membership of a Trade Union
  • Political opinion
  • Genetic/biometric data
  • Criminal history
  1. CoychurchLower Community Council is the information/data controller under the Legislation in respect of all personal information/data collected. The Council’s details are:

     Coychurch Lower Community Council

    Council Offices

    Main Road

    Coychurch

    Bridgend

    CF35 5HB

  1. The Data Processing Officer for the Council is:

Mr Paul Smith —- Clerk/RFO

  1. The powers that the Council has are laid down by statute and in accordance these powers decisions are taken at Council meetings. Some decisions are delegated to the Clerk and certain Councillors in the interest of expediency and in accordance with the Council Standing Orders.
  1. The Council, when using personal information/data, will comply fully with a series of guiding principles. These principles are there to protect individuals.

The  Council will therefore:

  • Process all personal information/data lawfully, fairly and in a transparent manner
  • Collect personal information/data for a specified, explicit and legitimate purpose
  • Ensure that the personal information/data is adequate, relevant and limited to the purposes for which it is collected
  • Ensure the personal information/data is accurate and up to date
  • Keep your personal information for no longer than is necessary for the purposes for which it was collected
  • Keep your personal information/data securely using appropriate technical and/or organisational measures
  1. Personal information/data of an individual is required, for example to :

“ Deliver and manage services to an individual and the community which the  Council represents such as:

  • Consultation on planning applications
  • Enquiries and complaints
  • Events
  • Grants
  • Publicity
  • Legal and other claims
  • Train and manage staff to deliver the service
  • Investigate complaints about the services provide
  • Keep track of spending on services
  • Check the quality of services and to help with research and planning of new services
  1. It is to be noted that on occasions and before using the personal information /data the Council may require consent. In such cases an individual will be invited to sign a declaration. There is NO obligation on an individual’s part to give consent to allow the personal information/data held to be used and furthermore any consent given can be withdrawn at anytime .
  1. The Law allows the Council to use personal information/data as follows:
  • Where the individual, or the individual’s representative, has given explicit consent for specific processing purposes
  • The individual has undertaken a contract with the Council or has undertaken steps leading to the award of a contract
  • For employment purposes
  • To comply with the Council’s Statutory duties
  • To protect an individual’s “vital interests” in an emergency
  • To undertake a task carried out in the public interest or in the exercise of authority given to the Council
  • To deal with legal and  other claims
  • An individual has made personal information/data publicly available
  • For archiving, research or statistical purposes
  • For legitimate interests as defined

Important note: Alternative rules apply for the processing of the “sensitive/special “categories as referred to earlier in this Notice

  1. The Council will only collect personal information/data in order to meet its responsibilities for service provision or meet a specific requirement.
  1. If the Council uses personal information/data for research and analysis, it will be kept anonymous or use a different name unless an individual has agreed that the personal information/data can be used.
  1. There is a legal duty on the Council to provide personal information/data to other organisations which may override an individual’s right to privacy. Examples of which are as follows:
  • In order to establish and stop crime and fraud
  • If there are serious risks to the public/staff
  • If there is an emergency
  1. Also , the Council may have a legal duty to share personal information/data with organisations such as:
  • HMRC
  • The NHS
  • The Principal Authority
  • The Police
  • The Fire Service
  • Possibly voluntary organisations
  1. The Council processes personal information/data to those the Council employs or otherwise engage to do work. The  Council do this for employment purposes in order to assist the Council in delivering services, or to enable an individual to be paid.
  1. The personal information/data for this purpose are , name, date of birth, personal characteristics as to gender and ethnic group, qualifications and absence information.
  1. The Council will not share information about an individual with third parties without consent unless the law allows or requires the Council to do so.
  2. The Council will only keep an individual’s personal information/data for as long as it is necessarily required and the retention period for such personal information/data is covered by Legislation.
  3. When personal information/data of an individual is no longer required it will be destroyed confidentially.
  4. It is important to note that an individual has certain Legal rights under Legislation:
  • The right of access to any personal information/data which the Town Council holds about an individual
  • The right of rectification.
  • The right of erasure of any personal information/data
  • The right to restrict processing
  • The right to personal information/data portability
  1. To access a copy of the personal information/data an individual must make a subject access request in writing to the Council’s Data Processing Officer, either by way of a letter, email or by an agreed alternative method.
  1. To enable the Council to deal with the request an individual will need to include:
  • Current name
  • Current address
  • Proof of identity ( copy of driving licence, passport, or two different utility bills with an individual’s name and address on , together with as much information as possible so that the Town Council can identify any personal information/data it may hold.
  1. The Council WILL NOT let an individual have personal information/data involving
  • Confidential information about other people
  • Personal information/data that will cause serious harm to an individual’s or someone else’s physical or mental wellbeing

                                Or

  • If the personal information/data may obstruct the Council from preventing or detecting crime
  • To receive free a copy of the personal information/date within a calendar month of receipt of an individual’s request

24. The Council stores its paper copies of personal information/dat under lock and key in its office, all computers are password protected and electronic personal information data is stored in the “cloud” in the UK. The internet is a global facility and there may be instances when the personal information/data may leave the UK. It is also possible that personal information/data provided will be temporarily transferred via a route outside of the EU as it passes between the individual and the Council.

  1. An individual needs to be aware that personal information/data transmitted via the internet is not guaranteed to be secure during its transmission. The Council cannot in anyway ensure nor warrant the security of any personal information/data an individual transmits to the Council whether by email or otherwise.
  2. The Council will do what it can to make certain that the personal information /data is held in a securely whether in paper form or electronically. Security includes:
  • Controlling access to systems and networks allows the Council to stop people who are not allowed to view an individual’s personal information/data from getting it
  • Redacting personal information/data on all emails and correspondence to the office being put in the Public domain
  • Training Staff to make them aware of how to handle personal information/data and how and when to report when something goes wrong and keeping up to date on the latest security procedures.
  • Telephone calls to the Council are not recorded
  • Emails – if an individual emails the Council ,the Council may keep a record of the contact details of the individual email address for the Council record keeping of the transaction. For security reasons the  Council will not include any confidential personal information/data about an individual in any email to an individual, unless the individual consents to this.
  • Information provided through the Council’s Website and where an individual enquires about services or to inform the Council of something else such as making a complaint, compliment or comment will be used for the purposes which the Council reasonably believe it is provided for.If the Council intends to use personal information/data for a new purpose, not covered by this Privacy Notice, then the Council will provide an individual with a Privacy Notice explain this new use prior to commencing processing and setting out the relevant purposes and processing conditions and including appropriate consent as necessary. 

 28.The Council will keep this Privacy Notice under regular review.

29.I f an individual wishes to make  a complaint or comment about this Privacy Notice, then in the first instance contact the Council directly, by  calling into the Office, email or letter.

  1. An individual may also contact the Information Commissioner’s Office at:

The Information Commissioner’s Office Wales

2nd Floor—Churchill House

Churchill Way

Cardiff

CF10 2HH

Tel: 02920 68400

Email : wales@ico.org.uk

1st June 2018