Data Controller – Somerset Council – ICO Registration Z5957592
Data Protection Officer contact – firstname.lastname@example.org
Purpose for processing
- Customer and community insight – business intelligence
- Customer contact
- Customer experience and information governance
- Internal and external communications
Legal basis for processing
Public task – Corporate Affairs is required to act in the public interest to perform public duties to ensure the delivery of the services detailed above. In some cases, Corporate Affairs may ask for your explicit consent to process your personal data, see below for more details.
Legitimate interests – Corporate Affairs uses your personal data to support its legitimate interests to audit financial transactions, to ensure the quality of services, to correspond with customers, to answer enquiries, and to deal with complaints.
Data sharing – the personal data provided to Corporate Affairs will be shared with a range of partners when providing services including national government departments, the NHS, the Police and other local authorities. When Corporate Affairs is required to share your personal data, you will be informed at the point your data is collected.
Safeguarding – in cases where you or another member of the public may be at risk your personal information will be shared.
Other statutory obligations – in cases where the council is legally obliged to disclose your personal information in cases such as prevention or detection of crime or fraud your personal information will be shared.
Transfers abroad – your data will not be transferred abroad unless you are specifically informed at the point your data is collected.
Data retention – this data will be retained for a period determined by UK law and regulations, or in some cases to meet specific requirements of the service being provided. You will be informed of this at the point your data is collected.
Your rights – You have the right to ask Somerset Council for a copy of your data, the right to rectify or erase your personal data, and the right to object to processing.
However, these rights are only applicable if the council has no other legal obligation concerning that data. For more information visit our page about your rights on the information we hold about you.
You also have the right to complain to the regulator – Information Commissioner’s Office (IOC).
Consequences: In some cases, if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.
If the legal basis for processing is explicit consent we will need to ensure you are provided with a:
- clear explanation of exactly what is being consented to
- clear “opt-in”
- clear option to withdraw your consent later by use of an “opt-out”
Privacy of Electronic Communications Regulations (PECR)
To meet the requirements of the Privacy of Electronic Communications Regulations (PECR) we will ensure that we give you clear options on the information you receive, and how you can receive it.
If we are using your contact details to distribute further information, we will provide you with opt-in options so you can choose the method of communication, such as post, email, or phone, and to choose what you will receive, such as newsletters, invitations to events, and service updates. We will also offer you a clear option to unsubscribe to any communications sent with your consent.