information we may collect from you and the purpose for our collection of it.
1. General Data Protection Regulations
As data controller and when handling any personal information we take all necessary steps to comply with the Data Protection Act 1998 (as modified by the General Data Protection Regulations 2016) and relevant subordinate legislation. When you supply any personal information to us we will meet our legal obligations to you in the way that we deal with that information. In accordance with the Data Protection Principles we are required to collect personal information fairly and to let you know how we will use it (see section 2 below) and whether we will pass the information onto anyone else (see section 3 below). We will comply with the Principles by ensuring that:
- All personal information supplied to us is held securely
- Information will be held only as long as necessary for our services
- We use up-to-date industry procedures to keep personal data as safe and secure as possible against loss, unauthorised disclosure or access (see section 5 below)
2. What personal information do we collect and why do we collect it?
We may collect the following types of information:-
(a) Web analytic data
(c) Contact information and other personal information.
In common with many websites we reserve the option to collect information about online behaviour using cookies, which contain identification information that enables us to see how users are interacting with the site and how frequently they are returning. The cookies do not contain any information which enable you to be personally identified and are not combined with other information the Parish Council holds to provide personally identifiable information.
If we do want to collect personally identifiable information through our website, we will be transparent about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Only the information in (c) is Personal Data which falls within the provisions of the Data Protection legislation. We may come to hold your Personal Data (such as name, email address and other contact information) when you contact us to make comments, submit a problem or request information from us.
3. To whom will we supply your personal data?
Data about traffic and usage of the site together with information collected about online behaviour using cookies may be shared with third parties but only in aggregated anonymous form.
We do not disclose personally identifying information except in very specific instances.
It is not our normal policy to release (sell, trade, provide or rent) your information to other parties.
If a good reason for changing that policy were to arise it would remain the case we would not
release any of your personal data without having first obtained your consent at the point of
collection of your personal data. If you do give us that permission we will only share information
with organisations we have carefully selected and believe to be reputable. (See also paragraphs 3.1 and 3.2.)
Where an individual provides personal information (such as name, email, address and other contact information) to us via our website for whatever purpose (eg, survey, feedback etc.) that personal information will only be used for the purpose of communicating with you in relation to the matter raised or for any other purpose for which you have given your consent.
The Parish Council will regard it as normal processing to share communications internally between current parish councillors to ensure that any issue raised is properly dealt with.
Specific personal information may be released where we are required to do so eg, court order or for any of the Council’s statutory purposes.
3.1 Will you use my personal information for direct marketing? Can I prevent this?
Personal data obtained from optional surveys or contests may be used by us for the purpose of
making you aware of other services or promotions from the Council, which we think you may be
interested in. It is not our normal policy to release such information to other parties for direct
marketing. If a good reason for changing that policy were to arise it would only be in a case where the third party had been carefully selected/vetted, and we would not release any of your personal data without having first obtained your consent at the point of collection of your personal data. Such consent may also be withdrawn at any time by sending an email to:
email@example.com and typing Remove in the subject line. In addition, if we send you a direct marketing communication it will include an option to remove yourself from the mailing list.
3.2 Is my personal information sent abroad?
Countries in the European Economic Area (EEA, which includes the UK at time of writing) are
required to have a similar standard of protection of personal data. Lower standards often apply
outside that area. The Parish Council does not propose releasing such material outside the EEA. In addition, before releasing any data to a third party under the constraints above, guarantees will be elicited that processing of this personal information will continue to restricted to the EEA, and we will take all reasonable steps to ensure that data is held with adequate security.
4. Links to other websites
extend to your use of, provision of data to and collection of data on any other website to which you may link by using the hypertext links within our website.
We take care to ensure the security of the Smeeth Parish Council website and your personal
information. We have put in place appropriate technical and organisational measures to ensure the safety and security of the information we collect on line. Any third party processing such
information on the Parish Council’s behalf is contractually obliged to put in place similar measures. However, you should consider any communication that you transmit to us (such as data, questions, answers, comments or suggestions) as non-confidential. The Parish Council will not be liable if information that belongs to you is intercepted and used by an unintended recipient.
7. Access to personal information and contacting us
Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulations. If we do hold information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to
- Let you have a copy of the information in an intelligible form.
If you wish to find out what information we hold about you please contact us providing your contact details, a brief description of the information you require and enclose proof of your identity. This could be a scanned copy of a household bill, passport or driving licence. You will receive a response to your request within 20 days.
If at any time you feel that we have failed to meet these standards then please either contact us or make a complaint direct to the Information Commissioner using their website: www.ico.org.uk/concerns