Privacy Notice for Mansfield District Council

Coronavirus update: any personal data or special category data that you provide to Mansfield District Council regarding Coronavirus shall be recorded and processed in accordance with this Privacy Notice and relevant Data Protection Legislation.

Please also view these specific Privacy Notices


This statement covers the treatment of personally identifiable information that Mansfield District Council collects when you are visiting our website.

Mansfield District Council is registered as a Data Controller with the Information Commissioners Office (registration number: Z7131075).

Mansfield District Council is committed to protecting your privacy when you use our services. This privacy notice tells you what to expect when the Council collects personal information. It also explains when and why we collect this information, how we use it, the conditions under which we may disclose it to others, how we keep it secure and what rights you have in relation to the data we hold about you.

If you have enquires about this privacy statement or about use of your personal data, you can contact the District Council's Data Protection Officer (DPO) at Data Protection Officer, Mansfield District Council, Chesterfield Road South, Mansfield, Nottinghamshire, NG19 7BH, or by email at dpo@mansfield.gov.uk.

What is the purpose of this privacy statement?

This privacy statement tells you what to expect when we collect personal data. It applies to information we collect about:

  • visitors to our website
  • people who register for an online account
  • people who register for and use our services
  • people who are referred to us by other persons, agencies, organisations
  • people who contact us with an enquiry or complaint
  • job applicants and out current and former employees
  • people who participate in publicity for the council
  • people who are record on CCTV operated by the council.

What is personal data?

Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual). The following types of personal data may be used:

  • personal contact details such as name, address, phone number, etc
  • personal identifiers such as an NHS number
  • visual images, personal appearance and behaviour
  • personal or professional opinions about an individual
  • family details
  • employment
  • housing needs
  • lifestyle and social circumstances
  • pension or financial activity records
  • offences (including alleged offences).

There are two classes of personal data, in addition to normal personal data there are also special categories of personal data. Some information is special and needs more protection due to its sensitivity. It is often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:

  • racial or ethnic origin
  • religious or philosophical beliefs
  • Trade Union membership
  • physical or mental health
  • genetic or biometric data for the purpose of uniquely identifying a natural person
  • sexual life or orientation
  • political opinions.

Where normal personal data is involved, the basis for processing under the UK GDPR would normally be Public Task. However, there are other bases available as necessary.

Where special categories of personal data are involved, then more rigorous procedures are necessary and:

  • explicit consent of the person concerned must be obtained, or
  • one of the conditions in schedule 1 of the Data Protection Act 2018. For example, conditions relating to the employment or the substantial public interest conditions, must be satisfied.

Appropriate Policy Document

How the Council protects special category personal data can be found in this document, Appropriate Policy Document (opens in a new window)

How you can contact us

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, at dpo@mansfield.gov.uk or by calling 01623 463259 and asking to speak to the Data Protection Officer.

Notification of Change of Privacy Notice

We may modify this privacy notice at any time, but if we do so, we will notify you by publishing the changes on our website. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email. If, after being informed of these changes, you do not end your association with Mansfield District Council, you will be considered as having expressly consented to the changes in our privacy notice. If you disagree with the terms of this notice, or any updated version of this notice, you may exercise your rights to end your association with Mansfield District Council, at any time. This notice was last updated in June 2022.

How do we collect and use your personal information?

Why do we collect your information?

We obtain information about you when you are registered within the district, for example, when you register to pay Council Tax, when you register for council services or when you apply for services for example, applying for a council property or to receive benefits etc.

Why do we need your personal information?

We may need to use some information about you to:

  • deliver services and support to you
  • manage those service we provide to you
  • train and manage the employment of our workers who deliver those services
  • help investigate any worries or complaints you have about your services
  • keep track of spending on services
  • to undertake public tasks
  • to uphold legal rights and obligations
  • check the quality of services and
  • to help with research and planning of new services.

How the law allows us to use your personal information

There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:

  • you, or your legal representative, have given consent
  • you have entered into a contract with us
  • it is necessary to perform our statutory duties
  • it is necessary to perform our public tasks
  • it is necessary to perform our Legal Obligations
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for employment purposes
  • you have made your information publicly available
  • it is necessary for legal cases
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes.

If we have consent to use your personal information, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact dpo@mansfield.gov.uk and tell us which service you are using so we can deal with your request.

If you would like more information about the basis on which personal data is processed, please visit the Information Commissioner's Office website (opens in new window).

We only use what we need.

Where we can, we only collect and use personal information to meet our obligations to you, as listed in the why do we need your personal information section.

If we do not need personal information we will either keep you anonymous if we already have it for something else or we will not ask you for it. For example in a survey we may not need your contact details we will only collect your survey responses.

If we use your personal information for research and analysis, we will always keep you anonymous or use a different name unless you have agreed that your personal information can be used for that research.

We do not sell your personal information to anyone else.

What rights do you have in relation to your personal data?

You have a number of rights in relation to your personal data. Please note that not all rights are automatic and some may not be available in certain circumstances where a lawful exception applies. For instance, this could be because a copy of your personal data may need to be kept or used for the purposes of complying with a legal obligation, for use in legal proceedings, for prevention or detection of crime or for a monitoring officer investigation etc.

Your rights Summary Exceptions

Right to find out about the personal data we hold about you and access a copy of it (personal information request).

This applies to both paper and electronic records. You can ask us whether we hold your personal data and you can request a copy of the information we hold.  Requests should be in writing. If you are unable to ask for your records in writing we will make sure there are other ways you can. Please see Personal Information Request application form (opens in new window).

Some of the information requested may be exempt from disclosure. This could be because it relates to another individual, it is subject to legal professional privilege, its disclosure would result in serious harm to someone, it may stop us preventing or detecting a crime or another lawful exception applies.

Right to withdraw your consent

If you have provided us with consent for use of your data, for instance, marketing purposes, you have the right to withdraw your consent to stop the further use of your data for that purpose.

The right to withdraw your consent will only affect future use of your data. It will not affect the validity of any pre-existing use.

This right is not available where your data can be used without your consent, for instance, where we are under a legal obligation to use your information or another lawful exception applies.

Right to raise a concern or enquiry about use of your personal data

For enquiries, please see our Freedom of information page. To make a complaint about how your personal data is being managed, please contact the Data Protection Officer at dpo@mansfield.gov.uk

 

Right to contact the Information Commissioners Office

For independent advice about data protection, privacy and data sharing issues, or if you are dissatisfied with how we have handled a complaint about use of your data, you can write to the Information Commissioners Office at the following address:

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Or email: casework@ico.org.uk

 

Right to rectification of your personal data

You may ask for your personal information to be corrected if information we hold is inaccurate or for incomplete information to be completed.

We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

This right may not be available in limited circumstances where a lawful exception applies.

Right to erasure of your personal data (right to be forgotten)

You can request that some or all of your data be erased where:

  • we have no further legitimate use for it
  • the law requires its deletion
  • your personal information is no longer needed for the reason why it was collected in the first place
  • you have removed your consent for us to use your information (where there is no other legal reason us to use it)
  • there is no legal reason for the use of your information
  • deleting the information is a legal requirement.

This right is not available where a lawful exception applies or where the retention of the data is necessary for:

  • public health purposes, public interest, archiving, or research/statistical purposes
  • where your personal information has been shared with others, we will do what we can to make sure those using your personal information comply with your request for erasure.

Right to restriction of use of your personal data

You have the right to ask us to restrict what we use your personal information for where:

  • You have identified inaccurate information, and have told us of it
  • We have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
  • It is not used in a certain way while we consider any concerns you have about its accuracy
  • It is not used in a certain way while we consider any objections you have raised about our use of your data for our public functions.

When information is restricted it can not be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it is for important public interests of the UK.

Where restriction of use has been granted, we will inform you before we carry on using your personal information.

You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.

Where possible we will seek to comply with your request, but we may need to hold or use information because we are required to by law.

This right is not available where a lawful exception applies or in respect of data being used for the protection of the rights of another person, or, reasons of important public interest.

Right to object to the use of your personal data

You can object to use of your data:

  • for direct marketing purposes
  • for service delivery purposes except to the extent that we have an overriding legitimate reason for use of your data or are you using your data for a legal claim for research you have consented to take part in.

This right may not be available in limited circumstances where a lawful exception applies.

Right to ask for an automated decision to be reconsidered  by a human

Where we notify you that a significant decision has been taken about you without any human input, you can request that we reconsider the decision, or take a new decision that is not taken solely by automated means.

This right is not available in respect of data being used on the basis of your explicit consent for the purposes of a contract that you have entered into with us.

You can ask to have your information moved to another provider - data portability 

It is likely that data portability will not apply to most of the services you receive from the council.

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

However this only applies if we are using your personal information with consent (not if we are required to by law) and if decisions were made by a computer and not a human being.

You can ask to have any computer made decisions explained to you, and details of how we may have risk profiled you.

You also have the right to object if you are being profiled. Profiling is where decisions are made about you based on certain things in your personal information, such as your health conditions.

If and when Mansfield District Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.

If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who will be able to advise you about how we use your information.

Who do we share your information with?

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.

We will complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.

We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy. This does not often happen, but when we need to share your information, it will be because one of the exemptions in the Data Protection Act 2018 (opens in new window) applies. For example:

  • for the purpose of prevention and detection of crime
  • apprehension or prosecution of offenders
  • assessment and collection of tax etc
  • information required to be disclosed by law, for example, if the court orders that we provide the information
  • functions designed to protect the public.

How we record what personal data we hold

Please see our Information Asset Register (opens in a new window) for details of what information we hold, the basis for processing the information, how long we keep your data and who we may share it with and why. The register is divided into service areas enabling you to search it more easily.

How do we protect your information?

We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what is called a cypher. The hidden information is said to then be encrypted
  • Pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

Where in the world is your information?

The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it is stored in a system outside of the EU.

We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party. 

We will take all practical steps to make sure your personal information is not sent to a country that is not seen as safe either by the UK or EU Governments.

If we need to send your information to an unsafe location we will always seek advice from the Information Commissioner's Office (ICO) (opens in new window) first.

How long do we keep your personal information?

There is often a legal reason for keeping your personal information for a set period, we try to include all of these in our Records and Retention Policy (opens in a new window).

For each service the schedule lists how long your information may be kept for.

How you use this website - something called Google Analytics

We use Google Analytics to collect information about how people use this site. We do this to make sure it is meeting peoples needs and to understand how we can make the website work better.

Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.

We do not collect or store any other personal information (such as, your name or address) so this data cannot be used to identify who you are.

We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.

Unless the law allows us to, we do not:

  • share any of the data we collect about you with others
  • use this data to identify individuals.

Your Credit or Debit Card Information

If you use your credit or debit card to make payments, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard, and do not store the details on our website or databases.

We have various methods and payment providers. Our corporate Payment Card Industry payments solution(s) are provided by Access PaySuite (formerly Capita Pay360) (opens in new window). Access Paysuite Ltd are a validated PCI payments system supplier.

Where can I get advice and more information?

If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at dpo@mansfield.gov.uk or by calling 01623 463259.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioners Office (opens in new window).