Wealden District Council
More
You are using an unsupported version of Internet Explorer.
Parts of our website may display incorrectly or not work at all. Please consider downloading an up to date browser such as Chrome or Firefox.
Wealden District Council > Transparency, Spending and Performance > Data Protection

Data Protection

How we Use and Protect your Personal Information

Wealden District Council provides a wide range of services to residents, businesses and visitors. To deliver these services and carry out our public functions, we may need to collect, use, store and share personal information about you.

When processing personal information, the Council is committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other relevant information rights legislation.

Data protection law sets out principles that organisations must follow whenever personal information is processed. This means personal information must be:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified, explicit and legitimate purposes and not used in a way that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate and, where necessary, kept up to date;
  • kept only for as long as necessary; and
  • processed securely to protect against unauthorised or unlawful processing, accidental loss, destruction or damage.

The Council is also responsible for demonstrating compliance with these principles.

Special Category Personal Information

Some types of personal information are afforded additional legal protection because they are more sensitive in nature. Data protection legislation refers to this as special category data.

This includes information relating to:

  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • genetic data;
  • biometric data (where used to uniquely identify an individual);
  • health; and
  • sex life or sexual orientation.

Where the Council processes special category data, we will only do so where we have an appropriate lawful basis and meet any additional legal requirements that apply.

How Does the UK GDPR and DPA Protect Personal Data About You?

The UK GDPR and DPA sets rules and conditions which we must obey when obtaining and processing information about you. They also provide you with certain rights, which must be respected.

Your Rights

Under data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have rights in relation to your personal information and how the Council uses it.

This includes the right to:

  • be informed about how your personal information is collected and used;
  • access the personal information we hold about you;
  • request correction of inaccurate or incomplete personal information;
  • request erasure of your personal information in certain circumstances;
  • request that we restrict how we process your personal information in certain circumstances;
  • object to the processing of your personal information in certain circumstances;
  • receive certain personal information in a reusable format and request that it is transferred to another organisation where applicable (data portability).

You also have rights relating to:

  • automated decision-making, where decisions are made solely by automated means without human involvement; and
  • profiling, where personal information is used to analyse or predict aspects of an individual’s behaviour, preferences or interests.

Please note that these rights are not absolute and may be subject to legal exemptions or conditions.

For more information about each right and how to make a request, please visit our Data Subject Access Rights web page.

Data Protection Complaints

We take your privacy seriously and are committed to handling personal information lawfully, fairly and transparently.

If you are unhappy with how we have collected, used, shared, stored or otherwise handled your personal information, you have the right to raise a data protection complaint with us.

We aim to resolve concerns quickly and fairly and encourage you to contact us first so that we have the opportunity to investigate and address your concerns.

What is a Data Protection Complaint?

A data protection complaint is a concern about how the Council has handled your personal information.

Examples may include concerns that:

  • we have used your personal information incorrectly or unlawfully;
  • information about you is inaccurate or incomplete;
  • your information has been shared inappropriately;
  • we have kept your information longer than necessary;
  • you have not received a response to a data protection rights request;
  • appropriate security measures may not have been applied to your information;
  • you disagree with a decision we have made about your information rights.

A complaint is different from exercising your information rights, for example requesting access to your personal information, requesting correction of inaccurate information, or requesting deletion where applicable. If you wish to exercise one of your rights, please visit our [Privacy and Information Rights page].

How to Make a Data Protection Complaint

Data protection complaints are handled in accordance with the Council’s Corporate Complaints Procedure.

Please tell us:

  • your name and contact details;
  • details of your concern;
  • the service area involved (if known);
  • what happened and when;
  • any relevant correspondence or reference numbers;
  • what outcome you are seeking.

You can submit your complaint using the Council’s Complaints procedure. A link to our online form can be found under the heading ‘Further Information’.

Alternatively, you can:

Email complaints@wealden.gov.uk

Telephone our customer services team on 01323 443322.

What Happens After you Complain

When we receive your complaint, we will:

  • acknowledge receipt in accordance with our Corporate Complaints Procedure;
  • assess whether the matter concerns data protection or another complaints process;
  • review the handling of your personal information;
  • seek information from relevant Council services where necessary;
  • explain our findings and any actions we will take.

Depending on the issue raised, we may:

  • provide an explanation;
  • correct inaccurate information;
  • update our records or procedures;
  • take remedial action where appropriate;
  • explain why we believe our processing complies with data protection law.

Where your complaint includes an exercise of your information rights, statutory timescales under data protection legislation may also apply.

Your Right to Complain to the Information Commissioner’s Office (ICO)

You have the right to raise concerns with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection and information rights.

We recommend giving us the opportunity to investigate and respond first, but you are not required to do so.

ICO contact details:

Website: ICO | Make a Complaint
Telephone: 0303 123 1113