Governance privacy notice
This privacy notice explains what information the council needs in order to manage some governance processes.
Safeguards are in place to ensure that this data is kept secure and the privacy of individuals is protected.
Who is responsible for your information?
Chesterfield Borough Council is the data controller for the personal information collected.
Internal audit
Purposes of processing your personal data
Our internal audit team carry out random sampling of data to check processes and procedures are working the way they should be. Any information sampled will not be used or accessed by anyone else.
Categories of data and lawful basis
Our internal audit team may have access to potentially any personal data or sensitive personal data the council holds about you.
Under data protection legislation, we are permitted to use your personal information this way because the processing forms part of a public task.
Under data protection legislation, we are permitted to use your sensitive personal information this way because it is for reasons of substantial public interest.
Who we share your personal data with
This information will not be shared with anyone else.
Accident and incident reporting
Purposes of processing your personal data
We record details of security incidents, events and data breaches. We also record health and safety accidents, events and near-misses that happen on our premises or to our staff (both on and off-site). This could include capturing information about members of the public involved in an accident, individuals that threaten members of staff, and details of witnesses. For security incidents, we may record information about the data or records that are involved, or the impact of a data breach on the data subject.
The purpose of this processing is to protect our staff and the public by improving the safety of our sites and our employee’s operating procedures, as well as the security of our IT systems.
Categories of data and lawful basis
We may collect any personal or sensitive personal data in our incident registers.
Under data protection legislation, we are permitted to use your information this way because we have a legal obligation to protect our staff and anyone using our premises.
We also have an obligation to report data breaches to the Information Commissioner's Office, which requires reporting and investigation of security incidents.
Who we share your personal data with
We are legally obliged to report RIDDOR accidents to the Health and Safety Executive
We may report incidents of violent behaviour towards our staff to the police
We are legally obliged to report details of serious data breaches to the Information Commissioner’s Office.
Insurance claims
Purposes of processing your personal data
If you make an insurance claim against the council, we will need to process some personal information about you that relates to your claim, along with information about anyone else involved.
Information may also be used for the prevention and detection of fraud.
Categories of personal data and lawful basis
We may need to process some or all of the following categories of personal information:
- contact details
- photos
Under data protection legislation, we are permitted to use your information this way because we have a legitimate interest in keeping records of insurance claims. In this case, the council has a legitimate interest in assessing the validity of the claim, communicating about it with the insurance company, and keeping a record of it.
Categories of sensitive personal data and lawful basis
We may need to process some or all of the following categories of sensitive personal information:
- health or medical details
Under data protection legislation, we are permitted to use your information this way because the processing is necessary for the establishment, exercise or defence of legal claims.
Who we share your personal data with
We will need to share your information with our insurance company.
We are required to share this data with the Cabinet Office as part of a national data matching exercise to prevent and detect fraud. For more details, please see our National Fraud Initiative privacy notice, and the Cabinet Office privacy notice.
Further information
Please get in touch if you would like more information about how the council processes your personal data:
• contact the council's data protection officer