Skip Navigation
Smallest fontMedium fontLargest font
Search site

Privacy Statement and Fair Processing Notice

Fair Processing Notice inclusive of General Data Protection Regulation update

 

Purposes of personal data processing

 

 

In order to meet its responsibilities as a local authority, Runnymede Borough Council collects, holds and processes considerable amounts of information.

Where personal data is involved, such as your name and address, the council must comply with the Data Protection Act 1998 and GDPR requirements.  

The Act imposes additional requirements on sensitive personal data of a private nature such as the state of your health.

 

Retention periods for storing your Personal Data

Runnymede Borough Council has a record retention and disposal schedule. This is a document that sets out the legislation, guidance and policy about record retention of all data we hold.

All retention periods quoted are minimums only and our records are reviewed at the end of any quoted time.

Records are considered both individually and in relation to business centres as a whole. The purpose, value , and corporate significance is also considered.

Web link to record retention and disposal schedule (Opens in a new window)

 

Using your Personal Data

The council will only use your personal information when it has a legitimate basis for doing so and will process it in a fair and lawful way.

The council may use your personal information for the purpose it was provided and other compatible reasons.

We will process your personal data only where necessary and in a proportionate way, including in the following circumstances:

  • To allow the council to communicate with you and provide appropriate services

  • To plan, monitor, and improve service performance

  • Where the council exercises its enforcement functions, for instance licensing and planning

  • Legal proceedings, including prosecutions by the council

  • To process financial transactions such as payments and benefits, including where the council is acting on behalf of other government bodies such as the Department for Work and Pensions

  • To prevent and detect fraud and other crimes

  • To protect individuals from harm or injury

To fulfil its legal duties including those under the Equalities Act 2010 and Health and Safety Acts

 

How we take care of your personal data

We ensure your personal information is securely and safely held, whether electronically or in hardcopy.

The council is moving to maximise its use of electronic, rather than paper, records. 

We have controls in place to protect stored, and transferred, information and to minimise risks associated with inappropriate disclosure.

We manage information throughout its lifecycle, so only personal data relevant for a particular purpose is collected.

We take steps to ensure data we input is accurate and, where necessary, updated. This includes where accuracy is challenged.

We ensure information is not kept longer than necessary. That is, not beyond the business need or what the law may require, in accordance with our retention policy.

Redundant data is permanently deleted or disposed of securely.  

Staff are trained to properly handle personal information. A failure to take proper care or misuse of information may be treated as a disciplinary matter

 

Categories of recipients of the personal data /sharing your personal data

In most cases, only our staff will use your personal data, which we are under a general duty not to disclose. However, there are some occasions when the council will share information with other organisations or make it publicly available.

  • Where we share sensitive personal data, such as health information, we will normally need your permission. We may request this when the information is first obtained.

  • When we provide a support service we may share personal information with another agency to ensure the appropriate service is delivered.

  • The police and other agencies may request personal information as part of an investigation, to prevent crime, or prosecute offenders The council will accede to these requests under an exception to non-disclosure.

  • We may approach other organisations to share personal information to prevent crime, for instance to stop a vulnerable person being abused.

  • For matching purposes, we may share your personal data with other bodies responsible for auditing or administering public funds, or where undertaking a public function, to prevent and detect fraud. 

  • The council participates in the statutory National Fraud Initiative; a data-matching* exercise with other public bodies run by the Cabinet Office for the purposes of preventing and detecting fraud.

  • Information collected for public registers, such as planning or licensing applications, must be published or made available on request.

    Data matching compares computer records held by one body against those held by the same or another body.

    This is usually personal information.

    Computerised data matching allows potentially fraudulent claims and payments to be identified.

    A match may indicate an inconsistency that requires further investigation.

    No assumption can be made as to whether there is fraud, error, or other explanation until an investigation is carried out.

 

Provision of personal data

Provision of data is obligatory in cases where the council exercises its enforcement functions.

Failure to provide some voluntary data may mean certain support services can not be delivered.

 

Your rights and requests about the information we hold

You have the right to request any inaccuracies in your personal data be corrected free of charge.

Please notify us in writing, explaining what you consider is incorrect and what it should be replaced with, including enough information to identify yourself.

You may request access to personal data we may hold about you.

Subject Access Requests should be made in writing to the Freedom of Information Officer. A fee of £10 applies and proof of identity is required. For further details see the Freedom of Information page.

*Please note the fee of £10.00 ceases after 25 May 2018.

 

 

Questions and further information

If you have any questions or communications about this statement you can contact us at: general.enquiries@runnymede.gov.uk.

Further information about data protection and privacy matters can be found on the Information Commissioner's website (Opens in a new window).

 

Privacy Notice for Runnymede Borough Council

 

We sometimes share data about residents and their families to ensure appropriate services are delivered. This notice explains what happens with this information.

 


What information do we record?

The information we require may include personal or sensitive information.

Personal information

  • First name

  • Family name or surname

  • Address

  • Telephone numbers

  • Date of birth

  • National Insurance number

Sensitive personal information

  • Gender, ethnicity and marital status

  • Religious or other cultural beliefs

  • Physical or mental health or condition

  • Sexuality

  • Offences (including alleged offences)

  • Financial information, including bank account details

     


What do we use it for?

We may also use information for other reasons:

  • To help improve and plan future services

  • To make services useful, efficient and effective

  • Accountability

  • Statutory obligations

  • To identify and protect those at risk of harm

  • Accuracy of records

  • To prevent and detect crime

  • To protect residents

     


    *Combining data

    We also combine data among services and may issue alerts to potential security risks.

 

 

 

Sharing information

In most cases only staff, under a general duty of non-disclosure, will use your personal data.

However, occasions exist when the council will share information with other organisations or make it publicly available:

  • Sensitive personal data such as health information will normally need permission prior to being shared. We may request this permission when information is obtained.

  • Support services may need personal information to ensure appropriate delivery.

  • Police and other agencies may request personal information to investigate or prevent crimes or to prosecute offenders. The council will accede to these requests under an exception to non-disclosure.

  • We may approach other organisations to share personal information to prevent a crime, for instance to stop a vulnerable person being abused.

  • For data-matching purposes, we may share personal data with other bodies responsible for auditing or administering public funds, or undertaking a public function, to prevent and detect fraud. 

Information collected for public registers, such as planning or licensing applications, must be published or made available on request.

 

Data matching compares computer records held by one body against those held by the same or another body.

This is usually personal information.

Computerised data matching allows potentially fraudulent claims and payments to be identified.

A match may indicate an inconsistency that requires further investigation.

No assumption can be made as to whether there is fraud, error, or other explanation until an investigation is carried out.

Who we share information with

Doctors, Surrey County Council social services and other local authorities

We may process  personal data to connect with social services provided by Surrey County Council  that:     

· Signpost relevant local services

· Ensure vulnerable people are protected from harm and exploitation

We only disclose the minimum amount of personal data to local authorities to enable them to provide services. They must not use personal data for any other purpose, and we require them to keep personal data secure.

Government, council teams and other agencies including police, Health Protection Agency, Home Office, fire and rescue authorities, Department for Work and Pensions, JobCentre Plus or the Pension Service, Environmental Health, database supplier Civica

We will share personal information where required by law.  We may approach, or be approached by, other organisations to share personal information if we believe it is necessary to prevent a crime, for instance to stop a vulnerable person from being abused.

 

We only disclose the specified personal data requested to a government agency so it can investigate or prevent crime. This data must be kept secure.

 

 


How we protect personal data

We know how important it is to protect and manage personal data.  

We use computer safeguards such as firewalls and encryption, and enforce physical access controls to our buildings and files to keep data safe.  

We only authorise access to employees who require it to fulfil job responsibilities. Data provided though our websites and mobile apps is protected by secure socket layer encryption.

Personal data will not be transferred or stored the European Economic Area. Safeguards will be put in places to ensure personal data remains adequately protected and treated in accordance with this policy.

 


Gaining consent

During your contact with the council you will be informed of how you, or your children's, information will be used and shared with other services or organisations.

If you object you must inform the council. However, there are times when information could still be shared, for example:

  • Stated purposes as discussed when information is supplied

  • To protect a child, a vulnerable adult, or member of the public

  • Preventing and detecting crime

  • Tax or duty assessment

  • Required by court or law

The right to access personal data held about you exists under the Data Protection Act 1998. 

This is called a Subject Access Request.  Requests should be made in writing to the Freedom of Information Officer with the fee of £10* and proof of identity.

For further details see the Freedom of Information page.

*Please note the £10 fee ceases from 25 May 2018.

If you have any questions or communications about this policy contact Adeyemi.Tiamiyu@runnymede.gov.uk

Further information about data protection and privacy matters can be found on the Information Commissioner's website (Opens in a new window)

We may revise our Privacy policy should we change the way we collect or use your information.  
Footnote: This Policy was last updated on 30th November 2017.

A to Z of services

We use cookies to help us improve the user experience. By continuing to browse this website you are agreeing to our use of cookies. Find out more about cookies.