Stanford Parish Council (the Council) processes (that is, obtains, stores and uses) personal data in compliance with the Data Protection Act 2018 which incorporates the General Data Protection Regulations (GDPR). The Council is a Data Controller and the controller’s representative is the Clerk who may be contacted by email at [email protected] or at 9 Penfold Gardens, Shepherdswell, Dover, Kent, CT15 7PQ. The Council has not appointed a Data Protection Officer.
Where we may collect personal data
The Council may obtain personal data from:
- publicly available sources;
- information supplied by other government bodies or agencies, including the statutory register of electors;
- information supplied by organisations and individuals in correspondence with the Council, including telephone conversations, email and website contact forms; and
- by survey activities.
Why we collect personal data
The Council needs to collect and process personal data from members of the public (‘data subjects’) in order to carry out its statutory duties, including maintaining accounts and records. Personal data of councillors, employees, contractors and volunteers performing work for the Council is kept only so as to enable that work to be carried out and managed. Personal data of others, including parishioners, is needed in order to deal properly with enquiries and serve their best interests as well as pursuing the Council’s legitimate interest.
What data do we keep?
The personal data kept by the Council is normally limited to contact details but may include other data, including special categories of personal data, offered by correspondents or lawfully obtained in order to serve correspondents’ best interest. ‘Special categories’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
What do we do with your data?
Personal data, including contact details, of persons making enquiries to the Clerk or to any Councillor are not shared more widely than is strictly necessary to deal with the enquiry. To this end the Council may share enquirers’ personal data within the Council and with officers of higher tiers of government or other appropriate organisations. The Council will not publish personal data or pass it on to any individual, or to other elected members of the government without the data subject’s express permission. ‘Appropriate organisation’ here means an organisation that the data subject might reasonably expect to be able to help with his/her enquiry and which is also bound by the GDPR. ‘Individual’ means a person not part of an appropriate organisation.
Where, with consent, personal data is passed on to an individual, that individual is reminded not to pass on that personal data without permission. (To do so would be an offence under the Act.)
Do we need your consent?
Personal data will be processed without consent only where necessary for the particular purposes listed in the GDPR Art 6(1) and Art 9(2).
How is personal data kept and for how long?
All personal data is kept only for so long as it is needed for the purpose for which it was given and thereafter deleted or anonymised. Data retention periods are specified in the Council’s Data Retention Policy.
Personal data is secured in lockable drawers or cabinets or in password-protected electronic files. Files on portable devices are encrypted.
Your rights as a data subject
Data subjects have the right to:
- obtain a copy of their personal data held by the Council;
- require rectification of their personal data where it is in error;
- withdraw consent for their personal data being used by the Council for one or more purposes;
- request the Council to remove their personal data from its records.
Requests for access to and/or rectification or erasure of personal data must be made in writing to the Clerk and will be dealt with in accordance with the Council’s Publications Scheme.
If data subjects are not satisfied with the way the Council processes their personal data they may complain to the Information Commissioner’s Office www.ico.org.uk.
Adopted by the Council 25 July 2018
Edited to improve accessibility and update email address May 2020
Edited to refer to website and update clerk's address October 2021