Last updated: 25 May 2018
This privacy notice provides you with information about what we do with your personal data (information that is about you and identifies you).
We have recently updated our Privacy Notice to include changes to address the new standards introduced by the European data protection law, known as the General Data Protection Regulation (GDPR).
Below sets out how we, South Cambridgeshire District Council (SCDC), collect, store and handle your personal information and what your information rights are. Your rights will vary with the service being used. We have created service specific Privacy Notices that you can find listed at the bottom of this page.
What we mean by personal information is any information that can be collected via a paper or online form, by telephone, email, CCTV or by a member of our staff.
The Council is registered (Z5418062) with the Information Commissioner’s Office (ICO) as a Data Controller. We are committed to processing personal data in accordance with the GDPR principles, which ensure the safe processing of personal data. We are a public authority and have a nominated Data Protection Officer, whose details you can find below in our contact information section.
Our ICO registration entry describes in general terms the purposes, the categories of personal data and the categories of the recipients, you can view our entry details on the ICO website, see entry Z5418062. This entry applies to all Council staff and members of the public. You can see service specific information in the sections below.
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information. Some of the services we offer, that we cannot complete without your information, are below:
You can see service specific information in the section below. However, we mostly process data because the law tells us we have to. Further details of these are laws are at https://data.gov.uk/dataset/01171494-e40b-463f-9967-56d158412321/statutory-duties-placed-on-local-government.
We will use the information you have provided in accordance with Data Protection legislation. We will not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept. We will strive to keep your information up to date and accurate. We will always make sure you understand why we need the information. We will not collect irrelevant information.
In general, we process your information for the following reasons:
We will not pass any personal data on to third parties, other than:
None of our core systems host or store data outside the European Economic Area (EEA). Where we do transfer data internationally, it is through the use of websites such as Eventbrite. You use these services only with your consent.
If we do need to transfer any data outside the EEA, we do so with data processing agreements that meet our obligations under the Data Protection Act.
We may share your personal data within the Council, with other public authorities or government agencies in order to provide services to you and to prevent and detect fraud. The Council is a signatory to the Cambridgeshire Information Sharing Framework, which sets high standards for secure and safe practices in information sharing within the County and beyond.
Information will not be sold, or provided to anyone else, or used for any purpose that is not related to any of the Council's statutory functions, unless you have been advised that we will do so or it is required by law. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to.
When you call our main contact centre (03450 450 500) we record our calls for security and training purposes and keep them for 30 days. However, we do not record payment transactions or if the call is passed onto another member of staff who works outside of the contact centre.
We do not use analytic tools such as Google Analytics.
All of our E-forms have their own Privacy Notice at the beginning of the form, before you enter any personal information. We recommend that you read the Privacy Notice before filling in the form. Details of your rights will be in the Privacy Notice in the form.
We use a range of different systems, requiring a different account username and password to sign in. We make sure these are kept secure in our systems. We would ask that you take care of your login details.
We have installed CCTV systems in some of our premises used by members of the public, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection.
They are installed in our recycling sites for the purposes of public and staff safety, crime prevention and detection, and the abuse of council policies.
We also have some camera mounted on vehicles to improve the safety of our staff and assist with health and safety investigations.
In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.
You have the right to see CCTV images of yourself and be provided with a copy of the images.
We do not make automated decisions generally, with two major exceptions. Some benefits are automatically calculated using the information that you have provided; some housing allocation is on a points-based system, which is automated to ensure that it is fair.
We are required by law to protect the public funds it administers. We may use any of the information you provide to us for the prevention and detection of fraud. We may also share this information with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud. This includes the Cabinet Office’s National Fraud Initiative (https://www.gov.uk/government/collections/national-fraud-initiative), the Department for Work and Pensions, other local authorities, Her Majesty’s Revenue and Customs, and the Police.
We will not keep your information any longer than needed to provide the services you require. We may keep your data longer if we need to retain it for legal, regulatory or best practice reasons. The Retention Schedule sets out details of how long we keep data.
The information you provide will be subject to thorough measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t be allowed to see it.
We have a comprehensive set of Information and Security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
In terms of payments we use a PCIDSS compliant provider for secure electronic payment systems. All transactions carried out via our payments provider website are protected by Secure Socket Layer (SSL) technology. This is to ensure that any information you provide, when transmitted over the internet, is encrypted and secure.
We have procedures and policies in place to ensure we are doing our best in this regard. This includes reporting of near miss events so that we continually improve procedures.
If a breach is likely to result in high risk to rights and freedoms of individuals the Council has a lawful duty to inform them without undue delay. And we are legally obligated to notify the ICO within 72 hours.
If you have any concerns regarding the way we have handled your personal data please contact the Data Protection Officer by emailing infogov@3Csharedservices.org or by calling 01954 713318 or 01480 388073. Your complaint will be answered as soon as possible and within 20 working days.
The Council takes a ‘data protection by design and default’ approach when we develop policy, strategy, or initiatives that have privacy implications including technological changes. We will carry out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests. We’ll carry out a screening checklist at the outset of a project (small or large) so that where there are potentially significant risks to individuals privacy this will be appropriately assessed and measures to mitigate the risk if applicable, will be actioned.
The Council recognises that individuals have specific enhanced rights dependant on the lawful condition for processing, and will create and maintain procedures for individuals to exercise those rights.
The council has a month to respond and comply with a request you make. This is a maximum period. The council will take measures to assure ourselves of your identity by asking you to provide photographic ID before addressing any request.
You have the right to ask the council what personal information we are processing about you and obtain:
No charges will be made for supplying this information. Where we hold a lot of information about you we may ask you to narrow the scope of your request. Requests for subject access will be coordinated by the Information Governance Team. You can find our Subject Access form. Alternatively email us at firstname.lastname@example.org. Or write to us at the Council address.
You have the right to have inaccurate personal data rectified without undue delay. Incomplete data should also be completed. The decision over the accuracy of the data lies with the Council. This right does not exempt the Council from the principle of data accuracy.
Under certain circumstances you can ask for your data to be erased. The council must comply with this request if:
The council does not have to comply if processing is necessary for:
You will be notified of outcome of the request without undue delay and no later than a month after a request has been made.
You can request restriction of the processing of your information in a number of circumstances:
When processing is restricted the Council is allowed to store the personal data, but not to process it further. The data the Council hold on its systems should at least be marked as unavailable, but other measures will be considered such as a restriction of access by staff
If the personal data in question is disclosed to third parties, the Council will inform you about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. You can request only the data you have supplied to a controller (under either ‘Consent’ or ‘Contract’ lawful conditions only) to be provided in a ‘structured, commonly used and machine readable format (e.g. CSV). You can request that this information is supplied directly to another data controller on your behalf.
The Council will ensure the data is transmitted securely.
You have the right to object to the use of your data if it is processed for
The data must be restricted whilst the authority is considering the balance of their grounds for processing against yours.
You have the right to object to any decision made by solely automated means. You can ask for human intervention on any decision, to express the Councils point of view and to obtain an explanation of the Councils decision. You also have the right to challenge the decision.
Where possible we will seek to comply with your request but we may be required to hold, retain or process information to comply with a legal obligation or as a public task.
This policy will be reviewed every two years, or when significant changes occur in related legislation or in Council strategy. When this happens we will place an updated version on this page and the date the page has been amended will be visible at the top of this page.
If you wish to raise a complaint about your personal data privacy or information rights please use our secure online contact us form.
If you wish to make a complaint direct to the Data Protection Officer please use the email address below.
You have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO). Contact details for which are at www.ico.org.uk.
South Cambridgeshire District Council
South Cambridgeshire Hall, Cambourne Business Park, Cambourne CB23 6EA
03450 450 500
Contact Us information
If you have any concerns or comments please contact the Council’s Data Protection Officer directly on the following email email@example.com.
Revenues and Benefits Privacy Notice
Electoral Services Privacy Notice
Planning Privacy Notice
Planning Policy Privacy Notice
Housing Privacy Notice
Was this web page helpful?