Outsourced printing and posting - Privacy Notice
Cotswold District Council is a data controller under the Data Protection Legislation as the council collects and processes personal information about you in order to provide services and meet their statutory and regulatory obligations.
This Privacy Notice explains the relationship between the Controller (the council) and the Processor (the supplier), how your information will be used and why.
This Privacy Notice is to be read in conjunction with our other service specific privacy notices: www.cotswold.gov.uk/support/privacy-and-data/service-privacy-notices/
Any questions regarding our privacy practices should be sent to:
Data Protection Officer (DPO)
Cotswold District Council
Council Offices, Cirencester, GL7 1PX
Tel: 01993 861194
Why the council needs your information and how the council uses it
Your personal data will be used for the provision of external printing and postage on behalf of the council. The council has a duty to distribute information you have requested or agreed to receive, or has a lawful reason for sending you. The council aims to procure external services at the best price and make sure public money is correctly used.
What is the legal process for collecting and processing this data
Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:
- UK GDPR Article 6 (1) (a) Consent – the data subject has given consent to the processing of your personal data for one or more specific purposes
- UK Article 6(1)(b) of the GDPR provides a lawful basis for the processing of personal data to the extent that the processing is: Necessary for the performance of a contract to which the data subject is a party.
- UK GDPR Article 6 (1) (c) Legal Obligation – processing is necessary for compliance with legal obligation to which the council is subject
- UK GDPR Article 6 (1) (e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in the council.
What type of information is collected from you
Personal details, which may include:
- Email address
The council will only ask for personal information that is appropriate to enable us to deliver the service.
Who your information may be shared with (internally and externally)
Your data is shared externally with the appointed printing and posting supplier and internally only with the appropriate staff where it is necessary for the performance of their roles.
How long is your personal data kept for (retention period)
Our appointed supplier will destroy all copies of the data when they receive our written instructions to do so 3 calendar months after the end of the contract, and will provide written confirmation to us that the data has been securely destroyed, except if the retention of our data is required by law.
How the council protects your information
Your data is stored securely on the council’s systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the council’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our council sites require a personal electronic pass to access staff only areas. The council has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.
The supplier will not transfer your personal data outside the EU without our consent.
The supplier has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.
Please note however that transmission over the internet this can never be guaranteed to be 100% secure.
The council will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
You have the following rights under the Data Protection Legislations:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances
- To object to or restrict how your personal data is processed
- To have your personal data transferred to yourself or to another business in certain circumstances
- To be told if the council have made a mistake whilst processing your data and the council will self-report breaches to the Commissioner.
How you can access, update or correct your information
The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.
If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
The accuracy of your information is important to us to be able to provide relevant services more quickly. The council is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information the council holds is inaccurate or out of date, please email us or write to us at:
The Data Protection Officer
Cotswold District Council
Council Offices, Cirencester, GL7 1PX
If you would like to know more about how the council uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at email@example.com.
For more information about data protection please visit: www.cotswold.gov.uk/about-the-council/council-data-and-access-to-information/data-protection/
If you are concerned about the way the council is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/
The council reserve the right to update this privacy notice from time to time by publishing a new version on our website.