How Ashford Borough Council Uses Your Personal Data
ABC is the Data Controller for the personal data it holds as set out in this policy. ABC’s Data Protection Officer can be contacted at: The Data Protection Officer, Ashford Borough Council, Civic Centre, Tannery Lane, Ashford TN23 1PL or via FOI@ashford.gov.uk.
We are registered with the Information Commissioner’s Office (ICO) with registration number Z8344724.
Some personal data is classed as “special categories of personal data” because it is considered to be more sensitive and therefore requires more protection. This includes information that identifies racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding physical and mental health.
The processing of personal data is governed, in the UK, by the General Data Protection Regulation (the “GDPR”) 2016 and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, and the regional supervisory authority is the ICO. A new Data Protection Act is expected to be enacted in 2018.
- deliver public services
- contact you by post, email or telephone
- understand your needs to provide the services that you request
- understand what we can do for you and inform you of other relevant services and benefits
- obtain your opinion about our services
- update your customer record
- process financial transactions
- prevent and detect fraud and corruption in the use of public funds
- allow us to undertake statutory functions efficiently and effectively
- make sure we meet our statutory obligations including those related to diversity and equalities
- Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the council
- Legal obligation: processing is necessary for compliance with the council’s legal obligation
- Contract: processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract
- Consent: where you have given consent to the processing of your personal data for one or more specific purposes. For example, this is the basis likely to be used if you have signed up to receive any newsletters
- Legitimate interests: where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. This legal basis is not open to us when performing our statutory tasks, however where we are operating on a commercial basis then this legal basis may be utilised
- Vital Interests: where processing is necessary in order to protect the vital interests of you or of another individual. For example, protecting someone or their property from imminent harm or damage. The legal basis relied upon will be explained to you in more detail in a specific privacy notice, provided at the time your personal data is collected
We provide training to staff who handle personal data and treat it as a disciplinary matter if they misuse or do not look after your personal data properly.
We conduct data protection impact assessments when making changes to processes or systems that hold your personal data.
We have a range of measures in place to protect the physical security of your data. For example, locked confidential waste bins and controlled physical access to our premises.
We have a range of rigorous measures in place to protect the electronic security of your data. For example, centralised firewalls and email filtering protect our network in conjunction with the Kent Public Service Network; patch management, vulnerability scanning and regular penetration testing all ensure the security of our systems; all mobile devices have full disk encryptions and utilise 2 factor remote authentication; and we are regularly audited and fully compliant to the Public Service Network code of connection.
We will investigate where we have found that your personal data may have or has been disclosed inappropriately (data breach) and attempt to recover any data lost. If any breach is likely to result in a risk to your rights or freedoms we will inform the ICO within 72hrs and should such breach result in a high risk to these freedoms we will contact you without undue delay.
- There are procedures in place to ensure your data receives the same protection as if it were processed inside the European Economic Area; or
- With the consent of the data subject; or
- Where required by law
We are signatories to the Kent and Medway Information Sharing Agreement, which provides the framework for sharing personal data between local public sector agencies, where there is a specified explicit and legitimate purpose to do so.
Where we will or may share your personal data with other organisations, this will be explained to you in more detail in a specific privacy notice, provided at the time your personal data is collected.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal data in accordance with our data retention policy and applicable laws and regulations.
The length of time we will keep your personal data for will be explained to you in more detail in a specific privacy notice provided at the time your personal data is collected.
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Request the correction of your personal data when incorrect, out of date or incomplete
- Request erasure of your personal data when there is no good reason for us to continue to process it
- Object to processing of your personal data where we are relying on a public task or legitimate interest legal basis to carry out that processing and there is something about your particular situation which makes you want to object to processing on these grounds. Please note this only applies in certain circumstances for example, direct marketing or where processing is for the purposes of scientific or historical research
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal data to another party. This would allow you to transfer your information to another local authority should you wish to do so. Please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we process the data by automated means
- To be informed of the processing of your personal data by automated means which results in a decision being made (without human intervention) that has a legal or similarly significant effect on you as an individual. Where these methods of processing are used, you have the right to ask for a council officer to review the decision
- Right to withdraw consent where we rely on your consent for a specific process you have the right to withdraw your consent at any time
You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). We will usually need to request specific information from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights).
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act
Electoral Register Privacy Notice
AshfordFOR Privacy Notice
Love Ashford Privacy Notice
Job Applicant Privacy Notice
Councillors' Privacy Notice
Housing Services Privacy Notice
Housing Services Tenant and Landlord Privacy Notice
Visit Ashford and Tenterden Privacy Notice
Planning Privacy Notice
Counter Fraud Privacy Notice
Council Tax and Benefits Privacy Notice
Insurance Privacy Notice
Enforcement Team Privacy Notice
Parking Services Privacy Notice
Recycling and Refuse Service Privacy Notice
Covid-19 (Coronavirus) Privacy Notice
Self-Isolation Payment Privacy Notice
We also use Google Analytics so that we can find out how many people visit various parts of the website. This information helps us to find out how effectively our website is working and how to improve it. We do not identify anyone, and we do not allow Google Analytics to identify anyone visiting our website.
Where you are communicating with us for the purpose of making a complaint, we will only use your personal data to handle, investigate and respond to the complaint and to check on the level of service we provide.
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the ICO to investigate the matter further by writing to:
Information Commissioner's Office
Post: The Data Protection Officer, Ashford Borough Council, Civic Centre, Tannery Lane, Ashford TN23 1PL
Email: FOI@ashford.gov.uk. We keep this privacy notice under regular review and we will place any updated versions on this page. This will help ensure that you are always aware of what data we collect and how we use it.
Last Updated: 21/05/18