Privacy Notices - Council cyber-emergency and business continuity essential contact details register Privacy Notice
- Introduction
-
You need to be aware of this Privacy Notice when sharing your personal information for the purposes of creating and maintaining the council’s cyber-emergency and business continuity contact details register.
- What is a Privacy Notice?
-
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used, protected and shared.
- Who is collecting and using your personal data?
-
Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data is processed in line with our obligations under the Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
To find out more about Swindon Borough Council’s data protection policies please contact our Data Protection Officer. dataprotection@swindon.gov.uk or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire, SN1 2JH.
- Your personal data – what is it?
-
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
- What personal data do we collect?
-
We will collect the following:
- Your name
- A personal non-SBC email address that you are happy to be used in the event of a Council-related cyber-emergency
- A non-SBC mobile, or home number that you are happy to be used in the event of a Council-related cyber-emergency
- Your address, if you don’t have out of office printing facilities and want the cyber-emergency response pack sent to you by post
- How do we process your personal data?
-
Swindon Borough Council complies with its Data Protection obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Why do we need your personal information?
-
Your personal data is required for the purposes of creating and maintaining the council’s cyber-emergency and business continuity contact details register.
- How the law allows us to use your information?
-
The lawful basis which allows us to process your data is legitimate interest.
- It is in the legitimate interest of Swindon Borough Council as a business and employer that operations should continue in the event of a cyber-incident
- It is also in the legitimate interests of Swindon Borough Council’s employees, service users and customers, to ensure their safety in the event of a cyber-incident
- Who do we share your information with?
-
Your data will not be shared with anyone outside of the council cyber-emergency and business continuity essential contact details register group.
- How do we protect your information?
-
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.
- How long do we keep your personal information?
-
We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you as your employer.
We will securely delete or erase your personal information if there is no valid business reason for retaining your data.
- What you can do with your information?
-
The law gives you a number of rights to control what personal information is used by us and how it is used by us.
- You can ask for access to the information we hold on you
- You can ask to change any information you think is inaccurate
- You can ask to delete your information (right to be forgotten)
- You can ask us to limit what we use your personal data for
- Your right to complain
-
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer DataProtection@swindon.gov.uk and clearly outline your case. Your complaint will then be investigated in accordance with our Data Protection complaint procedures.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk
You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AFEmail: casework@ico.org.uk
- What if you do not provide personal data?
-
You are under no statutory obligation to provide your personal data to Swindon Borough Council, however, if you do not provide the requested data, we may not be able to meet our obligations to you or other employees, or to our service users and customers in the event of a cyber-emergency.
- How will we ensure compliance?
-
A yearly audit will take place on this register of personal data to ensure that we remain legally compliant in accordance with current data protection legislation.
- Main privacy notice
-
You are viewing the Privacy Notice for the Council cyber-emergency and business continuity essential contact details register.
Read the main Privacy Notice