Privacy notice

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR.

This privacy notice tells you what to expect us to do with your personal information when you contact with us or use one of our services.

Contact our Data Controller:

Data Controller,
Buckinghamshire Council,
The Gateway,
Gatehouse Road,
Aylesbury,
HP19 8FF

Contact our Data Protection Officer:

Maria Damigos
Email: [email protected]

Personal data is any information that relates to an identified or identifiable living individual. This can include your:

• name
• address
• email
• phone number
• date of birth
• national insurance number
• bank details.

It can also include more sensitive information, such as your:

• health records
• ethnicity
• religion
• political opinions

We collect your personal data for various purposes, such as:

• to provide you with the services you request or need, such as housing, social care, education, or waste collection
• to make payments to you such as benefits or grants
• to receive payments from you
• to communicate with you about our services, events, or consultations
• to comply with our legal obligations, such as safeguarding, auditing, or fraud prevention
• to improve our website, services, or customer satisfaction (includes feedback)

We only collect the personal data that is necessary for the purpose we are using it for. We do not collect more data than we need or keep it for longer than we have to.

An IP address is a unique string of numbers that identifies each computer. We collect IP addresses only for the purposes of system administration and to audit the use of our site.

We do not link IP addresses to anything personally identifiable, which means that while your user session will be logged you will remain anonymous to us.

We collect your personal data in different ways, depending on how you interact with us. For example, we may collect your data when you:

• register for an account or a service
• receive a service from us
• contact us by phone, email, post, or social media
• apply for a job or volunteer with us
• make a complaint or give us feedback

We may also receive your personal data from other sources, such as:

• other local authorities or public bodies
• third-party service providers or contractors
• healthcare providers or social care agencies
• police or courts
• credit reference agencies or debt collection agencies

We will tell you where we got your personal data from and why we are using it unless we are prevented by law or there is an exemption (such as it would compromise an investigation).

We use your personal data in accordance with the data protection principles

This means that we will:

• only use your personal data for a specific and lawful purpose
• only use your personal data in a way that is fair and transparent to you
• only collect and keep the personal data that is relevant and necessary for that purpose
• keep your personal data accurate and up to date
• only keep your personal data for as long as we need it for that purpose
• keep your personal data secure and protect it from unauthorised access, use, or loss
• be responsible and accountable for how we use your personal data

If we wish to use your personal data for a purpose that is not related to the service you requested or need, then we will provide you with a new notice explaining this new use before starting the processing unless an exemption applies. Where appropriate, we will seek your prior consent to the new processing.

We may share your personal data with other organisations or individuals, such as:

• other local authorities, government departments or public bodies
• third-party service providers or contractors that provide services on behalf of the Council
• healthcare providers or social care agencies
• police or courts
• credit reference agencies or debt collection agencies

We will only share your personal data when we have a legal basis and it is necessary to do so, such as:

• to provide you with the service you requested or need
• to comply with our legal obligations, such as safeguarding, auditing, or fraud prevention

We will tell you who we are sharing your personal data with and why, unless we are prevented by law, or there is an exemption.

We will only share the personal data that is necessary for the purpose we are sharing it for. We will not share more data than we need or keep it for longer than we have to.

We will not typically share information outside the EU. Where an organisation is international in nature, we will have completed a risk assessment and there will be a legal basis for this transfer.

We keep your personal data for no longer than necessary and in line with our corporate data retention schedule.

We take the security of your personal data very seriously. We make sure the systems we use have sufficient controls and security in place to make sure that staff can be managed effectively and to protect against external threats.

We use various technical and organisational measures to protect your data from unauthorised access, use, or loss. For example

• encrypted servers
• firewalls
• remote backup
• cloud-based computing including virtual servers
• password protection
• annual individual mandatory training
• policies and procedures around data protection

The council employs an IT Security Manager to review and ensure IT security compliance and we work with the Data Protection Officer to make sure that both existing systems and new systems have adequate protections and security. We only allow authorised staff, contractors, or partners to access your personal data.

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

• the right to be informed about how we use your personal data
• the right to access your personal data and get a copy of it
• the right to rectify your personal data if it is inaccurate or incomplete
• the right to erase your personal data if you no longer want us to keep it or we have no legal basis to keep it
• the right to restrict the use of your personal data if you think it is inaccurate, unlawful, or unnecessary
• the right to object to the use of your personal data for certain purposes, such as marketing or profiling
• the right to data portability, which means you can ask us to transfer your personal data to another organisation or to you in a machine-readable format
• the right to withdraw your consent at any time if we are relying on your consent to use your personal data
• the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how we use your personal data

You can:

• request copies of information we hold about you
• request changes to information we hold about you

We may update this privacy notice from time to time to reflect changes in our services, the law, or our data protection practices.

We will publish the latest version on our website and take steps to communicate changes to you, where appropriate.

If you have any questions, comments, or complaints about this privacy notice or how we use your personal data, you can contact us by:

Email: [email protected]

Post:

Data Protection Officer,
Buckinghamshire Council,
The Gateway,
Gatehouse Road,
Aylesbury,
HP19 8FF

You can find out more about your information rights or make a complaint to the ICO:

Information Commissioner's Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Website: https://ico.org.uk/