Mid Devon District Council is registered as a data controller with the Information Commissioner’s Office (registration number Z5826451).
Contact details for the Council’s data controller are:
Data Protection Officer
Mid Devon District Council
Phoenix House Phoenix Lane Tiverton EX16 6PP
Purpose of Processing Personal information
As a local authority, the council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.
If you use a specific council service, we will usually let you know how that service will use your personal information via a separate privacy notice.
The Data Protection Act 2018 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
We will usually seek your consent prior to processing or sharing your information, If you object you must inform the council, however, if there is a legal reason, as outlined under the Data Protection Act, we may not require your consent, e.g.
- To protect a child, a vulnerable adult, or member of the public
- Where the disclosure is necessary for the purposes of the prevention and/or detection of crime.
- Tax or duty assessment
- Required by court or law
Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
Categories of personal data
We process: Personal information relating to identified natural persons used to deliver services such as:
- Human resources, planning applications, access to information requests, legal claims, customer services, parking services and more.
- Sensitive information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life.
- Health and wellbeing information. All local authorities have a duty to improve the health of the population they serve.
To ensure that the council provides you with an efficient and effective service we will sometimes need to share your information between teams within the council as well as with our partner organisations that support the delivery of the service you may receive, for example:
- Other Councils
- Fire Service
- Voluntary organisations
We will also need to supply your information to organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
We will never share your information for marketing purposes.
Before sharing information the council will ensure that:
- Privacy Notices are completed if appropriate.
- Technical security such as encryption and access controls are in place to keep information secure.
- Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
- Data Protection Impact Assessments are completed to assess any risks or potential negative effects.
- Common retention periods and deletion arrangements are set for the information.
- Subject access rights are catered for.
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA) or “third country” outside the EEA where the Information Commissioner’s Office has decided that the third country ensures an adequate level of protection such as Australia and the U.S.A.
This site contains links to other sites. Mid Devon District Council is not responsible for the privacy practices or the content of these sites and while we monitor and review the sites we are linked with we cannot fully endorse or be responsible for any losses resulting from any externally linked sites.
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by necessity. Once your information is no longer needed it will be securely and confidentially destroyed.
Mid Devon District Council has a Records Management Policy which sets out the principles and gives guidance about record retention for all data we hold.
The retention periods quoted on service specific privacy notices are minimums only and our records are reviewed at the end of any quoted time.
Records are considered both individually and in relation to business centres as a whole. The purpose, value, and corporate significance are also considered.
Collecting Information Automatically
Use of IP addresses
Mid Devon District Council collects IP addresses only for the purposes of system administration and to audit the use of our site. We do not link IP addresses to anything personally identifiable, which means that while your user session will be logged, you will remain anonymous to us.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
When someone visits Mid Devon District Council websites we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.
We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Information Security incident
Should you wish to report an information security incident you can contact our data protection officer at: email@example.com
Questions and further information
If you have any questions or communications about this statement you can contact us at: firstname.lastname@example.org
Further information about data protection and privacy matters can be found on the Information Commissioner's website.