Data protection and privacy

We must ensure we abide by the seven principles of the UK GDPR to ensure personal information is:

• Used in a lawfulness, fair and transparent way
• Collected for specified, explicit and legitimate purposes and not used in an incompatible way
• Adequate, relevant and limited to what is necessary
• Accurate and where necessary kept up to date
• Kept so that only identifies someone for no longer than is necessary
• Used in a manner that ensures appropriate security
• We are also responsible for, and must be able to demonstrate, compliance with these principles.

Demonstrating compliance includes:

• Adopting and implementing Data Protection policies
• Taking a ‘Data Protection by Design and Default’ approach
• Putting written contracts in place with organisations that process personal data on our behalf
• Maintaining documentation of our processing activities
• Implementing appropriate security measures
• Recording and, where necessary, reporting personal data breaches
• Carrying out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests
• Appointing a Data Protection Officer and
• Adhering to relevant codes of conduct and signing up to certification schemes.

The UK GDPR provides everyone with a series of rights as shown below. The first rights means we must keep you informed about how we are processing your personal information.  We are doing this by publishing a series of Team Privacy Notices.

An important part of these Privacy Notices is identifying the legal basis for the processing of your personal information.  The legal basis will be one of the conditions set out in Articles 6 of the GDPR and also a condition from Article 9 where special categories of personal data are being processed, as follows:

Article 6

• Performance of a contract
• Performance of a task or provision of a service in the public interest
• To comply with a legal obligation
• Protection of vital interests
• Consent
• Legitimate interests

Article 9

• Reasons of substantial public interest
• Preventative or occupational medicine
• Employment and Social Security
• Public interest in area of Public Health
• To establish, exercise or defend legal claims / courts acting in judicial capacity
• Personal data made public by the Data Subject
• Protection of vital interests
• Consent
• Archiving purposes, scientific or historical research or statistical purposes
• Legitimate activities in relation to not for profit organisations with a political, philosophical, religious or trade union aim

Adults and Health

• Blue Badges [PDF, 144Kb]
• Services for Adults [PDF, 131Kb]

Children and Families

• Children & Families [PDF, 183Kb]

Economy and Growth

• Registrars [PDF, 516Kb]
• Markets [PDF, 431]
• Tourism and Events [PDF, 591Kb]

Human Resources

• HR Employment and Organisational Development [PDF, 178Kb]
• Welfare Services [PDF, 415Kb]

Legal and Democracy

• Electoral Registration [PDF, 551Kb]

Waste and Public Protection

• Trading Standards [PDF, 434Kb]
• Licensing [PDF, 435Kb]
• Greater Lincolnshire Energy Efficiency Network (GLEEN) [PDF, 559Kb]
• Green Homes Grant

Learning, Skills and Culture

• Early Years, Early Education and Statutory Assessments [PDF, 543Kb]
• Governor Services [PDF, 435Kb]
• Library & Information Services [PDF,633Kb]
• Imagination Library [PDF, 185Kb]
• Open Place Directory [PDF, 181Kb]
• HAF Programme Coordinate Sport [PDF, 158Kb]

Governance, Partnerships and other cross council privacy notices

• Local Taxation & Benefits [PDF, 563Kb]
• Residents Panel, Consultation and Focus Groups [PDF, 181Kb]
• Adults Financial Support [PDF, 688Kb]
• COVID-19 [PDF, 615Kb]
• COVID19 Supplementary Privacy Notice [PDF, 416Kb]
• Service Design for User Research [PDF, 608Kb]

Public Health

• Walking the Way to Health [PDF, 529Kb]
• Public Health Intelligence [PDF, 518Kb]
• Adult Weight Management [PDF, 197Kb]

Transport and Streets

• Transport Services [PDF, 532Kb]

Personal data

Personal information – is any information relating to a natural person who can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or genetic information.

Special categories of personal data – relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Processing

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data controller and data processor

Data controller – means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.

Data processor – means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

In addition to the right to request access to your personal information by making a Subject Access Request the UK General Data Protection Regulation provides you with a number of other rights, as follows:

You can ask us to change information you think is inaccurate

If you disagree with something written on your file please let us know. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree.

You can ask us to erase information (right to be forgotten)

In some circumstances you can ask for your personal information to be erased (deleted), such as where:

• your personal information is no longer needed for the reason it was collected
• you have withdrawn your consent for us to use your information
• there is no legal reason for the use of your information
• deleting your information is a legal requirement

Sometimes we will not be able to delete your information, such as where we are required by law to keep it. If your personal information has been shared with others we will do what we can to make sure they also comply with your request for erasure.

You can ask us to restrict what we use your personal information for

You can ask us to restrict using your personal information in some circumstances, such as where:

• you have told us you think information about you is inaccurate whilst we verify this
• we have no legal reason to use that information but you have asked us to restrict what we use it for rather than erase it
• you have objected to us using your personal information, whilst we verify this

Whilst we are restricted from using your information we will not do anything with it other than to store it unless:

• We have your consent
• To establish, exercise or defend a legal claim
• To protect the rights of another person
• It is for reasons of important public interest.

You have the right to ask us to stop using your personal information for any council service, but if this request is approved this may cause delays or prevent us delivering a service to you.

If your personal information has been shared with others we will do what we can to make sure they are also aware of your request for restriction.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal information. Sometimes we will refuse to comply with your request for restriction, such as where we are required by law to use your information.

You can ask us about data portability

You have the right to ask us for your personal information to be given back to you in a structured, commonly used machine readable format so that you can take it to another organisation. This applies only to information you have given us, that we using in an automated way (excluding paper format) and where we are using it either on the basis of consent or for the performance of a contract.

In some cases we do not have to comply with a request for Data Portability, such as where we are using your data for a legal reason.

You can object to us using your personal information

In some circumstances you can object to us using your personal information and you have the absolute right to object to the processing of their personal data if it is for direct marketing purposes.

You can also object if the processing is for:

• A task carried out in the public interest
• The exercise of official authority vested in you; or
• Your legitimate interests (or those of a third party)

Rights in relation to automated decision making and profiling

You also have rights where we are processing you personal information in an automated way without human involvement or where we are carrying out profiling. We identify on our Team Privacy Notices where this type of processing is taking place.

For further information please contact us.

The council’s information is an important and valuable asset. We must take care of this information to ensure we can, for example, provide services to individuals and so that we comply with the law.

Information exists in many forms, including:

• Hardcopy documents
• Electronic information
• Verbal information

We have and Information Security Policy that details how we protect information.

Although every care is taken to protect information, our Information Security Incident and Data Breach Policy explains what we would do if we were to have a breach of security.

For further information please contact us.