Privacy Policy

We process and hold information in order to provide public services. This notice explains how we use and share your information, and how we protect your privacy. Information may be collected on a paper or online form, by telephone, email, CCTV or by a member of our staff, or one of our partners.
Further information can be found relating to the individual services provided by the Council by clicking on the relevant service department on the left hand side.
We have appointed a Data Protection Officer (DPO), Meesha Patel to oversee data rights.  If you have any concerns or queries relating to Data Protection issues, please contact Meesha Patel in the first instance by emailing SAR@malvernhills.gov.uk  

We collect and hold information about you, in order to:

Deliver public services and support to you;
Confirm your identity to provide some services;
Contact you by post, email or telephone;
Obtain your opinion about our services;
Check the quality of services;
Prevent and detect fraud and corruption in the use of public funds;
Allow us to undertake statutory functions efficiently and effectively; and
Make sure we meet our statutory obligations.

How the law allows us to use your personal information

There are a number of legal reasons why we need to collect and use your personal information.
The privacy notices for individual services explains for each service which legal reason is being used. Generally we collect and use personal information where:
It is necessary to perform our statutory duties;
It is required by law;
You have given consent;
You have entered into a contract with us;
It is necessary for employment purposes;
You have made your information publicly available;
For legal purposes, such as the prevention of crime; or
It is necessary for archiving, research, or statistical purposes.
If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact SAR@malvernhills.gov.uk and tell us which service you’re using so we can deal with your request.

We only use what we need

Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don’t need personal information we’ll either keep you anonymous or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.
We don’t sell your personal information to anyone else. 

You can ask for access to the information we hold on you

You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you, we must give you access to everything we’ve recorded about you within 30 calendar days of receipt of that request.

However, we can’t let you see any parts of your record which contain:
Confidential information about other people; or
Information which may stop us from preventing or detecting a crime.
This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your record with your signed consent (except if one of the points above applies).
If you have any queries about access to your information please email SAR@malvernhills.gov.uk

You can ask to change information you think is inaccurate

You should let us know if you disagree with something written on your file.
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

You can ask to delete information (right to be forgotten)

In some circumstances you can ask for your personal information to be deleted, for example:
Where your personal information is no longer needed for the reason why it was collected in the first place;
Where you have removed your consent for us to use your information (where there is no other legal reason us to use it);
Where there is no legal reason for the use of your information;
Where deleting the information is a legal requirement;
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where we are required to have it by law or it is necessary for legal claims.

You can ask to limit what we use your personal data for

You have the right to ask us to restrict what we use your personal information for where:

You have identified inaccurate information, and have told us of it;
Where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether;
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of the UK.
Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.

Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.

You can ask to have your information moved to another provider (data portability)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.

It’s likely that data portability won’t apply to most of the services you receive from the Council.

You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.

You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.

If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we are using your information. 

Who do we share your information with?

We use a range of organisations to either store personal information or help deliver our services. Where we have these arrangements there is an agreement in in place to make sure that the organisation complies with data protection law.

We’ll often complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations.              Under those circumstances we will usually have a Data Sharing Agreement in place.  The Privacy Notices relating to individual services will detail which organisations we share data with.

We may also share your personal information where other rights override your right to privacy:
In order to find and stop crime and fraud;
If there are serious risks to the public, our staff or to other professionals;
Or to protect a child or vulnerable adult (safeguarding measures).

How do we protect your information?

We will store your data (on paper and electronically) in a secure way, and we’ll only make it available to those who have a right to see it.
We provide training for our staff to make them aware of how to handle information and how and when to report when something goes wrong.

Where in the world is your information?

The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a contract in place with that third party.

We’ll endeavour to ensure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.

How long do we keep your personal information?

We try to store personal information in accordance with our retention schedule.

There’s often a legal reason for keeping your personal information for a set period of time, we try to detail this in our retention schedule.
For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more important records.   

Where can I get advice?

If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at SAR@malvernhills.gov.uk
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) by emailing casework@ico.org.uk or writing to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

 

 
Cookies and how you use this website
Please see page:
https://www.malvernhills.gov.uk/cookie-notice