The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
Who we are
Mid Sussex District Council is registered with the Information Commissioner’s Office (ICO) as a ‘data controller’ under the Data Protection Act. We are a public authority and have a nominated Data Protection Officer.
What personal information we obtain
Our ICO registration entry describes in general terms the purposes, the categories of personal data and the categories of the recipients. You can view this at https://ico.org.uk/esdwebpages/search – see entry Z7389348.
Why we collect information about you
We need to collect and hold information about you, in order to:
- deliver public services
- confirm your identity to provide some services
- contact you by post, email or telephone
- understand your needs to provide the services that you request
- understand what we can do for you and inform you of other relevant services and benefits
- obtain your opinion about our services
- update your customer record
- help us to build up a picture of how we are performing at delivering services to you and what services the people of Mid Sussex need
- process financial transactions
- prevent and detect fraud and corruption in the use of public funds
- allow us to undertake statutory functions efficiently and effectively
- make sure we meet our statutory obligations including those related to diversity and equalities.
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information. We will not pass any personal data on to third parties, other than those who either process information on our behalf, or because of a legal requirement, and we will only do so, after we have ensured that sufficient steps have been taken to protect the personal data by the recipient. We do not sell your information to any organisation. We do not process data outside of the European Economic Area.
We may need to pass your information to other people and organisations that provide the service. These providers are obliged to keep your details securely, and use them only to fulfil your request. If we wish to pass your sensitive or confidential information onto a third party, we will only do so once we have obtained your consent, unless we are legally required to do so.
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the Data Protection Act, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime.
Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual. At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your prior express consent.
Communication with the Council
Telephone calls and Live chat
We will inform you if we record or monitor any telephone calls you make to us. Calls made direct to, or from, our Customer Contact Centre or to our Revenues & Benefits service are recorded and kept for 6 months from the date of the call. We do not record any financial card details if you then make payments by telephone.
If the call is transferred to a member of staff outside the Customer Service Centre, the recording stops. Calls may be recorded if telephoning direct to other service teams on alternative numbers. These records will be used, to increase your security, for our record keeping of the transaction and for our staff training purposes.
If you email us we may keep a record of your contact and your email address and the email for our record keeping of the transaction. We suggest that you keep the amount of confidential information you send to us via email to a minimum and use email encryption, our secure online forms and services. Where you receive emails direct from a service, you can withdraw consent and ask to be removed from the mailing list at any time by contacting the service.
Using our website
We may use information you provide via this site to:
- Improve content
- Communicate information to you - if you have requested it
We automatically monitor information such as:
- Pages visited
- Browsers used
- IP addresses
- Device type used
None of the above information will identify you personally. We only use it to help improve the website. This statement only covers the council websites maintained by us, and does not cover other websites linked from our site.
How long your information will be held
We will not keep your information any longer than needed to provide the services you require. We may keep your data longer if we need to retain it for legal, regulatory or best practice reasons. We will tell you in our service specific privacy notices of the retention period that applies.
How we protect your information
The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t be allowed to see it.
We have a comprehensive set of Information and Security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas.
We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly. We conduct assessments of privacy when making changes to processes or systems that hold your personal data. We assess the technical security of our systems and supplier systems.
We will dispose of paper records or delete any electronic personal information in a secure way. We will investigate data incidents where we have found that your personal information may have or has been disclosed inappropriately and attempt to recover any data. We will inform you unless we decide it would present a risk to you and inform the authorities such as Police, or Information Commissioner where required.
Your information rights
In general, you have the right to request that Mid Sussex District Council:
- provide a copy of your personal information
- correct any errors in your personal information and restrict processing until completed
- object to the processing, depending on the service and legal basis
- erase personal information, depending on the service and legal basis
- withdraw consent and have your data deleted, if consent is used as the legal basis for the service
- to be informed of automated decision making, including profiling for the service
Where possible we will seek to comply with your request but we may be required to hold, retain or process information to comply with a legal obligation or as a public task. We try to ensure that any information we hold about you is correct. There may be situations where you find the information we hold is no longer accurate and you have the right to have this corrected. Please contact the Council service/team holding your information in the first instance.
You are legally entitled to request access to any information about you that we hold, and a copy. See https://www.midsussex.gov.uk/about-us/your-data/ for options on how to request a copy of your personal information.
If you have any concerns or comments please contact the Council’s Data Protection Officer directly:
Data Protection Officer
Digital & Customer Services
Mid Sussex District Council
Haywards Heath, RH16 1SS
How to complain
If you wish to complain about your personal data privacy or information rights please contact the service in the first instance or at: https://www.midsussex.gov.uk/about-us/your-feedback/
If you wish to raise the matter directly with the Data Protection Officer, use the contact details above.
You have the right to complain to the supervisory authority – the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website: www.ico.org.uk , or their helpline on 0303 123 1113, or in writing to:
Information Commissioner’s Office
Cheshire SK9 5A
Changes to this privacy notice
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law.