• Contact: 01489 892323
Instagram Facebook Envelope
Bishops Waltham Parish Council Logo

Data Protection / GDPR – Privacy Notice(s)

The Council is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR). It follows procedures designed to ensure that all employees, elected Members, contractors, consultants, and partners who have access to personal data held by, or on behalf of, the Council are aware of and comply with their responsibilities under the GDPR.

Statement of Policy

The Council needs to collect and use information about people with whom it works in order to operate and carry out its functions. These may include members of the public, current, past, and prospective employees, clients, customers, and suppliers. In addition, the Council may be required by law to collect and use information in order to comply with the requirements of central government.

This personal information must be handled properly, regardless of how it is collected, recorded, or used, and whether it is held on paper, in computer systems, or by other means.

The Council regards the lawful and appropriate treatment of personal information as essential to its effective operation and to maintaining confidence between the Council and those with whom it conducts business. The Council therefore fully endorses and adheres to the principles of the GDPR.

Handling Personal and Special Category Data

The Council will, through appropriate management controls, monitoring, and review:

  • Use personal data efficiently and effectively to deliver services

  • Collect and process only the data that is necessary

  • Use personal data only for purposes described at the point of collection, or for purposes that are legally permitted

  • Take reasonable steps to ensure information is accurate and up to date

  • Retain information only for as long as necessary

  • Securely destroy data that is no longer required

  • Apply appropriate security measures to protect data against unauthorised or unlawful processing, accidental loss, destruction, or damage

  • Ensure personal data is not transferred outside the UK or EEA without appropriate safeguards

  • Make general information available to the public regarding their rights of access to information

  • Ensure that individuals can fully exercise their rights under the GDPR, including:

    • The right to be informed

    • The right of access

    • The right to rectification

    • The right to erasure

    • The right to restrict processing in certain circumstances

    • The right to data portability

    • The right to object to processing

Further guidance on these rights is provided in the Council’s Information Rights Policy.

The Principles of Data Protection

Anyone processing personal data must comply with the six GDPR principles. Personal data must be:

  1. Processed lawfully, fairly, and transparently

  2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes

  3. Adequate, relevant, and limited to what is necessary

  4. Accurate and kept up to date, with inaccurate data corrected or erased without delay

  5. Kept in a form that allows identification of individuals for no longer than necessary

  6. Processed securely, using appropriate technical and organisational measures

Personal Data and Special Category Data

Personal data is any information relating to an identified or identifiable natural person.

Special category data includes personal data revealing:

  • Racial or ethnic origin

  • Political opinions

  • Religious or philosophical beliefs

  • Trade union membership

  • Physical or mental health or condition

  • Sexual life or sexual orientation

  • Biometric data

Further details on how personal data is processed are available in the Council’s General Privacy Notice.

Cookies

Cookies are small data files stored on a user’s device when visiting a website. They do not access personal information stored on a computer but may be used to remember user preferences, such as text size.

The Council does not use cookies or other technologies to track user activity outside its website and does not share cookie data with third parties.

Research and Feedback

The Council may use anonymised website usage data to analyse trends and improve its website. These records do not contain personal information and cannot be used to identify individuals.

Feedback submitted through online forms is used to monitor and improve services. Providing contact details is optional unless a response is requested. Contact details are not retained unless specifically requested by the individual.

All information is handled confidentially by authorised Council staff in accordance with data protection legislation. Personal details are not shared with third parties without lawful justification.

Links to Other Websites

The Council’s website may contain links to external websites. The Council is not responsible for the privacy practices or content of external sites.