Our policy is committed to respect and protect your privacy and this Privacy Notice explains how Rochford District Council as the Data Controller collects, uses and protects personal data that we hold.
This Privacy Notice lets you know how the Council looks after your data, how it is done and your privacy rights. If you have any concerns or queries about how your personal information is handled contact Angela Law at DPO@Rochford.gov.uk
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that
data. Identification can be by the information alone or in conjunction with any otherinformation in the data controller’s possession or likely to come into such possession such as;
a name (e.g. full name, name and initials)
an identification number (e.g. National Insurance No., National Health No.)
location data (e.g. address, place of work)
an online identifier (e.g. email address – this includes work email addresses
which include a name; internet protocol addresses etc.)
one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person.
Personal data can also be classed as ‘sensitive’ and is not widely know and very personal to you such as;
racial or ethnic origin
political opinions, religious or philosophical beliefs, or trade union membership.
genetic data (e.g. DNA)
biometric data (e.g. facial images, finger prints),
data concerning physical and mental health (e.g. medical records, Doctors’ letters
data concerning a natural person's sex life or sexual orientation
Who are we?
Rochford District Council is the Data Controller. This means it decides how your personal data is processed and for what purposes.
Contact details for the Council are:
Rochford District Council
Tel: 01702 546366
The Data Protection Officer details are:
The Council’s Data Protection Officer is Angela Law and can be contacted by email on DPO@Rochford.gov.uk
How do we process your personal data?
We comply with our obligations under the GDPR and the principles of the DPA by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA, we have a legal duty to protect any personal data we collect from you. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it.
We will not process any data relating to a child (under 13) without the express parental/ guardian consent of the child concerned.
What is the legal basis for processing your personal data?
Depending on how we are processing your personal data will determine the legal basis for processing. Generally, the legal bases for processing by the Council as a public authority will be:
To perform a function or provide a service required by statute (Article 6(1)(e) GDPR);
To comply with a legal obligation (Article 6(1)(c) GDPR);
Where the processing is necessary for the performance of a contract to which
you are a party or in order to take steps at your request prior to entering into a
contract (Article 1(b) GDPR);
Where disclosure is in the vital interests of yourself or another person (Article
6(1)(d) GDPR); and
With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR).
Where the purpose for processing your personal data has changed, we will seek your consent.
In certain circumstances you will be able to withdraw your consent to processing. Please contact the Council’s Data Protection Officer on the detailsprovided below, who will explain if your consent cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors or social housing providers. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
Where information is shared with other organisations or processed on our behalf, we will ensure adequate protection by ensuring contracts and sharing agreements are in place.
In most cases we will not disclose your personal data without your consent, however there are circumstances when your consent is not required such as the legal bases (1) – (4) above.
Where we require your consent to share or disclose your personal data, we will seek your consent.
How long do we keep your personal data?
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
to request a copy of your personal data which we hold about you;
to request that we correct any personal data if it is found to be inaccurate or out
to request that your personal data be erased where it is no longer necessary for
us to retain such data;
to withdraw your consent to the processing at any time;
to request that we provide you with your personal data and where possible, to
transmit that data directly to another data controller (where applicable) - please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we processes the data by automated means;
to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics
to lodge a complaint with the Information Commissioners Office.
You can access the personal information that we hold about you ((a) above) by submitting a Subject Access Request (SAR) to the Council. This request must be in writing and clearly specify the information you require. A SAR form is available onthe Council’s website to assist you with submitting a request. SAR form
If you would like to make a request in regards to the processing of your personal data please contact the Data Protection Officer on the details provided below. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.
Copies of Council policies
You may request copies of our following policies from the Data Protection Officer:
o Data protection policy
o Subject Access Request
o Information Management
o Records disposal guidelines
Data Protection Registration
The Data Protection (Charges and Information) Regulations 2018 requires every organisation or sole trader who processes personal information to register and pay adata protection fee to the Information Commissioner’s Office (ICO), unless they are exempt.
Rochford District Council’s registration with the ICO is under reference Z6617133.
The ICO publishes a Register of Controllers on their website at: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the Council’s DataProtection Officer: DPO@rochford.gov.uk
Or write to:
Data Protection Officer Rochford District Council South Street
Essex SS4 1BW
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the InformationCommissioner’s Office to investigate the matter further by writing to:
Information Commissioner's Office
Cheshire SK9 5AF