Privacy Notices - Borrow a Bike Scheme Privacy Notice
You need to be aware of this Privacy Notice if you are applying to Borrow a Bike through the Swindon Borough Council scheme.
- What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
Swindon Borough Council is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the Data Protection Act 2018 (DPA 2018).
- What personal data do we collect?
We need to collect your contact details, such as name, address, telephone number and email in order to contact you regarding the bike you wish to borrow.
We also ask your height in order to assign you the correct size of bike, and whether you are over 18 to accord with the Bike Hire Agreement regulations.
- How do we process your personal data?
Swindon Borough Council complies with its obligations under the DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Why do we need your personal information?
We collect your data to manage your application for, and use of, a bicycle through the Borrow a Bike scheme.
We may also analyse your usage of the bike through cycle mileage calculators in order to report anonymised statistics to the funder of the scheme and other stakeholders.
- How the law allows us to use your information?
In accordance with article 6 of the GDPR, data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
- Who do we share your information with?
We will not share your personal data except to prevent fraud or if required to do so by law. We take the security of your personal data seriously. We have internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
- How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'.
- pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
- How long do we keep your personal information?
In accordance with the Borough Council Data Retention and Disposal policy your data will be kept for the duration of the loan period, and a maximum of 2 years after the last recorded action.
- What you can do with your information?
You have a number of rights.
- access and obtain a copy of your data on request (Subject Access Request)
- require the Council to change incorrect or incomplete data
- require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where the Council is relying on its legitimate interests as the legal ground for processing
If you would like to exercise any of these rights, please contact the Council’s Data Protection Officer, Civic Offices, Euclid Street, Swindon SN1 2JH or email DataProtection@swindon.gov.uk.
If you believe that the Council has not complied with your data protection rights, you can complain to the Information Commissioner at www.ico.org.uk.
- Your right to complain
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk. You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
- Main privacy notice
You are viewing the Privacy Notice for The Register Office.