UK GDPR privacy notices Economic Development and Regeneration Privacy Notice

Introduction

East Suffolk Economic Development and Regeneration Team have provided this privacy notice to help you understand how we collect, use, and protect your information whilst we provide you with Economic Development, Regeneration, and Funding.

The document below will describe how we may collect and process your personal information.

The purpose of this document is to clearly acknowledge the council’s responsibilities in relation to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Definitions

Personal data means any information related to an identified or identifiable natural (living) person (‘data subject’) i.e. a person that can be directly or indirectly identified by reference to a name, ID reference number, email address, location data, or physical, physiological, genetic, mental, economic, cultural or societal identifier.

Special personal data, previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation. Records of criminal personal data must also be treated in a similar way.

Data Controller determines the purposes and means of processing personal data.

Data Processor is responsible for any operation which is performed on personal data on behalf of the controller, e.g. collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

Third Party is someone/somebody who is not the Data Controller, the Data Processor or the Data Subject.

Who we are

East Suffolk Council’s Economic Development and Regeneration team reinvigorate the local economy through physical regeneration whilst enhancing the local environment to support economic growth and prosperity. We encourage new and existing businesses to survive, revive and thrive, making our district more attractive to residents, visitors, and investors alike. Our team provide ongoing support to the development of a stronger skill base including skills to future-proof tomorrow’s generation, today.

Our business support service is called ‘East Suffolk Means Business’, which can be found primarily at www.eastsuffolkmeansbusiness.co.uk and also on supporting social media channels.

Our Lowestoft regeneration projects and ambitions can be viewed in further detail through our website Think Lowestoft and supporting social media channels @thinklowestoft.

Two Heritage Action Zone projects in Lowestoft are also being delivered by the Economic Development and Regeneration Team. Details can be found on the Think Lowestoft website, as well as supporting social media channels @LowestoftHAZ.

The council is the ‘data controller’ for the information which is collated and processed [state if this is a shared controller responsibility]. This means we are responsible for deciding how we can use your information. If you want more information regarding the services delivered, please go to our website.

The council regards lawful and correct treatment of personal information as critical to their successful operations, maintaining confidence between the council and those with whom they carry out business. The council will ensure that they treat personal information correctly in accordance with the law. The services we provide are discretionary and contractual.

The Data Protection Officer for ESC is Siobhan Martin, Head of Internal Audit, and can be contacted at dataprotection@eastsuffolk.gov.uk.

How the law protects you

UK GDPR says that we are allowed to use personal information only if we have a proper reason to do so. More information on how the law protects you can be found on the East Suffolk website.

Our responsibilities

UK GDPR provides us with main responsibilities for processing personal data. All personal information provided by you is held securely and in confidence by us in our computerised and other records. When we process your personal information, we do so in compliance with UK GDPR. For further information on our responsibilities, please see our website.

Your rights

The UK GDPR and DPA 2018 provide you with the following rights:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data, and this is outlined in this privacy notice.
  • The right of access: You have the right to request access to the personal data we may hold about you. This is undertaken using a Subject Access Request.
  • The right to rectification: You have the right to request that inaccurate personal data we hold is rectified.
  • The right to erasure: In certain circumstances, you have ‘the right to be forgotten’ and have your personal data erased.
  • The right to restrict processing: In certain circumstances, you have the right to request the restriction or suppression of your personal data.
  • The right to data portability: In certain circumstances, you have the right to request to obtain your own personal data for your own use or to give to other organisations.
  • The right to object: In certain circumstances, you have the right to object to your personal data being collated, stored and processed.
  • Rights in relation to automated decision making and profiling: You have the right to request that we do not make our decisions based on solely an automated process, and you can object to an automated decision and ask that a person reviews it in certain circumstances.
  • The right to withdraw consent: In our discretionary service provisions, you have the right to withdraw your consent at any time.
  • The right to complain: You have the right to complain through our complaints procedure, and then to the Information Commissioner. Any requests in relation to your rights with regard to the personal data we hold should be made verbally or in writing to the Data Protection Officer. For further information on your rights, please see the ICO website.

Your responsibilities

You are responsible for making sure you give us accurate and up to date information, and to let us know if any personal information we hold is incorrect.

When do we collect information about you?

We collect information about you from different places, including:

Personal data Where this is collected
Name Event and training applications, consultation responses, business enquiries and support requests, grant applications, project evaluations, contact information, contact us form, subscribe to updates and mailing list form, free public Wi-Fi. UK Shared Prosperity Fund and Rural England Prosperity Fund projects, including the Personal Development Service.
Email address
Telephone number
Address and postcode (Full or Partial)
Date of birth
Gender
National Insurance number
Bank account details Grant applications, including grant schemes funded by the UK Shared Prosperity Fund and Rural England Prosperity Fund.
Bank statements
Age group Project evaluations, free public Wi-Fi.
Country of residence
MAC addresses Town footfall monitors – this is instantly hashed upon detection and a Unique Identifier is used in its place.
Special category data Where this is collected
Ethnic origin Project evaluations Free Public Wi-Fi (Gender information with your explicit consent) Think Lowestoft/Virtual Creative Hub UK Shared Prosperity Fund projects, including the Personal Development Service
Religious belief
Health problems/mental wellbeing/disability questionnaire

This data may be collected from data subjects who are below the age of 16. In these instances, consent will be obtained from parent or legal guardian.

Cookies: collected on our East Suffolk Means Business and Think Lowestoft websites. For further information, see www.eastsuffolkmeansbusiness.co.uk/privacy-policy or www.thinklowestoft.co.uk/privacy-policy

What information do we maintain?

The information about you which we will maintain will include:

  • Name and address
  • Email address
  • Councillors’ declarations of interests
  • Councillors’ directory
  • Recording of ceremonial events and civic occasions
  • Members’ code of conduct
  • Members’ accountability statements
  • Town and parish clerks’ contact list

How do we use your information?

We will be using your information to:

  • Deal with your query, petition or complaint
  • Ensure you are a resident of East Suffolk if you are submitting a Public Question for a Full Council meeting
  • Contact you to provide a service e.g. Independent Remuneration Panel members

We invite interested residents and service users to subscribe to committees via our website. Our Committee Management Information System (CMIS) allows residents to receive automatic notifications when meeting papers are published. Residents can unsubscribe or change their preferences at any time by logging onto our webpages.

We will not use your personal data for other purposes other than for what it was collated unless we have obtained your consent or for other lawful purposes (e.g. detection and prevention of fraud). We do not use automated decision making.

How long do we keep your information?

We keep information for statutory purposes. We will hold your personal information for seven years in accordance with the Local Government Act 1972 (as amended).

Data sharing

We will share your personal information with:

  • Other teams within the council, should they be able to assist in dealing with your query or complaint
  • Potentially within meeting Minutes which are published on line

Transferring your information overseas

Currently, we do not transfer any personal information outside of the European Economic Area (EEA).

National Fraud Initiative (NFI)

We may share information provided to us with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. For further information, see the East Suffolk website.