Who we are
Teignbridge District Council is registered with the Information Commissioner’s Office (ICO) as a ‘data controller’ under the Data Protection Act, entry Z5463710. We are a public authority and have a nominated Data Protection Officer who can be contacted on dataprotection@teignbridge.gov.uk.
This notice, in conjunction with our overarching privacy policy, explains when as a service we collect personal information, what we use your data for, who has access, who we share it with and what your rights are.
What information do we collect about you?
When you become a member or book an activity, we will collect basic personal details such as your name, date of birth, e-mail address, postal address, telephone number(s), next of kin and parental details.
We will sometimes need to collect your bank or credit card details to process payments for our products.
In order for us to properly assess the most appropriate advice, recommendations, products or service that we offer we may ask you to provide us with sensitive personal data such as medical details and health circumstances, particularly for our exercise referral scheme. We always treat this information in the strictest of confidence and only ever use it for the purpose it is collected.
Where we get your information from
We collect personal information from you as the service user through online web forms, hard copy application forms, email, by telephone or through face-to-face discussion. This information will be collected from either you directly as the data subject, or from a representative acting on your behalf.
If you fail to provide certain information, we may not be able to provide the service you have requested.
How your information will be used
In order to provide services to you, it is necessary for us to collect and hold personal information about you. This information will be used to:
-
deliver and manage services we provide to you;
-
process and make decisions on applications you have sent us;
-
help investigate complaints or concerns you have raised about the service provided;
-
help detect and prevent fraud and corruption in the use of public funds and where necessary for law enforcement functions;
-
maintain our own accounts and records;
-
help us build up a picture of how we are performing;
-
provide statistical analysis;
-
help with research and planning new services;
-
send you communications which you have requested and consented to that may be of interest to you.
Lawful basis for processing data
The lawful basis for processing your personal data is:
-
Contract. The processing is necessary for a contract or taking specific steps before entering into a contract.
-
Consent.
-
Legitimate interests.
Who we share your data with
We may pass your information to our service partners, agents and associated organisations to allow us to service your membership and communicate with you. We will also pass your information to other partners for the purpose of marketing or promotion of services offered by the Council, but only if you have consented to this.
When required by law we may disclose your information to crime agencies such as the police or HMRC.
There may also be instances where our system suppliers will need to access individual’s personal information to ensure that information is being held securely and accuracy is maintained. This will be on a strict need to know basis and all contracts have confidentiality clauses built in.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not disclose any personal information to any other third parties unless required to do so by law or where it is appropriate to support our duty to protect public funds and / or detect and prevent fraud or other criminal activity.
We will not transfer your information to countries outside the European Economic Area (EEA) unless this is necessary, and only to countries which have sufficient safeguards in place to protect information.
How long do we keep hold of your information and is it secure?
We will only retain your personal information for as long as we are required to do so by law and the purpose we collected it for. The retention period is either dictated by law or by our discretion. Once your data is no longer needed it will be securely and confidentially destroyed. Your personal data will be held on our membership management systems for 13 month beyond your final attendance to an activity.
Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the council’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our council sites require a personal electronic pass to access staff only areas.
Changes in your circumstances
You must notify us immediately if there are any changes in your personal details so we can maintain an accurate and up to date record of your information.
Your rights and access to your information
You have rights under the data protection legislation:
-
to access your personal data, known as a subject access request;
-
to be provided with information about how your personal data is processed;
-
to have your personal data corrected;
-
to have your personal data erased in certain circumstances;
-
to object to or restrict how your personal data is processed;
-
to have your personal data transferred to yourself or to another business in certain circumstances;
-
you have the right to be told if we have made a mistake whilst processing your data and we will self-report breaches to the Information Commissioner.
Should you wish to exercise any of your rights, you should contact the Data Protection Officer dataprotection@teignbridge.gov.uk.
If you have any concerns
You have a right to complain to us if you think we have not complied with our obligation for handling your personal information by contacting the Data Protection Officer in the first instance.
If you are not satisfied with the council’s response you have a right to complain to the Information Commissioner Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113