The General Data Protection Regulation (GDPR)
Sunningwell Parish Council (SPC) undertakes to collect and use the personal data of residents of the parish who have consented to the holding of specified personal information in compliance with the Data Protection Act 2018 (DPA). Our legal basis for processing this data is our legitimate interest as a parish council wishing to communicate with parishioners to convey information related to parish council activities which SPC considers to be in the interest of parishioners. All information held is that received from the data subjects with their own consent. We use the data for the administration of the parish database the communication of information and the organisation of SPC sponsored events.
This information will be recorded in our parish residents’ database, which is stored offline in compliance with the DPA. Our residents’ data is used only for SPC administration and is not sold or shared with any other organisation other than to enable us to send bulk emails and as may be required by law. Your personal data is not passed on by us for use by any third parties.
In addition, we may hold data relating to people and organisations from whom we are seeking or have already obtained the provision of goods or services for the Parish. We will manage such data in a similar manner to that held in respect of residents save that they will not be included in our residents mailing list.
Information about our data use policies, including how you can see what data we hold about you, how you can limit its use and how you can ask for inaccuracies in data to be corrected is set out below and may also be obtained from the parish clerk upon written request.
Personal data collected
We may collect the following types of information:
- web analytic data
- contact information and other personal information
When someone visits the SPC website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. Similarly, like many sites we reserve the option to collect information about online behaviour using cookies, which contain identification information that enables us to see how users are interacting with the site and how frequently they are returning. The cookies do not contain any information which enable you to be personally identified and are not combined with other information the SPC holds to provide personally identifiable information.
If we want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Only the information is Personal Data which falls within the provisions of the Data Protection legislation. We may come to hold your Personal Data (such as name, e-mail address and other contact information) when you contact us to make comments, submit a problem or request information from us, or register to receive e-news posts from us and provide your name or return contact information.
Use of data
We use residents’ data for SPC administration; the communication of council and other information relevant to the parish and the organisation of council sponsored events and to enable parishioners to respond easily to any messages sent.
Sharing of data
Our residents’ data is used only for SPC administration and is not sold or shared with any other organisation other than to enable us to send bulk emails and as may be required by law. Your personal data is not passed on by us for use by any third parties.
Source of the data
Data is provided voluntarily by parish residents or prospective suppliers themselves.
Storage of data
SPC personal record data is mainly stored in digital form on computers and also in the form of written documents kept at the home of the parish clerk.
Responsibility for compliance with the relevant laws and regulations
Under the DPA we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring that SPC discharges its obligations under the DPA is the Parish Clerk: Brian Rixon
Access to personal data
In the event that the parish clerk is not available, the SPC Chair and/or the Vice Chair may be given access to residents’ data in order for them to carry out their legitimate tasks for SPC.
Legal basis for collecting of personal data
SPC collects personal data of parishioners by consent and for the purposes of its legitimate interests as a parish council wishing to communicate with parishioners.
Checking what data we hold about you
If you want to know the data we hold about you, you should contact the parish clerk.
You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information. The fees will follow the format set out in our Freedom of Information Policy.
Collection of “special” data
The DPA refers to sensitive personal data as “special categories of personal data”.
SPC does not normally record any such special data; the only data we might record would relate to the disability of a parishioner who might have special requirements for access to SPC sponsored events or who might have allergies details of which those catering for a SPC sponsored event might need to be made aware. Such information would only be recorded following an explicit request by or on behalf of the parishioner concerned. If you wish to change this data on your record you can do so at any time by contacting the parish clerk.
Requesting for data to be removed, limited, or corrected
Part or all of your data record will be corrected or removed from our database upon receipt of a written request from the data subject i.e., the parishioner concerned.
These options can be implemented by contacting the parish clerk: clerk@sunningwell-pc.gov.uk
Length of time personal data is kept
We normally keep parishioners’ data whilst they are resident in the parish. We will normally delete any resident’s contact details entirely upon becoming aware that they are no longer resident in the parish. However, any parishioner may have their data deleted at any time upon written request.
Children
We will not process any data relating to a person known to us as being a child without the express consent of the child’s parent or legal guardian.
Deceased residents
Upon becoming aware of the death of a resident we will remove their data.
Data Information Officer
The Parish Clerk is our Data Information Officer. Please contact him in respect of anything connected with data held by Sunningwell Parish Council: clerk@sunningwell-pc.gov.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, can be found at www.ico.og.uk.