Privacy

Hart District Council (the Council) is committed to looking after the information we hold about you and respecting your rights when you use our services. This Privacy Notice and the four department-specific Privacy Notices explain how.

The Council is registered as a Data Controller with the Information Commissioner’s Office (ICO). The Council’s registration number is Z6421908 and the Electoral Registration Officer’s registration number is Z6770403.

For more information on your data protection rights, including how to make a request, visit our Right to Know webpage.

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer by emailing data.protection@hart.gov.uk or calling 01252 622122 and asking to speak to the Data Protection Officer.

Personal information we may collect

As a Local Authority we provide a wide range of services from dealing with abandoned vehicles to the collection of waste and recycling, see our A-Z of services for a full list.

For the majority of these services we will only collect personal information such as contact details, but for certain services we need to collect additional information. In some instances this will be more sensitive information about you and where necessary information concerning children. We will make it clear to you when we need additional information, and the reasons why we need it. Our principle to only hold information that is needed for as long as it is needed, and to keep that information safe, will remain the same for all personal information we hold.

We may also receive information about you from third parties such as other public bodies or from information you provide to us via social media. Such information will be treated in line with the principles in this Privacy notice and the three department-specif privacy notices below:

How we use your personal information

We use the personal information we collect to:

deliver services to you
manage those services we provide to you
recruit, train and manage the employment of our staff who deliver those services
help investigate any worries or complaints you have about your services
keep track of spending on services
check the quality of services
help with research and planning of new services

Where we can, we will only collect and use personal information if we need it for a specific reason, such as to deliver a service or meet a requirement. For example, in a survey we may not need your contact details, so we’ll only collect your survey responses.

If we use your personal information for research and analysis, we’ll always keep you anonymous, unless you’ve agreed that your personal information can be used for that research.

The lawful basis for our use of your information

For the majority of the services we provide, the lawful basis for us holding and using the personal information we collect, is in order to carry out a Public Task. These are often tasks that are set out by legislation, which instruct Local Authorities on how and what services they must deliver. For example, if you are a resident in Hart then we may collect your personal details to assist you to access housing and wider support services as part of a Public Task.

There are some services we provide where you will have different rights about the information you provide. We will make these exceptions clear, but one example is signing up for e-mail alerts for planning applications, where we will ask for your consent. Further detail is provided about such exceptions in this Privacy Notice.

If you would like to find out more about the different lawful bases for use of your information, the Information Commissioner’s Office provides further detail.

To help with some of the wording of GDPR please see our UK GDPR terminology guide.

How the law allows us to use your personal information

There are a number of legal reasons why we need to collect and use your personal information. Data protection law calls this the ‘lawful basis’ for processing.

Generally, we collect and use personal information where:

you, or your legal representative, have given consent
you have entered into a contract with us
it is necessary to perform our statutory duties or to exercise our ‘official authority’
it is necessary to protect someone in an emergency
it is required by law
it is necessary for employment purposes
you have made your information publicly available
it is necessary for legal cases or enforcement action
it is in the public interest
it is necessary to protect public health
it is necessary for archiving, research, or statistical purposes

If we have consent to use your personal information, you have the right to remove it at any time.

As a Public Body we will often be processing your data to perform our statutory duties or to exercise our ‘official authority’, so consent will not be required in this instance and therefore cannot be withdrawn.

What can you do with your information?

The law gives you a number of rights to control what personal information is used by us and how it is used. For full detail about all of the rights you have, view our guide to what you can do with your information.

1.   You can ask to be informed about the collection and use of your personal data
2.   You can ask for access to the information we hold on you
3.   You can ask to change information you think is inaccurate
4.   You can ask to delete information (right to be forgotten)
5.   You can ask to limit what we use your personal data for
6.   You can ask to have your information moved to another provider (data portability)
7.   You can object to how your information is being used
8.   You have rights in relation to automated decision making and profiling

Who do we share your information with?

We use a range of organisations to store personal information or help deliver our services to you. This means that we need to share your personal information to make sure that you can get access to the services you need. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.

Where necessary we may complete a Data Protection Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.

We may also share your personal information:

when there is a legal duty to do so
in order to find and stop crime and fraud
if there are serious risks to the public, our staff or to other professionals
to safeguard the protection of a child to protect adults who are thought to be at risk

For all of these reasons the risk must be serious before we can override your right to privacy.

There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we have done and why, if we think it is safe to do so.

How do we protect your information?

We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of security measures include:

Encryption, meaning that information is hidden so that it cannot be read without special knowledge such as a password
Pseudonymisation, meaning that we’ll use a different reference number or code so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was you
Controlling access to systems and networks, for example by using password protection and secure firewalls. This allows us to stop people who are not allowed to view your personal information from getting access to it
Regular testing of our technology and ways of working, including keeping up to date on the latest security updates
Training for our staff allows us to make them aware of how to handle information and how to report when something goes wrong

Where is your information stored?

The majority of personal information is stored on systems within the UK.

We’ll take all practical steps to make sure your personal information is not sent to an unsecure third country. A secure third country is one for which the European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision.

How long do we keep your personal information?

There’s often a legal reason for keeping your personal information for a set period of time; we try to include all of these in our Retention and Disposal Schedule.

For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades, for more sensitive records. When data and information reaches the end of its retention period it will either be reviewed, securely disposed of or the personal data anonymised.

Where can I get advice?

If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer by emailing data.protection@hart.gov.uk or calling 01252 622122 and asking to speak to the Data Protection Officer.

For independent advice about data protection, privacy and data sharing issues, or to make a complaint about how the Council has handled your personal information, you can contact the Information Commissioner’s Office by emailing icocasework@ico.org.uk, calling 0303 123 1113 or visiting ico.org.uk.

Councillor email

All Councillors have their own secure Hart District Council email account.

Microsoft Teams

Please see our Microsoft Teams Privacy Notice for how we process personal data provided in connection with the use of Microsoft Teams for communication and collaboration purposes.

Data Control

Councillors are Data Controllers for the purpose of processing the personal data of constituents who contact them as their Ward Councillor.

National Fraud Initiative

The Council regularly participate in national data matching exercises to identify individuals who may be defrauding the public purse. Data matching involves comparing computer records we hold – that usually contain personal information – with those held by others. For more information about data matching and our involvement please read our National Fraud Initiative privacy notice.

Appropriate Policy Document

The Data Protection Act 2018 outlines the requirement for an Appropriate Policy Document to be in place when processing special category and criminal offence data under certain specified conditions.

Cookies

Please read our Cookie policy for information on how and why we use Cookies.

Security

While we strive to keep the information that you supply secure, please be aware that the Internet is not a fully secure medium.

Policy Changes

Any changes to this Privacy Notice will appear on this web page.

Personal information we may collect

Where can I get advice?

Councillor email

Microsoft Teams

Data Control

National Fraud Initiative

Appropriate Policy Document

Cookies

Security

Policy Changes

Cookie preferences

Necessary cookies

Privacy

Personal information we may collect

Where can I get advice?

Councillor email

Microsoft Teams

Data Control

National Fraud Initiative

Appropriate Policy Document

Cookies

Security

Policy Changes

Cookie preferences

Necessary cookies

Analytics/Performance cookies