Privacy Notices - DSE equipment - click and collect or delivery Privacy Notice

Introduction

You need to be aware of this Privacy Notice if you are completing a DSE equipment - click and collect or delivery form.

What is a Privacy Notice?

A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.

Who is collecting and using your personal data?

Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us.

We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
 

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

What personal data do we collect?

We will collect the following:

  • Your name, address and contact details, as well as email address and telephone number
  • If you don’t have an SBC email account, we will ask for your personal email address so we can keep in touch with you regarding your collection or delivery
How do we process your personal data?

We comply with our obligations under the GDPR. This means it keeps personal data up to date; stores and destroys it securely; does not collect or retain excessive amounts of data; protects it from loss, misuse, unauthorised access and disclosure; ensures that appropriate technical measures are in place to protect it.

Why do we need your personal information?

So we are able to arrange collection or delivery of DSE equipment.

How the law allows us to use your information?

You are giving us your personal information to allow us to effectively manage your employment relationship with Swindon Borough Council and for us to meet our obligations to you as an employer.

We are able to process such employee information on the basis of our general duty to provide a safe and secure working environment under the Health and Safety at Work etc. Act 1974 and it being necessary for the performance of a contract with you.
 

Who do we share your information with?

This data will be shared with your line manager and members of the HR & OD, Recovery Planning teams, Business Support Unit, IT, Internal delivery staff and the Council’s contracted courier (DPD).

How do we protect your information?

We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.

Examples of our security include:

  • encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'.
  • pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
  • controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
  • ensuring our contracted suppliers keep your person information secure

 

How long do we keep your personal information?

Once you have your equipment, your personal information will be cleared down.

What you can do with your information?

You have a number of rights.

You can:

  • access and obtain a copy of your data on request (Subject Access Request)
  • require the Council to change incorrect or incomplete data
  • require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • object to the processing of your data where the Council is relying on its legitimate interests as the legal ground for processing

If you would like to exercise any of these rights, please contact the Council’s Data Protection Officer, Civic Offices, Euclid Street, Swindon SN1 2JH or email DataProtection@swindon.gov.uk.
 

Your right to complain

If you believe that the Council has not complied with your data protection rights, you can complain to the Information Commissioner at www.ico.org.uk.

What if you do not provide personal data?

We may not be able to fulfil our obligations to you as an employer.

How will we ensure compliance?

A yearly audit will take place on personal data to ensure that we remain legally compliant in accordance with current data protection legislation.

Main privacy notice

You are viewing the Privacy Notice for completing a DSE equipment - click and collect or delivery form.

Read the main Privacy Notice