Harlow District Council Overarching Privacy Notice
This privacy notice explains how Harlow District Council (as a Data Controller) collects, uses and protects personal data that we hold.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) 2016 and the principles set out in it.
Who are we?
Harlow District Council is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
We comply with our obligations under the GDPR and the principles of the DPA by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA, we have a legal duty to protect any personal data we collect from you. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it. The Access to Information Policy (pdf) contains full details of Harlow Council’s Data Protection Policy.
We will not process any data relating to a child (under 13) without the express parental/ guardian consent of the child concerned.
What is the legal basis for processing your personal data?
Depending on how we are processing your personal data will determine the legal basis for processing. Generally, the legal bases for processing by the Council as a public authority will be:
- To perform a function or provide a service required by statute (Article 6(1)(e) GDPR);
- To comply with a legal obligation (Article 6(1)(c) GDPR);
- Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 1(b) GDPR);
- Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) GDPR); and
- With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR).
Where the purpose for processing your personal data has changed, we will seek your consent.
In certain circumstances you will be able to withdraw your consent to processing. Please contact the Council’s Data Protection Officer on the details provided below, who will explain if your consent cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors carrying out repairs to Council houses. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
In most cases we will not disclose your personal data without your consent, however there are circumstances when your consent is not required such as the legal bases (1) – (4) above.
Where we require your consent to share or disclose your personal data, we will seek your consent.
How long do we keep your personal data?
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- to request a copy of your personal data which we hold about you;
- to request that we correct any personal data if it is found to be inaccurate or out of date;
- to request that your personal data be erased where it is no longer necessary for us to retain such data;
- to withdraw your consent to the processing at any time;
- to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (where applicable) - please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we processes the data by automated means;
- to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
- to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics;
- to lodge a complaint with the Information Commissioners Office.
You can access the personal information that we hold about you ((a) above) by submitting a Subject Access Request (SAR) to the Council. This request must be in writing and clearly specify the information you require. A SAR form is available on the Council’s website to assist you with submitting a request.
If you would like to make a request in regards to the processing of your personal data please contact the Data Protection Officer on the details provided below. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.
Further information can be found in our Access to Information Policy (pdf).
Copies of Council policies
You may request copies of our policies from the Data Protection Officer at the address below.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the Council’s Data Protection Officer: firstname.lastname@example.org
Or write to:
Data Protection Officer
The Water Gardens
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:
Information Commissioner's Office