Information about our Organisation and Website.
At East Lindsey District Council we take our Privacy responsibilities seriously and we are registered as a Data Controller with the Information Commissioner's Office and comply with the new data protection principles. This Privacy Notice explains how we use and protect information about you. In order to provide our services and to meet our obligations as a Public Authority we process personal data about people on a daily basis. The personal data we hold about individuals will vary depending on the services we provide and the reasons they have contacted us.
We protect the data we hold about you in many different ways including by training our staff well, using appropriate cyber security and keeping a record of the data we hold and what we do with it.
As part of the strategic alliance between Boston Borough and East Lindsey District Councils your information may be processed by teams from either Council in order to provide the most effective service to you. For any queries about your personal data please contact the relevant data protection officer for the area in which you live: DataProtection@e-lindsey.gov.uk or firstname.lastname@example.org
Our Data Processor is Public Sector Partnership Services Ltd (formerly Compass Point Business Service (East Coast) Ltd) who process data on our behalf in relation to Revenues and Benefits, Finance, Human Resources, Information Technology and Customer Service under a contract. You can access details about Privacy on their website.
We have a Data Protection Officer who can be contacted at:
Phone - 01507 601111
Email - DataProtection@e-lindsey.gov.uk
Or by post to our Offices at The Hub, Mareham Road, Horncastle, Lincolnshire LN9 6PH.
What Personal data are we collecting and why?
We use your personal information; name, address, email, date of birth, national Insurance number etc so that we can provide our services and meet our legal obligations to the residents and visitors to our district. Depending on the services we provide to you we will hold different information in different departments or pass it to our processor to deal with eg if you make a payment, as they process our finances.
Some information is classed as 'special' personal data and includes more sensitive information about racial or ethnic origin, sexual orientation, medical or disability information or religious beliefs. You sometimes need to give us consent to process this information and we may ask for a signature. We will tell you why this information is needed and how it will be used at the time we collect it from you.
We will always collect the minimum amount of information we need and try and keep it accurate. You can help us do this by contacting us if any of your details change.
Where we do not directly provide a service me may need to pass your details onto a third party, such as our data processor or a contractor working on behalf of the Council. They are also obliged to keep your data safe and secure and only use it for the purpose they are allowed.
We will use your personal data for things like:
- Delivering services and support to you
- Performing our public tasks
- Managing those services we provide to you
- Investigating any worries or complaints you have about our services
- Keeping track of spending on services
- Checking the quality of services
- To help with research and planning of new services
- Processing financial transactions and acting on behalf of other government bodies such as the Department for Work and Pensions
- Fulfilling our legal duties under the Equalities Act 2010 and Health and Safety Acts.
How we collect your Personal Data
This will depend on how and why you have contacted us. If you have given your phone number or email address to the telephone operator they will pass your details to the appropriate department or you may have visited our website eg to renew your Green Waste subscription or to apply for a permit for something and given us your information on a form. We will use the personal information you give us to answer your enquiry, provide the service or investigate any issue or complaint. We are also given personal details by other organisations, such as HMRC and DWP in order to meet our statutory duties.
Data Protection during the Coronavirus crisis
Whilst the council is continuing to provide services in the current caronavirus pandemic, some requests for personal data or requests under freedom of information may be delayed. Your personal data remains protected as usual.
The council already holds data regarding residents, employees and stakeholders. You may have provided this information for a specific reason and normally we would seek to inform you that the data provided would be used for a different purpose. Due to the changing situation this will not always be possible. If we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health England, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council, this may be with other public authorities, emergency services, and other stakeholders as necessary and proportionate to do.
We may, in this current crisis need to ask you for personal information including sensitive personal information for example your age or if you have any underlying illnesses or are vulnerable, that you have not already supplied. This is so the council can assist and prioritise it's services.
How we are processing your personal data will determine the legal basis for processing. The legal bases for processing by the council as a public authority are likely to be:
Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR)
Where it is necessary for the reasons of substantial public interest Article 9(2)(g)
Where it is in the interest of public health Article 9(2)(i)
If you require any more information then please contact our data protection officer at DataProtection@e-lindsey.gov.uk
Our Legal basis for processing your data and how it will be used.
Data Protection legislation states the different lawful reasons that we may use to process your personal information and these will differ depending on the service we are providing to you. More detailed information will be coming soon for each Service Area of the Council. In the meantime please look at any privacy notice you were issued with or contact the Data Protection Officer if you would like to know more.
There are a number of legal reasons why we need to collect and use your personal information. This is most often because we have a legal obligation to provide a service to you, like collecting your rubbish, it is part of our public task or because we have a contract with you or you have consented to providing your data in order to access one of our services. We only collect enough information from you to perform that task or provide that service. Some information is required legally - eg who is living in your household for Council Tax purposes and some may be given voluntarily by you as part of a contract with us eg purchasing the green waste collection service.
How we protect your data
We protect your data in many different ways. We have appropriate cyber security including firewalls and security patches, and physical controls in place to protect our computer systems and paper records. Our staff are trained in Data Protection and only have access to the information that they need for their job. We have policies in place which state how we use data, who can access it and how it is processed. Our data Protection Officer advises us on the best way to protect and manage data and makes sure that we comply with the law and follow best practice.
Disclosing and Sharing Data
We will not sell your personal details to any third parties. We will use your information for Council purposes and share it between different departments and our Councillors as appropriate to provide the service you have requested or to perform our public tasks including for any enforcement purposes. We will also share information with our Partner agencies who deliver services with us or on our behalf and have appropriate contracts and Information Sharing Agreements in place to do this. We are also permitted to share data with the police and other agencies to prevent and detect crime or prevent fraud and are required to share certain data with other Government departments for example as part of the National Fraud Initiative. We may also share data if there are any safeguarding concerns about adults or children or where there are risks to public health. We may also receive information about you from other Government departments, where this is necessary for us to carry out our public tasks, such as HMRC and DWP in order to administer the benefits system.
National Fraud initiative - Cabinet Office data matching
In order to prevent and detect fraud it is a legal requirement that we share information with the Cabinet Office. This is for the purpose of data matching as part of the National Fraud Initiative (NFI). Examples of data supplied are as follows:
- Council Tax
- housing benefits
- Electoral register
- Licensing including personal alcohol licences and Taxi licences
- Insurance data - if claims have been made against the Council
- Payroll - staff data
- Trade creditors payment history and standing data (paid and open invoices)
Computerised data matching allows potentially fraudulent claims and payments to be identified and investigations to be carried out where necessary, in order to protect public funds. The use of this data by the Cabinet Office is carried out under Part 6 of the Local Audit and Accountability Act 2014 and does not require the consent of the individual concerned under the Data Protection Act. You will have been informed when we collected your personal information if we intend to share it with other people and organisations. However, you will not be informed if we are asked to provide your details for law enforcement or tax collection reasons as this is permitted within current Data Protection Legislation.
More information can be found on the Gov website at the National Fraud Initiative: public sector data requirements.
In some circumstances we are not processing your data as part of our public task or official authority but by your 'consent' meaning that you have given us permission to collect and use your data for a specific purpose or purposes. You will have been told this at the time we collected your data either on a form or through our website, for example if you have subscribed to our e-newsletter. As part of your rights you can tell us if you no longer consent to us processing your data for this purpose, for example if you wish to unsubscribe to the newsletter then your name and email address will be removed from the list.
We use a consent basis for processing data for our newsletters and marketing as well as for some of our optional services like accessing the Wellbeing hub and our Business Support Services.
Where we store information
It is common these days for information to be held in a cloud storage system. Whilst most of our data is held on our own servers managed by our data processor some applications we use to manage services are cloud based. We have checked that all those we use are compliant with the law and all are hosted within the EU which means they have the same protection of the law as they do in the UK. This Council does not transfer any data internationally although information available on our website can be accessed worldwide just as any other website can for example the Planning Portal.
How long we store information
We only keep your data for as long as we need it. This is called a retention period. Some periods are prescribed by law for example financial information which has to be provided to HMRC but for some information we can decide how long we keep it for depending on the needs of that service area and best practice. Where our computer systems are unable to delete data automatically they being updated so that we can comply with data retention periods. Once records are no longer needed then they are securely destroyed.
Keeping you in control - Your Rights
Data Protection law allows you certain rights to help have some control over the data that we use about you. Different rights exist for different types of processing. For example you cannot ask us to erase your Council Tax information as we have a legal duty to collect Council Tax.
New data protection legislation and the General Data Protection Regulation (applicable from 25th May 2018) give you more rights over your data:
The right to rectification
This means you can ask us to correct any inaccuracies in the information we hold about you.
We can't guarantee we will be able change that information, but we'll correct factual inaccuracies and may include your comments in the record if you disagree with it.
The right of access (subject access request)
You have the right to know whether or not we hold information about you and to see a copy of it. This is usually known as a subject access request (SAR).
There is sometimes information that we may hold about you that we can't give you access to. This may include:
- Parts of your record that contain information about other people.
- Information that may cause serious harm to you or someone else's physical or mental health.
- Where we think that disclosing information may stop us from preventing or detecting a crime.
If this is the case you will be given an explanation at the time the information is supplied to you. You can make a subject access request via our Data Protection Act - Your Rights webpage.
The right to erasure
Sometimes known as the right to be forgotten, you have the right to request that we erase your personal information in certain situations.
The right to object
In certain circumstances, you have the right to object to processing of your data.
This includes withdrawing your consent for direct marketing such as receiving our e-messenger magazine which you can unsubscribe to by following the link in the messenger.
The right to restrict processing
Restricting processing is possible when we need to time to consider an objection or request to rectify data. The use of your information is temporarily suspended while the data processing is reviewed.
The right to data portability
You have the right to ask for your personal information to be given back to you, or another service provider of your choice. This only applies if we are processing your information with consent or under a contract (not where we are required to by law) and the data is only processed electronically.
It is unlikely that this right will apply to services from the Council.
Automated individual decision-making, including profiling
This is where decisions are made about you by an algorithm without any human intervention. Profiling means that bits of information about you are combined to create a profile that is used to predict something about your behaviour.
You can ask to have any computer-made decisions explained to you. East Lindsey District Council does not currently use automated decision-making.
If you would like more information about your rights please go to the ICO website.
To exercise any of your rights please contact the Data Protection Officer.
Our main offices at Horncastle, business centres, Kingfisher Caravan Park, Refuse vehicle yard, refuse and recycling collection trucks and car parks office at Skegness all have CCTV installed to assist with the prevention and detection of crime and to assist with public safety. We have appropriate signs installed in CCTV monitored areas and adhere to the surveillance camera commissioner's code of practice.
We will share CCTV footage if we are legally obliged to do so, or where we are allowed to do so under exemptions in the Data Protection Act.
We sometimes project live images from one council chamber to another during a meeting if there is insufficient room for the public to fit into the chamber. These images are not recorded. East Lindsey District Council does not currently use body-worn cameras.
Our Website and Social Media
Through our social media accounts and website, we will post photos, videos, and sound recordings of our work, relevant news and events, which may sometimes include personal data. Although we often try to seek consent, this may not always be possible when capturing large crowds or public street scenes. If you are ever unhappy about being included in any of these publications, please contact us. We are not responsible for images uploaded by third parties. For more information see our Social media house rules.
The East Lindsey websites may contain links to other websites. ELDC does not control those other sites and we cannot be responsible for the content of those sites or for the protection of any information you provide to other sites. ELDC accepts no responsibility or liability for such other websites. You should exercise caution when entering personal information online and look at the privacy statement applicable to the website in question.
Enquiries and Complaints
If you think that there is something wrong in the way we have handled your data then please contact the Data Protection Officer in the first instance in 01507 601111 or Data.Protection@e-lindsey.gov.uk who will assist you with your enquiry or complaint. If you wish to make a formal complaint in writing, compliment us on how we handle your information or leave some general feedback then you will find information on our Compliments, Complaints and Feedback webpage.
If the matter is a complaint and it cannot be resolved then you can contact the Information Commissioner's Office (ICO):
- by phone on 0303 123 1113
- by post to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- online at www.ico.org.uk