This statement covers the treatment of personally identifiable information that Mansfield District Council collects when you are visiting our website.
Mansfield District Council is registered as a data controller with the Information Commissioner's Office (registration number: Z7131075).
Mansfield District Council is committed to protecting your privacy when you use our services. This privacy notice tells you what to expect when the Council collects personal information. It also explains when and why we collect this information, how we use it, the conditions under which we may disclose it to others, how we keep it secure and what rights you have in relation to the data we hold about you.
If you have enquires about this privacy statement or about use of your personal data, you can contact the County Council's Data Protection Officer (DPO) at Data Protection Officer, Mansfield District Council, Chesterfield Road South, Mansfield, Notts. NG19 7BH, or by email at DPO@mansfield.gov.uk.
What is the purpose of this privacy statement?
This privacy statement tells you what to expect when we collect personal data. It applies to information we collect about:
- visitors to our website
- people who register for an online account
- people who register for and use our services
- people who are referred to us by other persons, agencies, organisations
- people who contact us with an enquiry or complaint
- job applicants and out current and former employees
- people who participate in publicity for the council
- people who are record on CCTV operated by the council.
What is personal data?
Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual). The following types of personal data may be used:
- personal contact details such as name, address, phone number, etc.
- personal identifiers such as an NHS number
- visual images, personal appearance and behaviour
- personal or professional opinions about an individual
- family details
- housing needs
- lifestyle and social circumstances
- pension or financial activity records
- offences (including alleged offences).
There are two classes of personal data, "normal" personal data, as shown above and "special categories" of personal data. Some information is 'special' and needs more protection due to its sensitivity. It's often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- racial or ethnic origin
- religious or philosophical beliefs
- Trade Union membership
- physical or mental health
- genetic or biometric data for the purpose of uniquely identifying a natural person
- sexual life or orientation
- political opinions.
Where "normal" personal data is involved, the basis for processing under the GDPR would normally be Public Task. However, there are other bases available as necessary.
Where "special categories" of personal data are involved, then more rigorous procedures are necessary and:
- explicit consent of the person concerned must be obtained, or
- one of the conditions in schedule 1 of the Data Protection Act 2018. For example, conditions relating to the employment or the substantial public interest conditions, must be satisfied.
How you can contact us
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, at DPO@mansfield.gov.uk or by calling 01623 463463 and asking to speak to the Data Protection Officer.
Notification of Change of Privacy Notice
We may modify this privacy notice at any time, but if we do so, we will notify you by publishing the changes on our website. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email. If, after being informed of these changes, you do not end your association with Mansfield District Council, you will be considered as having expressly consented to the changes in our privacy notice. If you disagree with the terms of this notice, or any updated version of this notice, you may exercise your rights to end your association with Mansfield District Council, at any time. This notice was last updated in May 2018.
How do we collect and use your personal information?
Why do we collect your information?
We obtain information about you when you are registered within the district, for example, when you register to pay Council Tax, when you register for council services or when you apply for services for example, applying for a council property or to receive benefits etc.
Why do we need your personal information?
We may need to use some information about you to:
- deliver services and support to you
- manage those service we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- to undertake public tasks
- to uphold legal rights and obligations
- check the quality of services, and
- to help with research and planning of new services.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to perform our public tasks
- it is necessary to perform our Legal Obligations
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes.
If we have consent to use your personal information, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact DPO@mansfield.gov.uk and tell us which service you're using so we can deal with your request.
If you would like more information about the basis on which personal data is processed, please visit the Information Commissioner's Office (ICO) (opens in new window).
We only use what we need.
Where we can, we only collect and use personal information to meet the obligations set out above.
If we don't need personal information we'll either keep you anonymous if we already have it for something else or we won't ask you for it. For example in a survey we may not need your contact details we'll only collect your survey responses.
If we use your personal information for research and analysis, we'll always keep you anonymous or use a different name unless you've agreed that your personal information can be used for that research.
We don't sell your personal information to anyone else.
What rights do you have in relation to your personal data?
You have a number of rights in relation to your personal data. Please note that not all rights are automatic and some may not be available in certain circumstances where a lawful exception applies. For instance, this could be because a copy of your personal data may need to be kept or used for the purposes of complying with a legal obligation, for use in legal proceedings, for prevention or detection of crime or for a monitoring officer investigation etc.
Right to find out about the personal data we hold about you and access a copy of it (personal information request).
This applies to both paper and electronic records. You can ask us whether we hold your personal data and you can request a copy of the information we hold. Requests should be in writing. If you are unable to ask for your records in writing we will make sure there are other ways you can. Please see Personal Information Request application form (opens in new window).
Some of the information requested may be exempt from disclosure. This could be because it relates to another individual, it is subject to legal professional privilege, its disclosure would result in serious harm to someone, it may stop us preventing or detecting a crime or another lawful exception applies.
Right to withdraw your consent
If you have provided us with consent for use of your data, for instance, marketing purposes, you have the right to withdraw your consent to stop the further use of your data for that purpose.
The right to withdraw your consent will only affect future use of your data. It will not affect the validity of any pre-existing use.
This right is not available where your data can be used without your consent, for instance, where we are under a legal obligation to use your information or another lawful exception applies.
Right to raise a concern or enquiry about use of your personal data
Right to contact the Information Commissioner's Office
For independent advice about data protection, privacy and data sharing issues, or if you are dissatisfied with how we have handled a complaint about use of your data, you can write to the Information Commissioner's Office at the following address:
Or email: email@example.com
Right to rectification of your personal data
You may ask for your personal information to be corrected if information we hold is inaccurate or for incomplete information to be completed.
We may not always be able to change or remove that information but we'll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
This right may not be available in limited circumstances where a lawful exception applies.
Right to erasure of your personal data (right to be forgotten)
You can request that some or all of your data be erased where:
This right is not available where a lawful exception applies or where the retention of the data is necessary for:
Right to restriction of use of your personal data
You have the right to ask us to restrict what we use your personal information for where:
When information is restricted it can't be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it's for important public interests of the UK.
Where restriction of use has been granted, we'll inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we'll seek to comply with your request, but we may need to hold or use information because we are required to by law.
This right is not available where a lawful exception applies or in respect of data being used for the protection of the rights of another person, or, reasons of important public interest.
Right to object to the use of your personal data
You can object to use of your data:
This right may not be available in limited circumstances where a lawful exception applies.
Right to ask for an automated decision to be reconsidered by a human
Where we notify you that a significant decision has been taken about you without any human input, you can request that we reconsider the decision, or take a new decision that is not taken solely by automated means.
This right is not available in respect of data being used on the basis of your explicit consent for the purposes of a contract that you have entered into with us.
You can ask to have your information moved to another provider (data portability)
It's likely that data portability won't apply to most of the services you receive from the council.
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we're using your personal information with consent (not if we're required to by law) and if decisions were made by a computer and not a human being.
You can ask to have any computer made decisions explained to you, and details of how we may have 'risk profiled' you.
You also have the right to object if you are being 'profiled'. Profiling is where decisions are made about you based on certain things in your personal information, such as your health conditions.
If and when Mansfield District Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who'll be able to advise you about how we using your information.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.
We'll complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
We may also share your personal information when we feel there's a good reason that's more important than protecting your privacy. This doesn't happen often, but when we need to share your information, it will be because one of the exemptions in the Data Protection Act 2018 (opens in new window) applies. For example:
- for the purpose of prevention and detection of crime
- apprehension or prosecution of offenders
- assessment and collection of tax etc.
- information required to be disclosed by law, for example, if the court orders that we provide the information
- functions designed to protect the public.
How we record what personal data we hold
Please see our Information Asset Register for details of what information we hold, the basis for processing the information, how long we keep your data and who we may share it with and why. The register is divided into service areas enabling you to search it more easily.
How do we protect your information?
We'll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we'll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what's called a 'cypher'. The hidden information is said to then be 'encrypted'.
- Pseudonymisation, meaning that we'll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Where in the world is your information?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it's stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We'll take all practical steps to make sure your personal information is not sent to a country that is not seen as 'safe' either by the UK or EU Governments.
If we need to send your information to an 'unsafe' location we'll always seek advice from the Information Commissioner's Office (ICO) (opens in new window) first.
How long do we keep your personal information?
There's often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our Records and Retention Policy (opens in new window).
For each service the schedule lists how long your information may be kept for.
How you use this website (something called Google Analytics)
We use Google Analytics to collect information about how people use this site. We do this to make sure it's meeting peoples' needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (such as, your name or address) so this data cannot be used to identify who you are.
We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.
Unless the law allows us to, we do not:
- share any of the data we collect about you with others
- use this data to identify individuals.
Your Credit or Debit Card Information
If you use your credit or debit card to make payments, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard, and don't store the details on our website or databases.
We have various methods and payment providers. Our corporate Payment Card Industry payments solution(s) are provided by Capita (opens in new window). Capita are a validated PCI payments system supplier.
Where can I get advice and more information?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at DPO@mansfield.gov.uk or by calling 01623 463463.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) (opens in new window).