The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 regulate the processing of information relating to individuals. This includes the obtaining, holding, use or disclosure of such information.
To make sure that we handle personal data lawfully and appropriately we must comply with the Act, and in particular the Data Protection Principles. These require that personal data must be:
- processed fairly, lawfully and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and necessary
- accurate and where necessary up to date
- kept in identifiable form for no longer than necessary
- processed securely
Your rights under the act
Your rights under the act are:
You have the right know whether your personal data is being processed and if so, the right to have a copy.
You have the right to have inaccurate personal data rectified without undue delay.
In certain circumstances you have the right to have your personal data erased or deleted.
In certain circumstances you have the right to restrict us from processing your information.
You have the right to receive the personal data which you have given us (the data controller) in a structured, commonly used and machine-readable format.
You have the right to object at any time to the processing of your personal data. We (the data controller) will no longer process your data unless we can show that there is a good reason to do so. This must override your interests, rights and freedoms, or be for our defence of legal claims.
Under the Act you have the right, subject to exemptions, not to be subject to a decision when it is based on automated processing.
Request to see your information
Please use the Subject Access Request Form.
A reply to a subject access request is normally made within one month. Proof of ID and any information needed to locate the information may be required.
Report incorrect data
You should write to us telling us what data is incorrect. We must respond to you within 21 days.
Make a complaint
We do our best to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously.
How long we keep your personal data
We will not keep your personal data for no longer than is necessary. The Data Retention Policy tells us how long we can keep personal information.
Further information about the Data Protection Act can be found on the Information Commissioner’s Office website.
Elsewhere on the web
- Information Management Strategy - PDF 603Kb
- Elected Member Protocol - PDF 53Kb
- Privacy Notice - PDF 163Kb
- Privacy Notice - Insurance and Risk - PDF 100Kb
- Privacy Notice - Financial Systems - PDF 197Kb
- Privacy Notice - Financial Control and Closing - PDF 197Kb
- Privacy Notice - Governance - PDF 146Kb
- Privacy Notice - Budgetary Support - PDF 195Kb
- Privacy Notice, Direct Payments - PDF 149Kb
- Privacy Notice, Social Services and Wellbeing - PDF 221Kb
- Privacy Notice, Legal Services - PDF 155Kb
- Privacy Notice, Electoral - PDF 213Kb
- Privacy Notice, Education and Family Support - PDF 292Kb
- Privacy Notice - Housing - PDF 234Kb
- Privacy Notice - Mental Health Service - PDF 126Kb
- Data Protection Policy - PDF 310Kb
- Privacy Notice, Freedom of Information - PDF 212Kb
- Privacy Notice, HR - PDF 296Kb