HEVER PARISH COUNCIL
General Data Protection Regulation (GDPR) 2018
Hever Parish Council processes very little personal information (and rarely sensitive information) and has always respected your privacy.
HPC is a public authority and has certain powers and obligations and therefore HPC has a lawful basis for processing information, which is our “Public Task”– which means the processing is necessary for HPC to perform a task or for compliance with a legal obligation in the public interest and / or the council’s statutory functions and powers.
The GDPR enhances the existing data protection legislation. We therefore wanted to make sure that you are absolutely clear about the information we hold, and how we use it.
So, we’re updating our Policy to make it easier for you to understand what information we collect and why we collect it, so you are aware of how we safeguard your information and protect your privacy. All personal information is collected and used fairly, stored safely and not disclosed to any other person unlawfully.
You may of course opt out of communications with the HPC at any time. If you would like to do that now, please email us at firstname.lastname@example.org.
We hope this gives you all the information you need to make the decision you want to make, and of course, we hope you’ll choose to stay in touch.
The personal data held may consist of a combination of title, name, address, phone number and email address.
The categories of personal information processed by the council may include:
- Communications with individual local residents including letters, complaints and council surveys
- The council’s employment and recruitment records (e.g. employment contracts, and job applications)
- Contracts with individuals and contracts which require processing of personal data
- Arrangements with volunteers
- Communications with third parties e.g. principal authorities, local charities, sports clubs, HMRC and staff pensions provider
- Legal proceedings or transactions with individuals.
- Personal data will only be collected it if is relevant and limited to what is necessary to collect to help HPC communicate with those who have contacted us.
- Individuals shall be made aware of their rights (for example, by adding a notice at the bottom of newsletters advising members how to unsubscribe from future newsletters).
- HPC shall take reasonable steps to ensure the personal data it holds is accurate and, where necessary, kept up to date.
- Personal data will be deleted if requested or if it no longer is necessary to hold.
- Personal data will be processed in a manner that ensures appropriate security (for example, by using Windows 10 proversion for encryption, when emails are sent to all members, members should be bcc’d to ensure their email addresses are kept private).
- HPC will never pass personal data to a third party without consent. We never give your details to third parties to use your data to enable them to provide you with information regarding unrelated goods and services.
- HPC will review this policy annually, the Clerk will monitor changes in legislation and best practice and ensure the full Council and those in contact with the Council are aware of this policy and adhere to it.
- HPC will complete a data audit and data risk assessment annually. The website and IT support will be provided by a professional, independent IT expert with suitable privacy notices.
- For future personal information processed, clear consent will be obtained.
In running and maintaining our website we may collect and process the following data about you:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access.
- Information provided voluntarily by you. For example, when you register for information.
- Information that you provide when you communicate with us by any means.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “setting” section of your computer. For more information please read the advice at AboutCookies.org.
HARD COPIES OF INFORMATION
Any personal information is kept in a locked filing cabinet in the Clerk’s office.
Any information to be disposed of will be done securely.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
1) The right to access personal data we hold on you · At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month. · There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2) The right to correct and update the personal data we hold on you · If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
3) The right to have your personal data erased · If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold. · When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
4) The right to object to processing of your personal data or to restrict it to certain purposes only · You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
5) The right to data portability · You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained · You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
7) The right to lodge a complaint with the Information Commissioner’s Office. · You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.