EAST BERGHOLT PARISH COUNCIL

Privacy Notice

What is a Privacy Notice?
This Privacy Notice sets out what information East Bergholt Parish Council holds
about you, why the Council holds it, how the Council protects it whilst a service you
have requested is being provided to you and your rights under the General Data
Protection Regulation and the Data Protection Act 2018. In publishing this Notice the
Council acknowledges its responsibilities under the legislation with which it complies.
East Bergholt Parish Council considers the security of your personal data a high
priority and will only use the information it holds about you for the purpose for which
you supplied it or as permitted by law. It will only collect the minimum necessary
information to provide you with the required service.
What is personal data?
This means any information related to an identified or identifiable natural living
person (known as “the data subject”) which is not already in the public domain. The
Data Controller determines the purposes and means of processing personal data.
East Bergholt Parish Council is a Data Controller and is registered with the
Information Commissioner’s Office.
Generally, the Council only holds low level data about individuals such as names,
addresses, email addresses and telephone numbers. This is usually obtained when
you ask the Council for information, complete a form, when you wish to express your
views on something taking place within the community, or when the Council provides
you with a service. The Council will only collect the information needed to provide
you with services. It does not sell or broker your data.
The Council has the right to process information under the legislation only where it
has a proper reason to do so, which includes:
 Where there is a legal obligation to do so
 Where it is necessary to carry out a contract it has with you
 Where the Council has your consent.
What are the Council’s responsibilities in respect of the data?
Article 5 of the GDPR requires the Council to ensure that personal data is:
 Processed lawfully, fairly and in a transparent manner
 Collected for specified, clear and legitimate purposes
 Adequate, relevant and limited to what is necessary
 Accurate and kept up to date

 Kept for no longer than necessary
 Processed securely.
All personal information provided by you is held securely and confidentially in
electronic and/or hard copy format.
How we use sensitive personal data
We may process sensitive personal data including, as appropriate:
 Ability to carry out tasks based on health conditions (e.g ability to safely oper-
ate equipment on Council property).
 Personal information in order to monitor compliance with equal opportunities
legislation (e.g job application forms)
 in order to comply with legal requirements and obligations to third parties (for
example, driving licence or NI numbers for payroll use, occupational therapy
information)
We may process special categories of personal data in the following circum-
stances:
 In limited circumstances, with your explicit written consent.
 Where we need to carry out our legal obligations.
 Where it is needed in the public interest.
Less commonly, we may process this type of personal data where it is needed in
relation to legal claims or where it is needed to protect your interests (or someone
else’s interests) and you are not capable of giving your consent, or where you
have already made the information public.

How long is personal data held?
The legislation provides that personnel data must only be retained whilst:
 Consent from the data subject is held
 The data is necessary for the performance of a contract
 There is a legal obligation to hold it
 Holding the data is important to protect the interests of the data subject or
another person
 Holding the data is in the public interest
 The Council has a legitimate interest in holding it (except where such
interest is overridden by the interests or rights of the data subject).
The Council may keep some records permanently if there is a legal obligation
to do so. Others such as financial records will be kept for a minimum period of
eight years to support HMRC audits or provide tax information or for six years

where the law imposes a time limit for claims. Generally personal data will
only be kept as long as it is needed and then deleted.
What are your rights?
The General Data Protection Regulation and the Data Protection Act 2018
include the following rights:
 The right to be informed – primarily by this Privacy Notice
 The right of access – you have the right to request access to your
personal data which the Council holds.
 The right to rectification – the correction of erroneous information held
about you.
 The right of erasure – you may have the right to have erased
information held.
 The right to data portability – the right to have the data held about you
transferred to another organisation.
 The right to object – if you think the data is not being processed for the
purpose for which it has been collected, you may object.
 The right to withdraw consent – at any time you may withdraw consent
in respect of any discretionary service provided by the Council.
 The right to make a complaint – upon any other matter relating to the
keeping or processing of personal data by the Council.
If you wish to exercise any of the above rights initially you should contact:
Graham White
Parish Clerk
Tel: 01206 413106
Email: parish.clerk@eastbergholtpc.co.uk

If you prefer you can contact:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1133
Email: https://ico.org.uk/global/contact-us/email

Approved and adopted by East Bergholt Parish Council: January 2024
Next Review: January 2025