Property and Estate Management - Privacy Notice
Who the Council is and what the Council does
Cotswold District Council is a data controller under the Data Protection Legislation as the Council collects and processes personal information about you in order to provide services and meet their statutory and regulatory
Publica provides an estates management service for the Council owned land and property in the district.
Estates Management Services include:
- Sales, lettings and acquisitions
- Property management
- Asset valuations
- Insurance valuations
- Professional property advice
This notice explains why the Council asks for your personal information, how that information will be used and how you can access your records.
Any questions regarding our privacy practices should be sent to:
Data Protection Officer (DPO)
Cotswold District Council
Council Offices, Cirencester, GL7 1PX
Tel: 01993 861194
Why the Council needs your information and how the Council uses it
When you have requested to or entered into a property transaction with the Council or requested information about the Council’s land or if we intend to process your personal data for a purpose other than that for which the personal data was collected, we shall provide you details of that other purpose before we start processing your data.
The Council does not sell your personal information to anyone else.
What is the legal process for collecting and processing this data
Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:
- UK GDPR Article 6(1)(a) Consent
- UK GDPR Article 6 (1) (b) Contract – we collect and lawfully process your personal data for the necessary performance of a contract
- UK GDPR Article 6 (1) (c) Legal Obligation – we collect and lawfully process your personal data under the following legislations:
- The Landlord and Tenant Act 1954
- RICS Service Charge Guidance Note
- Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
- UK GDPR Article 6 (1) (e) Public Task – we collect and lawfully process your personal data as it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
What type of information is collected from you
Personal details, which may include:
- Other contact details – email address and telephone number
- Financial details
The above list is not exhaustive. The Council will only ask for personal information that is appropriate to enable us to deliver our services. In some cases you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that, this may impact on our ability to provide some services to you.
Who your information may be shared with (internally and externally)
- Internal Council Departments i.e. Finance or Non-Domestic Rates
- Land Registry
- Financial Institutions such as Banks, Building Societies, Credit Check Agencies
- Utility Suppliers such as Electric/Gas, Water or Sewerage suppliers.
- The Council’s consultants or contractors
We will use your information for the purpose of performing all statutory duties related to property transactions. We will make any disclosures required by law and may also share this information with other bodies responsible for administering public funds.
Your information will not be disclosed to any other organisations, except where the council is required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.
The Council will not share your information with third parties for marketing purposes.
How long the Council keeps your information (retention period)
We will only keep your personal data for as long as we need to in order to fulfil the purpose[s] for which it is collected and for so long afterwards as we consider it may be required to deal with any questions or complaints about the service which we provide to you (for property interests this is a period of six years after the expiry of the agreement), unless we elect to retain your data for a longer period in order to comply with our legal and regulatory obligations.
Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.
How the Council protects your information
Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the council’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our council sites require a personal electronic pass to access staff only areas. The Council has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.
If you use your credit or debit card to make payments, the Council passes your card details securely to our payment processing partner as part of the payment process. The Council does this in accordance with the Payment Card Industry Security Standard and does not store the details on its website. The information you give to the Council when using our online payment system will only be used for the recording of your payment
The Council will not transfer your personal data outside the EU without your consent.
The Council have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
The Council will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
You have the following rights under the Data Protection Legislations:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances
- To object to or restrict how your personal data is processed
- To have your personal data transferred to yourself or to another business in certain circumstances
- To be told if the Council have made a mistake whilst processing your data and the Council will self-report breaches to the Commissioner.
How you can access, update or correct your information
The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.
If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
The accuracy of your information is important to us to be able to provide relevant services more quickly. The Council is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information the Council holds is inaccurate or out of date, please email us or write to us at:
Property and Estate Management
Cotswold District Council
Council Offices, Cirencester, GL7 1PX
If you would like to know more about how the Council uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at email@example.com
For more information about data protection please visit: www.cotswold.gov.uk/about-the-council/council-data-and-access-to-information/data-protection/
If you are concerned about the way the Council is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/
The Council reserve the right to update this privacy notice from time to time by publishing a new version on our website.