The General Data Protection Regulation (2018) (GDPR) and the UK Data Protection Act (2018) form the UK Data Protection regime.
In the course of our business we collect and hold personal data. This Privacy Statement is for Lisburn & Castlereagh City Council Corporate website www.lisburncastlereagh.gov.uk
The GDPR/DPA requires that personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Why we need your information
The Council provides its residents with a public service in compliance with its legal responsibilities;
- To contact you by post, email or telephone;
- To update your records;
- We may need to establish your needs and subsequently provide you with the assistance that you require;
- To prevent and detect fraud and corruption in the use of public money;
- From time to time we obtain your opinion about our services and inform you of other relevant council services and benefits;
- To protect citizens from harm or injury;
- For law enforcement functions, for example, licensing, planning enforcement, trading standards and food safety where we are legally obliged to undertake such processing;
- Where the processing is necessary to comply with legal obligations, for example, the prevention and/or detection of crime;
- During emergency planning situations we may need to use your information to assist us in responding to emergencies or major accidents. This allows us, in conjunction with the emergency services, to identify individuals who may need additional help and support.
Information that we collect
We hold personal data in delivering our services. The personal data that we collect is:
- Name (first and last)
- Date of Birth
- Home Address
- Email address
- Home Telephone Number
- Financial Information
- Mobile Telephone Number
- Licensing Information
- Personal Email
- Health information
Lisburn & Castlereagh City Council processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
How we collect information
- Registration of births and marriages
- When you submit a complaint to us
- Completing online forms
- Registering for events and event information
- Through Smart Survey
The personal data may be held in paper and electronic format, but will always be managed in a safe and secure manner.
Some areas of our website require you to actively submit personal data e.g. online services, email, online forms or online payments. You will be informed at each of these personal data collection points what data is required and what data is optional.
Personal data may be gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet.
We collect IP addresses for the purposes of system administration and to audit the use of our site. Each time you log onto our site and each time you request one of our pages, our server logs your IP address.
Although we log your session, it will not normally link your IP address to anything that can enable us to identify you. However, we can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our rules or terms of service or to protect our service, site, users or others.
Your rights as an individual
The GDPR provides rights for individuals, as a Data Subject you have the:
- Right to be informed – obligation to provide ‘fair processing information’ through privacy statements. There must be transparency at the point of collection on how the information will be used and there is an emphasis on providing you with a clear and concise notice.
- Right of access – individuals must be able to access their data to ensure that it is being processed lawfully. This is commonly referred to as a Subject Access Request. If you wish to access your personal data you must submit a request in writing and we will respond within one month. We may seek clarification as to your identity and there is no fee for this service.
- Right to rectification – which means that we will rectify inaccurate data concerning you without undue delay.
- Right to erasure – (is not absolute and only applies in certain circumstances) erasure or rectification of personal data – this right arises in the event of inaccurate or incomplete data and has been expanded to cover more circumstances than those set out in the Data Protection Act 2018.
- Right to data portability – this is a new right enabling individuals to reuse and transfer their personal data (held in electronic form) for their personal use to another data controller without affecting its usability.
- Right to restrict processing – where the accuracy is contested (until it can be verified) or where you have objected to the processing (until a verification of the legitimate grounds on which it occurs has been made) or where processing is unlawful or when it is no longer necessary.
- Right to object – where the processing of personal data is subject to consent, individuals can object to certain types of processing such as direct marketing or processing for research or statistical purposes.
- Right not to be subject – to a decision based solely on automated processing, including profiling that significantly affect the individual.
Sharing and disclosing your personal information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this Privacy Statement or where there is a legal requirement.
Lisburn & Castlereagh City Council takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: pseudonymisation, restricted access, IT authentication, anti-virus/malware and firewalls.
Transfers outside of the EU
Lisburn & Castlereagh City Council use MailChimp as our marketing automation platform. MailChimp is an internationally based company and stores your data in the US. MailChimp is certified under the EU-US Privacy Shield framework.
If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Statement.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Consequences of not providing your data
You are not obligated to provide your personal information to Lisburn & Castlereagh City Council. However, as this information is required for some of our service delivery or for legitimate interests, we may not be able to offer some/all our services without it.
How long we keep your data
Lisburn & Castlereagh City Council will only ever retain personal information for as long as it is necessary and we operate a strict Retention and Disposal Policy to meet these obligations.
Where you have consented to us using your details for direct marketing consultation or communication purposes. You have the right to withdraw this consent at any time.
You can request that we delete/destroy data by contacting our Data Protection Officer, your request will be reviewed to ensure the correct procedures apply, including compliance with the law.
Notifications of changes
Any changes to this Privacy Statement will be posted on our website.
Subject Access Request
Should you wish to make a Subject Access Request please complete the Council’s Subject Access Request form and contact:
Data Protection Officer
Lisburn & Castlereagh City Council
Lagan Valley Island
Lodging a Complaint
Lisburn & Castlereagh City Council only processes your personal information in compliance with this Privacy Statement and in accordance with GDPR/DPA. However if you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with our Data Protection Officer or the Information Commissioners Office:-
|Data Protection Officer||Information Commissioner|
|Lisburn & Castlereagh City Council||Information Commissioners Office|
|Civic Headquarters||14 Cromac Place|
|Lagan Valley Island||Belfast|
|Lisburn BT274RL||BT7 2JB|
|Email: firstname.lastname@example.org||Email: email@example.com|