Councillors’ privacy notice
Elected members are data controllers in their own right for parts of their role and must ensure that any personal information they hold / use in their office as an elected member is treated in line with the Data Protection Act 2018 (DPA) which incorporates General Data Protection Regulations (GDPR). Under the DPA, your district councillor is required to give you information about how he/she will collect, use and store any personal data you give to them as your district councillor.
When constituents ask for their councillors’ help and assistance, the councillor will need to collect some information from them. This will generally include personal information such as name, address and contact information together with details of the problem or concern.
The councillor may also require personal information known as ‘special’ information. This data requires more protection due to its sensitivity. This information consists of racial or ethnic origin, sexuality and sexual life, religious or philosophical beliefs, trade union membership, political opinions, genetic and bio-metric data, physical or mental health and criminal convictions and offences. It will only be necessary for councillors to collect this type of information where it is of relevance to the request the constituent is making.
Lawful basis for processing
Under data protection law, councillors must have a valid lawful basis for processing your data. This could be either:
- consent – you have given your consent for them to process your personal data for a specific purpose, e.g. distribution of a councillor’s newsletter.
- public task – as councillor for the purpose of responding to requests from you where this is permissible.
- legitimate interests – of the councillor and of constituents (the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests)
Sharing your information
Councillors may need to pass your personal details and the circumstances of your query/complaint to third parties so that they can look into the matters you have raised. Third parties may include district council staff or other ward councillors. If your enquiry involves services provided by another agency e.g. Oxfordshire County Council, other local authorities, government agencies, public bodies, health trusts and regulators then your councillor may need to share your information with them in order to resolve your issue. Any third parties with whom data is shared with are obliged to keep these details securely, and to only use the data for purposes already communicated.
Apart from the above, your personal details will not be passed on to anyone else unless your councillor is required to do so in particular circumstances. These circumstances may include: court proceedings, detection and/or prevention of crime or fraud, to protect the vital interests of a person.
Please note: if you ask your councillor not to disclose information identifying you to other third parties, it may not be possible for them to progress your requests or queries on an anonymous basis.
Keeping your data safe
Councillors are required to take reasonable security measures to ensure personal information within their control is protected from accidental loss or alteration, inappropriate access, misuse or theft.
How long your data is kept
Councillors will only keep your personal data for as long as needed to fulfil their obligations, and to comply with any legal requirements for keeping certain types of data. Your councillor will delete your details at the end of their current term as a district councillor, which is May 2023, unless the matter they are assisting you with is still current. If this is the case and your councillor is re-elected, he/she will continue to hold your data until it is no longer needed. If that person is not re-elected, he/she will pass your details onto your new councillor.
Where councillors rely on your consent to use your data, electronic data and paper records will be kept for a period of four years or until you remove your consent for its use.
You have several rights regarding your personal data, these are:
- Right of access – you have the right to request a copy of the information that is held.
- Right of rectification – you have a right to have data that is held about you corrected if it is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data held to be deleted.
- Right to restriction of processing – where certain conditions apply you have the right to ask to restrict processing of your data.
- Right of portability – in certain circumstances you have the right to have the data held about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
- Right to object to automated processing, including profiling –you are entitled to protection against damaging decisions being made about you due to automated processes based on digital or other information held, and without human intervention, except for some situations where this is authorised by law.
If you gave your data with consent, you have the right to withdraw that consent at any time. Please just get in touch with us.
If you wish to exercise your rights or are dissatisfied with how your personal information has been used whilst transacting business for the council, please contact the council’s Data Protection Officer, who is Patrick Arran.
You can either call 01235 422485 or contact us by email to firstname.lastname@example.org and your concerns will be fully investigated.
If, after we have investigated your concerns, you are not satisfied with our conclusion, you have the right to refer the matter to the Information Commissioner’s Office (ICO). You can reach them through this link to their website or call them on 0303 123 1113. Their mailing address is:
Information Commissioner’s Office