Rother District Council collects, holds and uses a considerable amount of information, including personal data, so that it can provide its services to you. Rother District Council is fully committed to protecting your personal data. This privacy notice explains how we use and protect your personal data and tells you how the law protects you.
This privacy notice is set out in a layered format so you can click through to the specific areas set out below. At the bottom of this page you will find a list of the services we provide. Under each service you will find a link to a privacy notice that explains what personal information that service collects and how it uses and protects your personal data.
The Personal Data we Collect
How we Collect your Personal Data
How we Use your Personal Data
Purposes for which we will Use your Personal Data
Sharing your Personal Data
Where we Store your Personal Data
Security of your Personal Data
How long we Keep your Personal Data
Links to other Websites
Your Legal Rights
Rother District Council (collectively referred to as “the Council”, “we”, “us” or “our”) is a data controller for the purposes of the Data Protection Act 1998 and, from the 25 May 2018, the General Data Protection Regulation 2016. This means that we are responsible for the personal data we collect, hold and use. The Council is registered with the Information Commissioner’s Office under registration number Z529954X.
If you have any questions or concerns about how your personal data is handled, you can contact our Data Protection Officer (DPO), Graham McCallum, at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) at the address provided below. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Information Commissioner’s Office
This version was last updated on 16 April 2018.
Rother District Council reserves the right to change this privacy notice at any time and, in particular, to reflect any changes that may be brought in under the General Data Protection Regulation 2016 after 25 May 2018. Although this privacy notice sets out your rights under the new laws, we may not be able to respond to some of your requests until after May 2018 as we are still working towards getting our systems ready for the new laws.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if any of your personal data changes so that we can ensure that you continue to receive services from us without disruption or delay.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data that has been anonymised and from which you can no longer be identified.
Some personal data is considered to be “sensitive” and therefore requires a greater level of protection. This includes information such as your ethnicity, religious beliefs, physical or mental health, trade union membership, political opinion or details of previous allegations or convictions.
We collect, hold, use and transfer different types of personal data about you:
Identity Data: this includes your full name, title, date of birth, marital status, gender and unique identifiers (such as your National Insurance number).
Contact Data: this includes your home or business address, email address and contact telephone numbers.
Financial Data: this includes financial and payment information such as your bank account details and payment card details.
Communications and Marketing Data: this includes your preferences in how you like to receive information and communications from us and includes, for example, whether you wish to receive information about other services we provide that we believe might interest you or our weekly issue of My Alerts.
Technical and Usage Data: this includes information we collect when you use our website, such as the internet protocol (IP) address, your login data, browser type and versions, time zone setting and location, browser plug-in types and versions, operating systems and platform.
To remember settings you have chosen and actions you have taken.
To gather information about how our website is used to help us maintain and develop our services.
Closed-circuit television (CCTV) is operated in and round the Council’s properties (including the Reception area, our offices, car parks, libraries and council housing communal areas). The purpose of the CCTV is to ensure the safety of our staff and for the purposes of the prevention and detection of anti-social behaviour and crime. CCTV footage is normally held for 14 days and may be shared with the police or other enforcement agencies for the prevention and detection of criminal behaviour.
Most CCTV cameras located on highways and public spaces are operated and controlled by Sussex Police under their own policies.
We collect this personal information in the following ways:
Direct interactions with you: You may give us personal data by completing forms on our website or by contacting us by phone, email or in person. This includes the personal data you provide when you sign up for our services, pay bills or fines, request a service (such as bulky rubbish removal), report issues or complaints or complete a survey.
Provided by third parties: We work closely with external parties and governmental agencies in providing our services to you (for example, the Department for Work and Pensions, the police, debt collection agencies, other public authorities across East Sussex, social landlords, or contractors) and may receive information about you from them.
Automated interactions or technologies: Our systems automatically collect information as you use and interact with our website or web-based services.
If you do not Provide your Personal Data
Where we need to collect your personal data in order to provide you with one of our services or because we are required to do so by law and you fail to provide your personal data when requested, then we may not be able to provide you with the service you requested or are entitled to receive. If this is the case we will notify you to discuss this at the time.
The Council will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where you (or your legal representative) have given us your consent.
Where you have entered into a contract with us.
Where we need to comply with a legal or regulatory obligation.
Where it is necessary for our legitimate interests and your interests and legal rights do not override those interests.
You can click on the privacy notice for each Council service to find out more about the personal data we collect and the type of legal basis we rely on to process your personal data.
We will use your personal data to effectively provide our services, including to:
Provide the services requested by you.
Communicate with you about the services we provide.
Process and respond to request, enquiries and complaints received from you.
Process payments received from you.
Carry out identity checks.
Carry out credit checks.
Calculate and provide benefits and other support to you (e.g., council tax liability support).
Provide housing support to you.
Detect and prevent anti-social behaviour or criminal activity.
Detect and prevent fraud and fraudulent activity.
Protect public and environmental health.
Ensure public safety (e.g., flood prevention).
Protect public funds and comply with our legal and regulatory obligations.
Monitor and improve the services we provide.
Comply with our audit responsibilities.
Maintain and update our records.
Enable third parties to carry out any services on our behalf.
Change of Purposes
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we will need to use it for another legitimate reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may need to process your personal data without your knowledge or consent, where this is required or permitted by law.
We may have to share your personal data with third parties for the following reasons:
We sometimes use service providers and agents to process personal data on our behalf. Before doing so we put in place a contract with them to ensure that adequate safeguards exist to protect your personal data.
We may use and check your personal data for the investigation and prevention of fraud, anti-social behaviour and criminal activity. This may include sharing your information with police services, credit reference agencies, governmental organisations and other local authorities. We also take part in the National Fraud Initiative’s anti-fraud data matching exercise for these purposes.
We will share your personal data where we are required to do so in order to comply with a legal or regulatory obligation or as part of any legal proceedings; or where disclosure is necessary to protect the rights, property or safety of our customers or the public.
We may share your personal data with debt recovery companies for the collection of unpaid charges on our behalf.
We may disclose personal data contained in any planning or licensing applications you make for the purposes of enabling decisions on those applications to be made at committee. If we need to disclose your personal data for such purposes, we will obtain your consent at the time you make the application.
We share your personal data internally for our own data matching exercise, using names, addresses and dates of birth. We compare computer records held by one department against the records held by other departments within the Council, to check they match. This helps us to ensure the personal data we hold is accurate and up to date and identify customers by a single customer record.
All local authorities have a duty to improve the health of the population they serve. We therefore use data and information from a range of third parties (e.g., hospitals and healthcare providers) to understand more about the nature of ill health and diseases in the area.
We store your personal information on our secure servers or on cloud-based servers. Where we use cloud-based servers we ensure that the cloud hosted system meets rigorous security standards. All data that we transmit over the internet, including to cloud-based systems, is encrypted.
While we cannot fully guarantee the security of the personal data you transmit to our site (which is done at your risk), once we have received your personal information, we will use strict procedures and security measures to prevent any unauthorised access to, or loss of, your personal data.
Occasionally your personal data may be stored in countries outside the European Economic Area (EEA). If this occurs we will ensure that adequate procedures and security measures are in place to protect your personal data.
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, accessed or used without authority, or disclosed without your consent. We also limit access to your personal data to those of our employees, contractors, service providers or other third parties who need to know so that they can provide our services to you. They will only process your personal data on our instructions and are under a duty of confidentiality.
The Council has also put in place procedures to deal with any suspected breach of personal data and will notify you and the ICO of any breach where we are legally required to do so.
We will only retain your personal data for as long as is necessary for the purposes for which we collected it. We will also retain it where we are required to do so for the purposes of meeting our legal or regulatory requirements.
When deciding how long to keep your personal data we consider the amount, nature and sensitivity of the data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as any applicable legal requirements.
Our website may contain links to the websites of local service providers or other local authorities or governmental organisations. If you follow a link to any third party websites, please be aware that those websites have their own privacy policies that will apply to your access and use of that website. The Council does not accept any liability for your use of those websites.
The General Data Protection Regulation gives you a number of rights in relation to your personal data. If you wish to exercise any of these rights please contact our Information Governance team on email@example.com. You must submit your request in writing or by completing our online request forms.
Request access to your Personal Data
You have the right to ask for a copy of all the personal data we hold about you (this is known as a Subject Access Request). When we receive a request from you, we must give you access to a copy of everything we’ve recorded about you. We must do this within 20 days of receiving your request. You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is repetitive or excessive.
We do not have to give you access to any parts of your personal records which:
Contains confidential information or personal data about other individuals.
A professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing.
We consider will stop us from preventing or detecting a crime or criminal behaviour.
Request that we correct your Personal Data
If you believe that any personal information we hold about you is incorrect or not up to date or you disagree with any information contained in your personal records, then you can submit a request for us to correct this information.
We may not always be able to change or remove that information but we will correct factual inaccuracies and will include your comments in your records to show that you disagree with that information.
Request that we delete your Personal Data
In some circumstances you can submit a request to ask for your personal information to be deleted. This is known as the right to be forgotten. This can happen, for example, where:
You no longer wish to receive a particular service from us.
You have removed your consent for us to use your personal data (where there is no other legal reason for us to hold and use that information).
There is no legal or regulatory requirement for us to hold and use your information.
Where we have shared your personal data with third parties we will take reasonable steps to ensure that those processing your personal data comply with your request to be forgotten.
We will be unable to comply with your request where:
We are required to collect and hold your personal data by law.
Your personal data is used for public health purposes.
Your personal data is being used in legal proceedings.
Request that we restrict how we use your Personal Data
You can ask us to restrict what we use your personal data for where, for example:
You do not wish to receive a particular service from us.
Where we no longer have a legal basis for using your information but you do not want your information to be deleted.
Please be aware that if you have asked us to stop using your personal information, in some circumstances this may prevent us from delivering our services to you or cause delays in doing so. Where we have restricted your information, we will contact you to notify you if any services are affected.
Request that we transfer your Personal Data
You can ask us to transfer your personal records to yourself or to another service provider. This is known as data portability.
This right only applies to personal information we are using with your consent and if decisions relating to that personal information were made by a computer (e.g., risk profiling). Data portability will not apply to most of the services you receive from the Council and does not apply to information that we are required to use by law.
You can ask us to provide you with details of how decisions were reached by a computer and have these decisions explained to you. You also have a right to object if you are being profiled though please be aware that we will only use your personal data for profiling with your consent.