Privacy

Hart District Council is committed to looking after the information we hold about you and respecting your rights when you use our services. This Privacy Notice and the four department specific Privacy Notices explain how.

Hart District Council is registered as a Data Controller with the Information Commissioner’s Office (ICO). The Council’s registration number is Z6421908 and the Electoral Registration Officer’s registration number is Z6770403.

For more information on your data protection rights, including how to make a request, visit our Right to Know webpage.

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer by emailing data.protection@hart.gov.uk or calling 01252 622122 and asking to speak to the Data Protection Officer.

Personal information we may collect

As a Local Authority we provide a wide range of services from dealing with abandoned vehicles to the collection of waste and recycling, see our A-Z of services for a full list.

For the majority of these services we will only collect personal information such as contact details, but for certain services we need to collect additional information. In some instances this will be more sensitive information about you and where necessary information concerning children. We will make it clear to you when we need additional information, and the reasons why we need it. Our principle to only hold information that is needed for as long as it is needed, and to keep that information safe, will remain the same for all personal information we hold.

We may also receive information about you from third parties such as other public bodies or from information you provide to us via social media. Such information will be treated in line with the principles in this privacy notice and the four department specific privacy notices below.

• Community Services Privacy Notice
• Corporate Services Privacy Notice
• Regulatory Services Privacy Notice
• Technical and Environmental Privacy Notice

How we use your personal information

We use the personal information we collect to:

• deliver services to you
• manage those services we provide to you
• recruit, train and manage the employment of our workers who deliver those services
• help investigate any worries or complaints you have about your services
• keep track of spending on services
• check the quality of services
• help with research and planning of new services

Where we can, we will only collect and use personal information if we need it for a specific reason, such as to deliver a service or meet a requirement. For example, in a survey we may not need your contact details, so we’ll only collect your survey responses.

If we use your personal information for research and analysis, we’ll always keep you anonymous, unless you’ve agreed that your personal information can be used for that research.

The lawful basis for our use of your information

For the majority of the services we provide, the lawful basis for us holding and using the personal information we collect, is in order to carry out a Public Task. These are often tasks that are set out by legislation, which instruct Local Authorities on how and what services they must deliver. For example, if you are a resident in Hart then it is likely that we will need to collect your personal details for you to be on the electoral role as part of a public task.

There are some services we provide where you will have different rights about the information you provide. We will make these exceptions clear, but one example is joining the mailing list for our business newsletter, where we will ask for your consent. Further detail is provided about such exceptions in this privacy notice.

If you would like to find out more about the different lawful basis for use of your information, the Information Commissioner’s Office provides further detail.

To help with some of the wording of GDPR please see our terminology guide.

How the law allows us to use your personal information

There are a number of legal reasons why we need to collect and use your personal information. Data protection law calls this the ‘lawful basis’ for processing.

Generally, we collect and use personal information where:

• you, or your legal representative, have given consent
• you have entered into a contract with us
• it is necessary to perform our statutory duties or to exercise our ‘official authority’
• it is necessary to protect someone in an emergency
• it is required by law
• it is necessary for employment purposes
• you have made your information publicly available
• it is necessary for legal cases or enforcement action
• it is in the public interest
• it is necessary to protect public health
• it is necessary for archiving, research, or statistical purposes

If we have consent to use your personal information, you have the right to remove it at any time.

As a Public Body we will often be processing your data to perform our statutory duties or to exercise our ‘official authority’, so consent will not be required in this instance and therefore cannot be removed.

What can you do with your information?

The law gives you a number of rights to control what personal information is used by us and how it is used. For full detail about all of the rights you have view our guide to what you can do with your information.

1. You can ask to be informed about the collection and use of your personal data 
2. You can ask for access to the information we hold on you
3. You can ask to change information you think is inaccurate
4. You can ask to delete information (right to be forgotten)
5. You can ask to limit what we use your personal data for
6. You can ask to have your information moved to another provider (data portability)

Who do we share your information with?

We use a range of organisations to store personal information or help deliver our services to you. This means that we need to share your personal information to make sure that you can get access to the services you need. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.

Where necessary we may complete a Data Protection Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.

We may also share your personal information:

• when there is a legal duty to do so
• in order to find and stop crime and fraud
• if there are serious risks to the public, our staff or to other professionals
• to safeguard the protection of a child to protect adults who are thought to be at risk

For all of these reasons the risk must be serious before we can override your right to privacy.

There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we have done and why, if we think it is safe to do so.

How do we protect your information?

We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of security measures include:

• Encryption, meaning that information is hidden so that it cannot be read without special knowledge such as a password
• Pseudonymisation, meaning that we’ll use a different reference number or code so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was you
• Controlling access to systems and networks, for example by using password protection and secure firewalls. This allows us to stop people who are not allowed to view your personal information from getting access to it
• Regular testing of our technology and ways of working, including keeping up to date on the latest security updates
• Training for our staff allows us to make them aware of how to handle information and how to report when something goes wrong

Where is your information stored?

The majority of personal information is stored on systems within the EEA.

We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.

How long do we keep your personal information?

There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our Retention Schedule.

For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades, for more sensitive records. When data and information reaches the end of the retention period it will be deleted or securely destroyed.