UK GDPR privacy notices Communities Privacy Notice

Introduction

The East Suffolk Communities Team have provided this privacy notice to help you understand how we collect, use and protect your information whilst we provide your community with enabling support to be healthier. The document below will describe how we may collect and process your personal information. The purpose of this document is to clearly acknowledge the council’s responsibilities in relation to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Definitions

Personal data means any information related to an identified or identifiable natural (living) person (‘data subject’) i.e. a person that can be directly or indirectly identified by reference to a name, ID reference number, email address, location data, or physical, physiological, genetic, mental, economic, cultural or societal identifier.

Special personal data, previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation. Records of criminal personal data must also be treated in a similar way.

Data Controller determines the purposes and means of processing personal data.

Data Processor is responsible for any operation which is performed on personal data on behalf of the controller, e.g. collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

Third Party is someone/somebody who is not the Data Controller, the Data Processor or the Data Subject.

Who we are

East Suffolk Communities Team works with a range of public, private, community and voluntary sector partners and organisations, to support and enable our communities to be resilient, safe, engaged and healthy.

The council is the ‘data controller’ for the information which is collated and processed. This means we are responsible for deciding how we can use your information. If you want more information regarding the services delivered, please go to our website.

The council regards lawful and correct treatment of personal information as critical to their successful operations, maintaining confidence between the council and those with whom they carry out business. The council will ensure that they treat personal information correctly in accordance with the law.

The service we provide is discretionary. The only exception to this is the council’s obligation under Section 17 of the Crime and Disorder Act 1998 which states that all relevant authorities have a duty to consider the impact of all their functions and decisions on crime and disorder in their local area.

The Data Protection Officer for ESC is Siobhan Martin, Head of Internal Audit, and can be contacted at dataprotection@eastsuffolk.gov.uk

How the law protects you

UK GDPR says that we are allowed to use personal information only if we have a proper reason to do so. More information on how the law protects you can be found on the East Suffolk website.

Our responsibilities

UK GDPR provides us with main responsibilities for processing personal data. All personal information provided by you is held securely and in confidence by us in our computerised and other records. When we process your personal information, we do so in compliance with UK GDPR. For further information on our responsibilities, please see our website.

Your rights

The UK GDPR and DPA 2018 provide you with the following rights:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data, and this is outlined in this privacy notice.
  • The right of access: You have the right to request access to the personal data we may hold about you. This is undertaken using a Subject Access Request.
  • The right to rectification: You have the right to request that inaccurate personal data we hold is rectified.
  • The right to erasure: In certain circumstances, you have ‘the right to be forgotten’ and have your personal data erased.
  • The right to restrict processing: In certain circumstances, you have the right to request the restriction or suppression of your personal data.
  • The right to data portability: In certain circumstances, you have the right to request to obtain your own personal data for your own use or to give to other organisations.
  • The right to object: In certain circumstances, you have the right to object to your personal data being collated, stored and processed.
  • Rights in relation to automated decision making and profiling: You have the right to request that we do not make our decisions based on solely an automated process, and you can object to an automated decision and ask that a person reviews it in certain circumstances.
  • The right to withdraw consent: In our discretionary service provisions, you have the right to withdraw your consent at any time.
  • The right to complain: You have the right to complain through our complaints procedure, and then to the Information Commissioner. Any requests in relation to your rights with regard to the personal data we hold should be made verbally or in writing to the Data Protection Officer. For further information on your rights, please see the ICO website.

Your responsibilities

You are responsible for making sure you give us accurate and up to date information, and to let us know if any personal information we hold is incorrect.

When do we collect information about you?

We collect information about you from different places, including:

  • Consultations and engagement with the community
  • Communications and conversations during community events
  • Discreet project and support work e.g. Armed Forces Community Covenant, including project evaluations
  • Community Asset records
  • Records relating to community safety and to include ASB perpetrators and victims
  • Event applications
  • Community group and business enquiries and support requests
  • Grant applications
  • To deliver our Financial Inclusion work and wider cost of living programme to support residentsstruggling due to recent cost of living rises
  • To aid with the setup of digital devices
  • Katch bus service
  • We receive information from Integrated Care Boards (ICB) such as Suffolk and North East Essex ICB and Norfolk and Waveney ICB these are known as national and commissioning datasets. These datasets do not directly identify you. The purpose of receiving this pseudonymised data is to ensure patients/residents receive quality, effective and equitable care and support from our Communities team.
  • HM Prison & Probation Service in relation to our Prevent Duty under Section 26 of the Counter Terrorism and Security Act 2015. 

What information do we maintain?

The information about you which we will maintain will include:

  • Name
  • Address including postcode
  • Contact telephone numbers
  • Email address
  • Bank account details (grant application only)
  • Bank statements (grant application and financial inclusion work only)
  • Age group (project evaluation)
  • Country of residence (project evaluation)
  • Income, expenditure and debts (financial inclusion work only)
  • Health conditions (financial inclusion work only)
  • Nationality (financial inclusion work only)
  • Ages of any children (wider cost of living programme only)

How do we use your information?

We will be using your information to:

  • Enable us to contact you, following your enquiry, to respond to questions raised,to provide advice or in relation to a complaint raised by you, or to advise you of a forthcoming event, initiative or project
  • Forward you information that we consider you may be interested in
  • Process your grant or funding application
  • Discuss initiatives and events that you have expressed an interest in
  • Evaluate the success of a project, event or initiative that you have been involved with
  • Update our records
  • Update right to bid records and registers
  • Progress the setup of your digital device and for continued support
  • Support you to manage your finances more effectively
  • Support you to connect to skills, training, education and volunteering opportunities
  • Prevent and reduce serious violent crime and anti-social behaviour
  • Contact you regarding the Katch bus service, with your consent
  • For information on how we use your information collected as part of UK Shared Prosperity Funding and Rural England Prosperity Funding schemes please see the Economic Development and Regeneration Privacy Notice
  • As part of the Councils statutory duty under the Social Security (Information-sharing in relation to Welfare Services etc.) Regulations 2012 we will receive information from Anglia Revenues Partnership to improve local welfare provisions and provide you with financial support individually or as a household such as maximising benefit entitlement take up.

We will not use your personal data for other purposes other than for what it was collated unless we have obtained your consent or for other lawful purposes (e.g. detection and prevention of fraud). We do not use systems to make automated decisions about you.

How long do we keep your information?

We will hold your personal information in line with the council’s Retention Policy as follows:

  • Financial Data - 6 Years plus current year (grant and funding applications) or longer if required by grant/financial regulation (when providing financial data you will be informed if your data is to be held longer than the time stipulated above)
  • Personal Information – 3 years plus current year for inactive data or longer if required by contractual or legislative regulations(when providing personal data you will be informed if your data is to be held longer than the time stipulated above) to enable us to contact you when you have engaged with the East Suffolk Communities Team or the council
  • Personal Information (Anti Social Behaviour) - 6 years plus current year. Limitation Act 1980 (section 2)
  • Personal information (Cost of living programme) - 6 years.

You can request that your personal information is deleted at any time.

Data sharing

We will share your personal information with:

  • Community Safety and Anti Social Behaviour - To share with necessary partners through data sharing agreements
  • Consultation response information shared on a consensual basis with project consultation delivery partners, to facilitate members of the public to express their views and particular projects and initiatives
  • Grant and funding application data shared on a consensual basis with grant and funding providers and commissioners as requirement for achieving positive funding outcome, including decisions on grant allocations
  • Project and Initiative Evaluation data shared on a consensual basis with projects and initiatives evaluators to assess the success of the project or initiative
  • Financial Inclusion and cost of living programme - shared on a consensual basis to enable us to secure additional advice and support for you from partner organisations and local charitable bodies
  • Contact information shared on a consensual and or contractual basis with third parties including other council service teams and partners • Suffolk Office of Data and Analytics – the council has a legal obligation to share personal information for the prevention and reduction of serious violent crime.
  • HM Prison & Probation Service – the Council has a legal obligation to share personal information as part of our Prevent Duty under Section 26 of the Counter Terrorism and Security Act 2015.

Transferring your information overseas

Currently, we do not transfer any personal information outside of the European Economic Area (EEA).

National Fraud Initiative (NFI)

We may share information provided to us with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. For further information, see the East Suffolk website