Braintree District Council is committed to protecting and respecting your privacy. This privacy statement explains how the Council uses information about you and the ways in which we protect your privacy.
For the purposes of data protection, Braintree District Council is the Data Controller for the personal information you provide. Braintree District Councils Data Protection Officer is Ian Hunt and can be contacted at DPO@braintree.gov.uk or by calling 01376 552525
What is Personal Data?
Personal data is any information relating to a living person who can be identified from that data directly or indirectly such as name, photograph, identification number, location data or online identifier. There are also special categories of personal data referred to as ‘sensitive personal data’ and the categories include genetic data, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.
The General Data Protection Regulations 2018 state that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for the purpose of carrying out your enquiry or processing your application
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary and for the purpose we have advised you of
- Kept securely ensuring appropriate security measures are in place to protect your personal data from loss, misuse, unauthorised access and disclosure
- Destroyed securely when no longer required
How we will use the information about you?
Personal information you supply to us may be used in a number of ways. We collect information about you to:
- Deliver pubic services including understanding your needs to provide the service to you and to provide support to you
- Process and make decisions on applications you have sent us
- Help investigate complaints or concerns you have raised about the service provided
- Process financial transactions including grants and payments for goods and services supplied to the Council
- Help detect and prevent fraud and corruption in the use of public funds and where necessary for law enforcement functions
- Maintain our own accounts and records
- Help us build up a picture of how we are performing
- Provide statistical analysis
- Send you communications which you have requested and consented to that may be of interest to you.
Our processing may also include the use of CCTV systems for the prevention and prosecution of crime.
What is the lawful basis for processing your personal data?
As a public Authority, Braintree District Council has certain powers and obligations. Personal data may be processed to comply with a legal obligation or we may process your personal data if it is necessary for the performance of a contract with you. In the majority of cases, personal information will be required to carry out a public task such as collection of your waste.
On occasions, we will require consent to use your personal data. This will be obtained through a clear ‘opt in’ method and details of how you can ‘opt-out’ will also be provided.
Who will the data be shared with?
Depending on the purpose for which we originally obtained your personal information, we may share this with other departments within the council to deliver services or share information with other local authorities or organisations such as suppliers or contractors, voluntary organisations or not for profit organisations for the purposes of carrying out joint ventures or referring you to support services.
On occasions we use companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection law. Arrangements involving sensitive personal data will have been formally assessed in more detail for their compliance with the law.
Sometimes we have a legal duty to disclose your information to other organisations or make it available in a public way. This is often because it forms part of an application, legislation requires it or where court orders are in place. In these situations we do not have an option but will be clear about how we use your information.
In most other cases we will not disclose personal data without consent. However, there are situations where consent would not be required such as when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:
- For the detection and prevention of crime/fraudulent activity; or
- If there are serious risks to the public, our staff or to other professionals;
- To protect a child; or
- To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
- Where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality.
On occasions the Council will undertake research into various topics. When using personal data for research purposes, the data will usually be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.
We do not sell personal information to any other organisation for the purposes of direct marketing.
How do we keep information secure?
We take appropriate steps to make sure that the information we hold about you either electronically or on paper is held is a secure way. Your personal information will only be made available to those who have a right to see them. Our security measures include:
- Access controls on databases/systems
- Security training for all staff
- The Councils offices and facilities have appropriate physical security
If you require any further information, you may request to see a copy of our Information Security Policy.
How long do we keep your personal information?
Retention periods will differ depending on the reason you are providing information to us and whether we are legally required to keep personal data indefinitely. We will provide you with details on how long your personal information is retained for when you first contact us in relation to your transaction with the Council. In general, we will endeavour to keep data only for as long as we need it. This means we will delete your personal data when it is no longer needed.
For further information, please see our retention policy which explains the retention periods for all information held by the Local Authority.
Your rights and your personal data
You have the following rights in relation to your personal data:
- The right to access personal data we hold on you. You can request this at any time including details as to why we have that personal data, who has access to the personal data and where we obtained the personal data from. Please email us at DPO@braintree.gov.uk or write to us at Braintree District Council, Causeway House, Bocking End, Braintree, CM7 9HB. Alternatively, please complete and return the data protection act – request for personal data form.
- The right to correct and update the personal data we hold on you. If any of the personal data we hold on you is out of date, incomplete or incorrect, you can inform us and we will update your personal data.
- The right to have your personal data erased. If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold. We may not be able to delete your personal data if it is required to comply with a legal obligation.
- The right to object to processing of your personal data or to restrict it to certain purposes only. You have the right to request that we stop processing your personal data or to ask us to restrict the processing. We will contact you to let you know if we are able to comply or if we have a legal obligation to continue to process your personal data.
- The right to data portability. You have the right to request that we transfer your data to another controller. We will comply with your request where it is feasible to do so within one month of receiving your request.
- The right to withdraw consent. You have the right to withdraw your consent to the processing of personal data to which consent was obtained by contacting us either by email or post. We may not be able to stop processing of your personal data if however it is required to comply with a legal obligation, however we will explain this.
When exercising any of the rights listed above, we may need you to verify your identity for your security to process your request.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office or by calling them on 0303 123 1113.
Transfer of data abroad
Any personal data transferred to countries or territories outside the European Economic Area will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
Links to other websites
Our website contains links to external websites. However, this privacy notice does not cover these links and we would encourage you to read the privacy statement on the external websites you may visit.
Using our Website
If you are a user with general public access, our website does not store or capture personal information, but merely logs a number called your IP address which is automatically recognised by the system.
The system will record personal information if you:
- Subscribe to or apply for services that require personal information
- Report a fault and give your contact details for us to respond
- Contact us and leave your details for us to respond
Any concerns or queries about this privacy notice should be sent to DPO@braintree.gov.uk