The Data Controller who is processing your personal data is Dumfries and Galloway Council.
Who are we?
Dumfries and Galloway Council is a local authority established under the Local Government etc. (Scotland) Act 1994. Our head office is located at Dumfries and Galloway Council Headquarters, English Street, Dumfries, DG1 2DD.
You can contact our Data Protection Officer by post at this address or by email at firstname.lastname@example.org and by telephone on 0303 333 3000.
Why do we need your personal information and what will we do with it?
We need you to give us your personal information to allow us to provide services to you as the local authority for Dumfries and Galloway. We will use your information to verify your identity where required, contact you by post, email or telephone and to maintain our records.
For many areas of activity, we also receive information from third parties. This is mainly from other public authorities such as the police and court service, HM Revenues and Customs and the Department for Work and Pensions. However, it could also be from other local authorities and from members of the public. Details of how this information is passed between us all is given in the specific privacy statements relating to functions where we routinely receive information from third parties.
What is our legal basis for using your information?
The precise legal basis for us using your personal information will vary depending on which service we are providing to you. However, in most cases this will be because it is necessary for us to use your personal information to perform a task carried out in the public interest by us. If we are using your personal information on a different basis to this, this will be explained in the specific privacy statements relating to those functions.
If we are using your information because:
- It is required for us to have a contract with you, or
- You have consented to give it
Then if you do not provide us with the information we have asked for, we will not be able to provide that service to you.
For some activities, we also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018. It is necessary for us to process this more sensitive information for many reasons, these include:
- To carry out key functions as set out in law
- To meet our legal obligations in relation to employment
- To protect your vital interests or the vital interests of others in circumstances where we will not be able to seek your consent
- Where this is necessary for the establishment, exercise or defence of legal claims
- management of health and social care systems and services where this is necessary in the public interest in the area public health
- For archiving, research and statistical purposes
Who do we share your information with?
We are legally obliged to safeguard public funds, so we are required to verify and check your details internally and across the Council services to prevent fraud- and we may share this information with other public bodies for the same purpose.
We are also legally obliged to share certain data with other public bodies, such as HMRC and will do so where the law requires this. In general, we will also comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and appropriate.
The integration of health and social care in terms of the Public Bodies (Joint Working) (Scotland) Act 2014 means the Council shares personal information with the health board and the Integration Joint Board, Dumfries and Galloway Health and Social Care Partnership. It also means public bodies will mutually share information with the Council.
Your information is also analysed internally to help us improve our services.
Information is also shared across Council services.
Almost all Council data is held within the UK. Any overseas data transfers require additional internal approvals. If we need to transfer your personal information overseas in relation to an activity, this will be explained in a specific privacy statement relating to that function along with a description of the protective measures we have in place to keep it secure.
How long do we keep your information for?
We only keep your personal information for the minimum of time necessary. Sometimes this time is set out in the law, but in most cases, it is based on our business need. We maintain a records retention schedule which sets out how long we hold different types of information for.
What are your rights under data protection law?
Access to information - you have the right to request a copy of the personal information that we hold about you.
Correcting your information - we want to make sure that your personal information is accurate, complete and up to date. Therefore, you may ask us to correct any personal information about you that you believe does not meet these standards.
Deleting your information - you have the right to ask us to delete personal information about you where:
- You think that we no longer need to hold the information
- We are using that information with your consent and that you have withdrawn your consent
- how we may use your information' below
- Our use of your personal information is contrary to law or our other legal obligations
Objecting to how we may use your information - you have the right at any time to tell us to stop using your personal information for direct marketing purposes.
Restricting how we may use your information - in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of information. This right might also apply if we on longer have a basis for using your personal information- but you don't want us to delete the data. Where this right is realistically applied will mean that we may only use relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent to use your information - where we use personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for that purpose(s) for which consent was given.
Please contact the Data Protection Officer if you wish to carry out any of these rights.
We may use automated decision-making processes but very little use of profiling. Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated-decision making.
We aim to directly resolve all complaints about how we handle personal information, you can contact the Council's Data Protection Officer by email email@example.com or by telephone 0303 333 3000.
You also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office, who can be contacted at:
Information Commissioner's Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Visit their website for more information: https://ico.org.uk/concerns
This privacy statement was last updated 27 June 2018.