Privacy Notices - Data Protection Subject Access Requests (SAR) Privacy Notice
You need to be aware of this Privacy Notice if you are making a Subject Access Request for personal information under the Data Protection Act 2018 and/or the General Data Protection Regulation 2016/679 (GDPR)
- What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation, which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
Swindon Borough Council is the data controller. The data controller decides how your personal data is processed and for what purposes.
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and the Data Protection Act 2018 (the “DPA”).
- What personal data do we collect?
When you contact us, we will collect certain personal information from you in order for us to process your request, for example your name and relevant contact details, which may include your address, email address and/or telephone number. This is to ensure that we are able to respond to your enquiry. If you choose not to provide some of the required information, we may not be able to progress your request for information.
- How do we process your personal data?
The information you provide will be used to administer and process your request, including via the Council’s MyAccount website portal. We will not share your data with any third party except where explicitly stated, or where we are required to do so by law.
- How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'
- pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
- How long do we keep your personal information?
We keep your personal data related to the request for 3 years after a request has been made.
- What you can do with your information?
The law gives you a number of rights to control what and how your personal data is used by us.
- Your right to complain
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer, or email us at DataProtection@swindon.gov.uk and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk. You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
The ICO’s website also contains information on data protection and your rights and remedies.
- Main privacy notice
You are viewing the Privacy Notice for Data Protection Subject Access Requests (SAR).