Data protection privacy notice
Chesterfield Borough Council is committed to protecting your privacy when you use our services.
This privacy notice explains how we use personal information about you and how we protect your privacy; we also have a series of service specific privacy notices.
Our data protection officer makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information please contact the data protection officer:
- by phone on 01246 345345
- via email to dpo@chesterfield.gov.uk
- by post to: Data protection officer, Chesterfield Borough Council, Town Hall, Rose Hill, Chesterfield, Derbyshire, S40 1LP
Chesterfield Borough Council is the data controller for most of the personal information you provide. In some cases we act as a data processor on behalf of another data controller. If this is the case, it will be clearly identified in the detailed service specific privacy notice.
The council is registered as a data controller with the Information Commissioners Office (ICO). Our registration number is Z5899205.
How and why we process your data
We need to process personal information about our customers, service users and local residents so that we can:
- provide you with council services
- review and improve the services we provide
- keep track of our spending across services
- train and manage our employees who deliver those services
- process payments to and from us
- meet our statutory obligations
- investigate and respond to complaints and reports
To protect your privacy, we put safeguards in place in order to ensure that:
- we only collect what we need
- the information we hold about you is accurate
- your information is only used for the stated purpose
- your information is only kept for as long as we need it
Providing accurate information
It is important that we hold accurate and up to date information about you so that we can assess your needs and deliver the appropriate services. If any of your details have changed, or change in the future, please tell us as soon as possible so that we can update your records.
Your rights
The Data Protection Act 2018, and the UK General Data Protection Regulation (GDPR), give you a number of rights to control what happens to your personal information and how it is used.
You can use these rights by providing relevant details to dpfoi@chesterfield.gov.uk or by applying online.
Please note: not all of these rights apply to all processing. You can find more information about your rights and when they apply on the ICO website.
You have the right to request that we correct inaccuracies in the information we hold about you.
We can’t guarantee we will be able change that information, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can do this either through the contact form or email above, or by contacting a specific service directly.
You have the right to know whether or not we hold information about you, and to see a copy of it. This is usually known as a subject access request (SAR).
You can make a subject access request using the contact information above.
There is some information that we may hold about you that we can’t give you access to. This includes:
- parts of your record that contain information about other people (unless it’s information you provided to us)
- information that may cause serious harm to you or someone else’s physical or mental health
- where we think that disclosing information may stop us from preventing or detecting a crime
Sometimes known as the right to be forgotten, you have the right to request that we erase your personal information in certain situations where there is no compelling reason for your data to be retained.
In certain circumstances, you have the right to object to processing of your data.
This includes withdrawing your consent for direct marketing.
To do this, you can either use the contact details above, or contact the relevant service directly.
Restricting processing is an option where we need to time to consider an objection, or a request to rectify data.
This means that use of your information is temporarily suspended while the data processing is reviewed.
You have the right to ask for your personal information to be given back to you, or another service provider of your choice, in a commonly used format.
This is called data portability. However this only applies if we’re using your personal information with consent or in the performance of a contract (not if we’re required to by law) and the data is only processed electronically.
It’s unlikely that data portability will apply to the services you receive from the council, but if you think that this is relevant please contact us.
Remember, you also have the right to see a copy of the information we hold about you – this is called a subject access request (see above).
Automated decision-making describes a process where decisions are made about you without any human intervention.
Profiling means that bits of information about you are combined to create a profile that is used to predict something about your behaviour.
You can ask to have any computer-made decisions explained to you, and you have the right to question decisions made about you by a computer, unless it’s required for a contract you have entered into, required by law, or you’ve consented to it.
How long do we keep your information?
The council will only keep your information for as long as it is necessary for the purposes stated. This will be governed by both legal requirements and operational needs.
Data sharing
We may share your information with other organisations where it is necessary to provide you with the service you’ve requested, for example where a service is delivered in partnership with another organisation. If information is processed by another organisation on our behalf, we will ensure that contracts and data sharing agreements are in place to enforce the security of your data.
In some cases, we have a legal duty to provide your personal information to other parties. For example these situations may include:
- the performance of our statutory duties
- disclosures required by law
- to detect/prevent fraud - see our web page on the National Fraud Initiative
- auditing and administering the use of public funds
- where there are safeguarding concerns or a risk to public health
We may decide to share your information with a third party if the law enables us to do so. For example, this might include:
- sharing data with the police for the prevention or detection of crime
- sharing information with the emergency services
- sharing data with government departments or executive agencies for research and statistical purposes
All council officers are required to complete annual data protection training to ensure that your personal data is processed fairly and lawfully.
Complaints
If you have any worries or questions about how your personal information is handled please contact our data protection officer:
- by phone on 01246 345345
- via email to dpo@chesterfield.gov.uk
- by post to: Data protection officer, Chesterfield Borough Council, Town Hall, Rose Hill, Chesterfield, Derbyshire, S40 1LP
If you want to complain to the council about the way your personal information is being processed, please see our complaint procedure.
Independent advice
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO):
- by phone on 0303 123 1113
- by post to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- online at www.ico.org.uk