Privacy Policy statement

Personal information, including special category and criminal conviction personal data for Swindon Borough Council under the Data Protection Act 2018.

This is the “appropriate policy statement” for Swindon Borough Council that sets out how we will protect special category and criminal convictions personal data.

It meets the requirement at paragraph 1 of Schedule 1 to the Data Protection Act 2018, that an appropriate policy document be in place where the processing of special category personal data is necessary for the purposes of performing, or exercising obligations or rights which are imposed or conferred by law on the controller, or the data subject in connection with employment, social security or social protection.

It also meets the requirement at paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be processed for reasons of substantial public interest are set out at paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018.

Procedures for securing compliance

Article 5 of the General Data Protection Regulation sets out the Data Protection Principles. These are our procedures for ensuring that we comply with them.

Principle 1

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

Swindon Borough Council will:

  • ensure that personal data is only processed where a lawful basis applies, and where processing is otherwise lawful
  • only process personal data fairly, and will ensure that data subjects are not misled about the purposes of any processing
  • ensure that data subjects receive full privacy information so that any processing of personal data is transparent

Principle 2

Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Swindon Borough Council will:

  • only collect personal data for specified, explicit and legitimate purposes, and we will inform data subjects what those purposes are in a privacy notice
  • not use personal data for purposes that are incompatible with the purposes for which it was collected. If we do use personal data for a new purpose that is compatible, we will inform the data subject first

Principle 3

Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Swindon Borough Council will only collect the minimum personal data that we need for the purpose for which it is collected. We will ensure that the data we collect is adequate and relevant.

Principle 4

Personal data shall be accurate and, where necessary, kept up to date.

Swindon Borough Council will ensure that personal data is accurate, and kept up to date where necessary. We will take particular care to do this where our use of the personal data has a significant impact on individuals.

Principle 5

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Swindon Borough Council will only keep personal data in identifiable form as long as is necessary for the purposes for which it is collected, or where we have a legal obligation to do so. Once we no longer need personal data it shall be deleted or rendered permanently anonymous.

Principle 6

Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Swindon Borough Council will ensure that there are appropriate organisational and technical measures in place to protect personal data.

Accountability principle

The Data Controller shall be responsible for, and be able to demonstrate compliance with these principles. Our Data Protection Officer is responsible for ensuring that Swindon Borough Council’s compliance is monitored in accordance with these principles.

We will:

  • ensure that records are kept of all personal data processing activities, and that these are provided to the Information Commissioner on request
  • ensure a Data Protection Impact Assessment for any high risk personal data is undertaken and consult the Information Commissioner if appropriate
  • ensure that a Data Protection Officer is appointed to provide independent advice and monitoring of the Council departments’ personal data handling, and that this person has access to report to the highest management level of the department
  • have in place internal processes to ensure that personal data is only collected, used or handled in a way that is compliant with data protection legislation.

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Officer, Stephen Maskell, at DataProtection@Swindon.gov.uk

Data Controller’s policies as regards retention and erasure of personal data

We will ensure, where special category or criminal convictions personal data is processed, that:

  • there is a record of that processing, and that record will set out, where possible, the envisaged time limits for erasure of the different categories of data
  • where we no longer require special category or criminal convictions personal data for the purpose for which it was collected, we will delete it or render it permanently anonymous
  • data subjects receive full privacy information about how their data will be handled, and that this will include the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

Further information

Swindon Borough Council is committed to using your personal information in accordance with the Data Protection Act and General Data Protection Regulation. Please see our Privacy Notice

If you have a concern or issue regarding how we are using your information, we would ask you to contact us in the first instance using the address below:

Information Governance
Swindon Borough Council
Civic Offices, Euclid Street
Swindon
SN1 2JH 

Alternatively, you can email us with your question at dataprotection@swindon.gov.uk.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House 
Water Lane 
Wilmslow
Cheshire
SK9 5AF 

Telephone 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. Alternatively, visit the ICO website or email casework@ico.org.uk

Was this information helpful?

Help us improve swindon.gov.uk

Please don't include personal information such as your name and address.