The Data Protection Act gives you the right to know what information is held about you, and sets out rules to make sure that this information is handled properly.
Subject access requests
The Act gives data subjects a right of access to their personal data. This right is exercised by the data subject making a subject access request. A data subject is entitled to ask the council for a copy of his or her personal data.
People may ask for information in several different ways: in writing, by telephone or face to face. However, we are not obliged to comply with a request unless all of the following conditions are met:
- The request is made in writing
- Sufficient information is provided to identify the person making the request and the information that is being sought
- The correct fee, currently £10, has been paid in advance
If all these conditions are satisfied, we must comply with the request within 40 days. The data subject is entitled to receive a copy of the information in permanent form.
Unbugged privacy statement
Unbugged is committed to protecting your privacy. We need to collect and use information about people (“personal data”) in order to provide public services and carry out our duties as a Local Authority. This privacy statement is made in light of the requirements of the Data Protection Act 1998 to inform you how we use and protect this data.
Why do we use personal information?
The main reason we collect and use personal data is to support us in carrying out our duties.
We will usually need at least basic information (such as your name and address) in order to administer these functions and contact you about them, and will sometimes need more detailed information to provide tailored services or investigate issues further. We also use the data we hold to monitor how we are doing, and to help plan future services.
We also use personal data for a range of other purposes, including providing other services to you, meeting our legal obligations.
We will always explain in more detail why we need your data when we collect it from you.
When do we collect personal information?
We collect data about you whenever you:
- provide it to us by filling in a form
- contact us by any method, including letter, email, social media or visiting one of our offices
- use some of our services
We also have a number of CCTV cameras in the district, both in our offices and in public spaces.
When we collect or receive data about you from third parties, we will usually tell you that we have done so (unless you already know about it).
How do we use personal information?
How we use your data will depend greatly on why we collected it in the first place. We will not usually use your data for any other purpose unless there is a strong reason to do so. However, we do from time to time share basic information (such as name and contact details) between departments in order to ensure that our records remain up-to-date.
How do we protect your information?
We have a number of policies in place to ensure that your information is kept safe and secure, and can only be accessed by people who need to access it. Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password)
- controlling access to systems and networks, to ensure that only people who need to access information can do so
- training our staff in how to handle confidential information appropriately
- procedures for handling information that is kept on paper, such as ensuring it is locked away when not in use
- regularly testing and updating our technology to ensure that all our security measures are effective and up-to-date
- procedures to follow in the event that any breach of security occurs, to ensure that any damage from this is minimised
Under the Data Protection Act 1998, you have the following rights:
- the right to request a copy of any of your personal data held by us (“subject access request”);
- the right to object to any processing which may cause damage or distress
- the right to prevent direct marketing
- the right to object to decisions being taken by automated means
- the right to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to claim compensation for damages caused by a breach of the Act
It will usually be necessary for you to put your request in writing in order for it to be considered under the Act. We may also request proof of your identity, and additional information from you, before we can process your request. Once you have provided everything we need, we are required to respond to any request in full within 40 calendar days.
Please note the rights listed above are not absolute, and depending on the circumstances we may not always be able to fulfil your request. If this is the case, we will inform you as soon as possible.
Queries and revisions
We reserve the right to amend this privacy notice at any time. However, we take your privacy very seriously and will never change our policies or practices to make them less protective of your personal information. In May 2018 we will become subject to the new General Data Protection Regulation (GDPR), which strengthens your rights and places extra obligations on us, and we will update this notice accordingly.
If we do make any changes to this policy, we will post the current version to our website at this address.