GDPR (Data Protection)

Privacy notice

We are committed to protecting your privacy when you use our services.

When we use your personal data, we are the data controller.

As a data controller, we must:

  • only keep data we need to provide services and do what the law says we must
  • keep your records safe and accurate
  • only keep your data as long as we have to
  • collect, store and use your data in a way that does not break any data protection laws

This Privacy Notice explains how we use information about you and how we protect your privacy.

Personal Information

Personal information can be anything that identifies and relates to a living person. This includes information that when put together with other information can identify someone. For example, your name and contact details.

Some information is special and needs more protection due to its sensitivity. This is likely to include anything that reveals your:

  • sexuality and sexual health
  • religious and philosophical beliefs
  • ethnicity
  • physical or mental health
  • trade union membership
  • political opinion
  • genetic or biometric data
  • criminal history

Using your personal data

We will use your data to:

  • provide Council services and anything we must do by law
  • carry out our regulatory, licencing and enforcement roles which we have to do by law
  • make payments, grants and benefits and sport fraud
  • listen to your ideas about our services
  • tell you about our services

Find out how our services use your data and why

If we have consent to use your personal information, you have the right to remove it at any time.

Reasons for collecting your information

There are several legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:

  • you or your legal representative have given consent
  • you've entered into a contract with us
  • it's necessary to perform our statutory duties
  • it's necessary to protect someone in an emergency
  • it's required by law
  • it's necessary for employment purposes
  • it's necessary to deliver health or social care services
  • you've made your information publicly available
  • it's necessary for legal cases
  • it's to the benefit of society as a whole
  • it's necessary to protect public health
  • it's necessary for archiving, research or statistical purposes

Our main statutory duties are set out in the Local Government Acts and the Localism Act 2011, but there are hundreds more.

View a list of all local authority statutory duties on GOV.UK

We only use what we need

Where we can, we'll only collect and use personal information if we need it to deliver a service or meet a requirement.

If we don't need personal information, we'll either keep you anonymous (if we already have it for something else) or we will not ask you for it. For example, in survey we may not need your contact details - we'll only collect your survey responses.

If we use your personal information for research and analysis, we'll always keep you anonymous or use a different name, unless you've agreed that your information can be used for that research.

We do not sell your personal information to anyone else.

Your information rights

The law gives you a number of rights to control what personal information is used by us and how it's used by us - visit the page on your rights in this guide for more information.

Who we share your information with

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements, there's always an agreement in place to make sure the organisation complies with data protection law.

We’ll often complete a Data Privacy Impact Assessment before we share personal information, to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including if:

  • we take a child into care
  • the court orders that we provide the information
  • someone is taken into care under mental health law

We may also share your personal information if we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:

  • to find and stop crime and fraud
  • if there are serious risks to the public, our staff or other professionals
  • to protect a child
  • to protect adults who are thought to be at risk - for example if they're frail, confused or cannot understand what's happening to them

The risk must be serious before we can override your right to privacy.

If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and if possible, get your permission to tell others about your situation before doing so.

We may still share your information if we believe the risk to others is serious enough to do so.

There may also be rare occasions when the risk to others is so great that we need to share information straight away.

If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why, if we think it's safe to do so.

How we protect your information

We'll do what we can to make sure paper and electronic records are held in a secure way. We'll only make them available to people who have a right to see them.

Examples of our security include:

  • encryption - information is hidden so it cannot be read without special knowledge, like a password. This is done with a secret code (cypher)
  • pseudonymisation - we'll use a different name so we can hide parts of your personal information from view. This means someone out the Council could work on your information for us, without knowing it's yours
  • controlling access to systems and networks allows us to stop people who are not allowed to view your personal information gaining access to it
  • training our staff on how to handle information and how to report when something goes wrong
  • regularly testing our technology and ways of working, including keeping up to date on the latest security updates (patches)

Where you information is stored in the world

The majority of personal information is stored on systems in the UK.

There are some occasions where your information may leave the UK to get to another organisation or if it's store in a system outside the EU.

We have additional protections on your information if it leaves the UK, ranging from secure data transfers to making sure we have robust contracts in place with third parties.

We'll take all practical steps to make sure your personal information is not sent to country that's not seen as 'safe' by the UK or EU governments.

If we need to send your information to an unsafe location, we'll always seek advice from the Information Commissioner first.

How long we keep your information for

There's often a legal reason for us to keep your information for a set period of time. We try to include these in our Data Retention Schedule.

Data Breaches

To report a data breach, please email us at dataprotection@rutland.gov.uk or write to:

Information Governance
Rutland County Council
LE15 6HP

Data Incident Response Policy

Where to get advice

Our Data Protection Officer makes sure we respect your rights and follow the law.

If you have any concerns or questions about how we look after your personal information, contact our Data Protection Officer at dataprotection@rutland.gov.uk or by calling 01572 758 265.

For independent advice about data protection, privacy and data sharing issues, contact the Information Commissioner’s Office (ICO) online at Information Commissioner's Office, email casework@ico.org.uk or call: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

You can also write to:

Information Commissioner's Office
Wycliffe House
Water Lane

Was this page useful?