The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The regulation came into effect on the 25th May 2018.
Parish Councils have been granted an exception from parts of the new regulations, however at Wembdon we intend to comply fully with the GDPR as we believe that this will form best practice.
Personal data is information which directly or indirectly identifies you. We at Wembdon Parish Council are committed to processing your personal data in accordance with EU data protection laws.
For the purposes of EU data protection laws, Wembdon Parish Council is the data controller. The function and business of Parish Councils is set out in law (local government act 1894), consequently we use the UK Information Commission’s definition of ‘Public Task’ as the lawful basis for processing your personal data.
A full description of the new regulations and their implications can be found on the website of the UK Information Commissioner.
1. Collecting Personal Data
1.1 We may collect personal data from you in a number of ways, for example, when you:
a. Call, either the Parish Clerk or a Parish Councillor.
b. Contact us by post or email.
c. Ask us to contact you.
d. Participate in surveys.
e. Subscribe to the services which we provide on our website.
2. What Personal Data we Collect
2.1 We will only collect data relevant to conducting Parish Council business, this includes:
a. Contact details, your email address, telephone number and postal address.
b. Records of our interactions / correspondence with you.
c. Information you provide to us in surveys.
d. Information required in order to provide a website service to which you have subscribed, e.g. name and email address.
e. Traffic or Clickstream Data. Data about traffic and usage is not personally identifiable and is not combined with other information the Council holds to provide personally identifiable information.
2.2 Cookies: Like many organisations we collect information about online behaviour using cookies. These cookies contain identification information that enables us to see how users are interacting with our website and how frequently they are returning. The cookies we use do not contain any personally identifiable information and are not combined with other information the Council holds to provide personally identifiable information. You may set your browser software to reject cookies but you may not be able to use all the features of the site.
2.3 Traffic or Clickstream Data: Data about traffic and usage is not personally identifiable and is not combined with other information the Council holds to provide personally identifiable information.
3. How We use your Personal Data
3.1 We will only use your data in the pursuance of Parish Council business.
3.2 When you provide personal information (such as name, e-mail, address and other contact information) to us via the website for whatever purpose (e.g. registration, survey, feedback etc) your personal information will only be used for the purpose of communicating with you in relation to the matter raised or for any other purpose for which you have given your consent.
3.3 Specific personal information may be released when we are required to do so eg. court order or for any of the Council’s statutory purposes.
4. Your Rights
4.1 You have the right to request access to and rectification or erasure of your personal data.
4.2 If you wish to exercise this right you should contact the Parish Clerk as described in the ‘contact us’ section of the Wembdon Parish Council website, who will correct or remove your personal data.
4.3 You also have the right to lodge a complaint about the processing of your personal data with the UK information Commissioner.
5.1 We will not pass your personal data to any third party for marketing purposes.
6. Security and Data Retention
6.1 We take great care to ensure the security of this website and your personal information. We have put in place appropriate technical and organisational measures to ensure the safety and security of the information we collect on line. Any third party processing such information on the Council’s behalf is contractually obliged to put in place similar measures. However, you should consider any communication that you transmit to us (such as data, questions, answers, comments or suggestions) as non- confidential. The Council will not be liable if information that belongs to you is intercepted and used by an unintended recipient.
6.2 We will retain your personal data for a period up to 7 years from the end of our relationship with you. You can find our policy on the retention of all data and documents related to the running of the Parish Council on the Parish Council website Wembdon.org
7. Links to other websites
8. Changes to this Data Protection Notice
8.1 We may revise or supplement our Data Protection Notice from time to time to reflect for example, any changes in Parish Council responsibilities, UK or European law, the introduction of any new technology. We will publish the updated Data Protection Notice on this website.
9. Enquiries Requests or Concerns
9.1 All enquiries, requests or concerns regarding this Notice or relating to the processing of personal data, should be sent to the Parish Clerk at firstname.lastname@example.org
This policy was reviewed on 10th January 2022