Privacy and data protection

South Somerset District Council (SSDC) is the Data Controller, under the Data Protection Act 1998 (DPA), for personal information.  As the Data Controller SSDC is responsible for ensuring that it meets the DPA's requirements in the ways in which it processes your personal data.

This Privacy Notice covers personal information which is entered on any SSDC website that links to this Privacy Notice. It explains how SSDC will use your personal information and the ways in which we will protect your privacy when provided through the above routes.  Separate privacy notices apply to personal information provided through other routes and this Privacy Notice does not override the Privacy Notices provided by specific services or for specific forms etc. but does give general guidance on how SSDC handles your personal data.

The Information Commissioner (ICO) is responsible for enforcing the DPA and the ICO's website has a lot of useful information about the DPA and your rights.

If you require more information about how we process your data please contact us.


Why do we use personal information?

Depending upon the personal information provided and your reasons for providing it, we may need your personal information:

  • In the performance of  a contract that we have with you;
  • To fulfil a legal obligation that we may have;
  • To protect your vital interests;
  • To protect our legitimate interests for example to help with research and planning of new services; to help train our staff; or to help manage our services.

Where SSDC proposes to use your personal information for any other uses we will ensure that we notify you first unless there's a valid exemption. For example where a person is under investigation for fraud and by bringing this to their attention it may prejudice or impede the investigation.

Where we rely solely on your consent to process your personal information, you can withhold or withdraw your consent at any time.

When you contact SSDC by phone we may record telephone calls for training and monitoring purposes and when you visit an SSDC officer CCTV is operation for security purposes.


How do we keep information secure?

 We will take appropriate steps to make sure that the records we process about you through the SSDC websites are secure. Our security measures include

  • Encryption - when making an application using our website, the information that you submit is encrypted so only you and the Council's server can see it. This is indicated in the address bar where you will see it says 'HTTPS'.
  • Access controls on systems - all of our computer systems are password protected and the Council's servers are kept in a secure room with restricted access.
  • Security training for all staff

With whom will your personal information be shared?

We may share your information across the Council's services, within SSDC and other partner organisations, where this is necessary, e.g. to provide a service; to counter fraud etc.

Where we share your information with third parties, in most cases we will seek to gain your consent first. However, we may share personal information without your consent when it is lawful and reasonable to do so This does not happen often but we may share your information:

  • for the detection and prevention of crime/ fraudulent activity; or
  • money laundering regulations 2007
  • if there are serious risks to the public, our staff or to other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

Sometimes SSDC uses third parties to process your information on our behalf, for example to provide services or analysis. SSDC requires those third parties to comply with its instructions and they are forbidden to use your information for their own business purposes


Will I be contacted for marketing purposes?

We do not make your personal details available to 3rd parties for marketing purposes SSDC will only send you marketing emails and otherwise contact you for marketing purposes if you sign up to a mailing list, for example, to the Octagon Theatre so you could be kept informed of forthcoming shows, or otherwise asked to be kept informed.

If you wish to have your name removed from a mailing list or have any questions please contact us.


National Fraud Initiative (NFI)

SSDC is required by law to protect the public funds we administer. Therefore, we may share information that you provide with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

This sometimes includes data matching exercises which involves comparing computer records that we hold against other computer records that we of another body hold to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and benefits to be identified. For more information please see our fraud page.


How can you access the information we hold about you?

SSDC tries to be as open as it possibly can in regards to giving people access to their personal information.  If you wish to apply to see what personal information we hold about you please click here.


How can you request correction of inaccurate information?      

If you disagree with something written on your file then please let us know We may not always be able to change or remove the information e.g. if we are required by law to retain it but we will correct factual inaccuracies where possible.  If we do not agree that the record is inaccurate we will at least include your comments in the record to indicate your disagreement.

If you would like to inform us of any inaccuracies please contact us


How long will we keep your personal information?

Generally we will hold your information for as long as it is necessary for the purpose for which you provided it.  The Council's Retention Schedule gives general guidance on how long each type of record is held. The length of time may be set by law, for example, financial transactions are kept 7 years, or it may have arisen from common practice within Local Government. Alternatively SSDC may decide to retain certain records for a period deemed appropriate for that particular type of case.

If you would like any further information about the Council's retention policy please contact us


Cookies      

We want to make our online services as easy, useful and reliable as we can. Therefore, like most other websites we use 'cookies' to collect anonymous statistics about how people use our site. For more information on how we use cookies, please see our Cookies page.


Links to other websites

SSDC websites contain hyperlinks to websites owned and operated by third parties. This privacy notice does not cover the links contained on this site which takes you to another website. These third party websites have their own privacy policies and you are encouraged to read the privacy statements on the other websites that you visit.

SSDC is only responsible for the content it inputs on its own website and social media and we do not accept any responsibility or liability for any other content including links to third party websites. Your use of such websites is at your own risk.


Social networking sites

We may monitor and respond to comments or opinions on social networking sites, for example Facebook and Twitter. 


 

Changes to this privacy notice

We keep our privacy notice under review and if this privacy notice changes in any way, an updated version will be placed on this page. If you think there are any errors or you have any other comments or queries on the content of this Privacy Notice please let us know.


How to contact us

If you are not happy with the way in which we have processed and dealt with your personal information then you can make a complaint using the Council's complaint procedure.

If, after following the complaints process, you are still unhappy then you can make a complaint to the Information Commissioner.


Last Updated 10th February 2017