This Privacy Notice tells you what to expect when Flintshire County Council collects your personal data.
We are committed to compliance with data protection legislation, as well as your rights to confidentiality and respect for privacy. The Council will ensure that it keeps your personal data accurate and secure to provide you with efficient services.
We will only use the data it holds about you in accordance with the law. We will also only collect the minimum data necessary, and when it no longer has a need to keep your data, it will be disposed of in a secure manner.
We have a Data Protection Officer who makes sure we respect your rights and comply with the law. If you have any concerns about how we look after your personal data please contact the Data Protection Officer Alun Kime at email@example.com or by calling 01352 702802.
Do you know what personal data is?
Personal data is any information that relates to an identifiable living individual directly or indirectly. This includes data that when combined with other data can then identify a person. For example your name and contact details.
Do you know that some of your personal data is considered as ‘special’?
Some data is considered to be special and needs more protection and safeguards due to its sensitivity. It is often data that is very personal to you, that you wouldn’t expect or want to be widely known. This will include anything that can reveal your:
- Sexuality or sexual health
- Religious or philosophical beliefs
- Physical or mental health
- Trade union membership
- Political opinion
- Genetic or biometric data
- Criminal history
Why do we need your personal data?
We may need to use some information about you to:
- Deliver services and support to you
- Manage those services we provide to you
- Train and manage our employees who provide those services
- Investigate any complaints or concerns you have about our services
- Keep track of our spending
- Monitor the quality of our services
- Research and plan for new services or changes to current services
When processing your personal data we must have legal reason to do so. Generally we collect and use your personal data where:
- You, or your legal representative, have given consent
- You have entered into a contract or are taking steps to enter into a contract with us
- It is necessary to perform our statutory duties
- It is necessary to protect someone in an emergency
- It is required by law
- It is necessary for employment purposes
- It is necessary to deliver health or social care services
- It is necessary for legal cases
- It is in the public interest and to the benefit of society as a whole
- It is necessary to protect public health
- It is necessary for historic, research or statistical purposes
At the time of collecting your data, the Council will inform you:-
- Why and how we will be processing your data
- Our legal basis for processing the data
- If the information will be shared with any 3rd parties
- If the information will be transferred to a third country (outside the European Economic Area) including the safeguards in place to protect your data
- How long the information will be kept for
- Your individual rights, including accessing your data
- Your right to withdraw consent at any time, where relevant
- Your right to lodge a complaint with the Information Commissioners Office
- The possible consequences of failing to provide your data
- If an automated decision or profiling will be made using your data
Who do we share your information with?
We use a range of organisations to help us deliver our services, where we have these arrangements there is always an agreement in place to make sure that those organisations comply with data protection law.
We sometimes have a legal duty to share personal data with other organisations. This is often at the request of the courts when:
- We take a child into care
- We are ordered by the courts to provide the information
- Someone is taken into care under mental health law
We may need to share your personal data when we feel there’s a reason that’s more important than protecting your privacy:
- In order to detect and prevent crime
- If there are serious risks to members of the public, our staff or to other professionals
- To protect a child or adult who are thought to be at risk
For all the reasons above, the risk must be serious before we can override your right to privacy.
Transferring data outside the European Economic Area (EEA)
The Council will only transfer personal data outside of the EEA in compliance with Chapter V of the General Data Protection Regulation. Transfers may be made where the Commission has decided that a third country (a country outside the EEA), a territory or one or more specific sectors in the third country, or an international organisation ensures and can demonstrate that individual’s rights are protected by adequate safeguards.
How does the Council keep your personal data secure?
The Council secures your personal information from unauthorised access, use or disclosure. The Council secures the personal data you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
We may store your personal information using European Union based cloud providers, but only where a data processing agreement is in place that complies with obligations equivalent to those of the General Data Protection Regulation.
National Fraud Initiative
The Council is required by law to protect the public funds it administers, to this end we may share your personal data with other bodies responsible for auditing or administering public funds to prevent and detect fraud.
The Auditor General for Wales requires all local authorities under his powers in Part 3A of the Public Audit (Wales) Act 2004, to provide data it holds for this purpose. The data is shared with the Wales Audit Office/Audit Commission.
Individuals have certain rights in respect of their own personal data, which are (further information relating to your rights including how to make a request can be found on our Data Protection Page);
- The right to be informed – This emphasises the need for transparency over how the Council uses your personal data, this will be done typically through a privacy notice at the time your data is obtained.
- The right of access – Individuals have the right to obtain confirmation that their data is being processed and access to their personal data held by the Council.
- The right to rectification – Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
- The right to erasure – The right to erasure is also known as ‘the right to be forgotten’. This enables an individual to request that the Council deletes or removes their personal data where there is no compelling reason for its continued processing.
- The right to restrict processing – Individuals have the right to block or supress processing of personal data where there is no compelling reason for the processing. When processing is restricted the council will be permitted to store the personal data, but not further process it, and will retain just enough data about you to ensure that the restriction is respected in future.
- The right to data portability – Individuals have the right to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
- The right to object– Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercises of official authority, direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling – This provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
For further information on the use of your data including how to make a request under your individual rights above please visit our Data Protection Page or contact our Information Governance Team using the details below:-
Information Governance Team
Flintshire County Council
Flintshire CH7 6NR
Alternatively you can contact the Council’s Data Protection Officer Alun Kime using the following details:-
If you feel the Council has handled your data unfairly or unlawfully you can lodge a complaint with our Information Governance Team using the link below:-
Data Protection Complaints Procedure
If you remain dissatisfied with how the Council has handled your personal data you may wish to contact the Information Commissioner’s Office by:-
- Post: Customer Contact, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF,
- Phone - 0303 123 1113,
- Email - firstname.lastname@example.org
- Or by visiting the ICO website - www.ico.org.uk