Privacy Policy
This document explains how Thetford Town Council handles and processes data, what we use data for, and your rights concerning your personal data.
1. What do we mean by ‘Personal Data’?
‘Personal Data’ is any information about a living individual that allows them to be identified from that data, for example through a
name, photograph, or email address. Identification can be through direct use of the data or by combining it with other information. The processing of personal data is governed by the General Data Protection Regulation (GDPR) and supporting legislation such as the Human Rights Act.
2. Who are we?
This privacy notice is provided to you by Thetford Town Council, a statutory local authority that is a registered data controller with the Information Commissioner’s Office.
3. What other Data Controllers do we work with?
Thetford Town Council also works with other data controllers, including:
• Principal Authorities (District & County Councils)
• Government Department
• Affiliations & Professional Bodies
• Not for Profit Entities
• Contractors
• Community Groups
• Credit Referencing Agencies.
There may be instances where we need to share your personal data with such bodies so that they can carry out their responsibilities to the Council. In certain
instances, the Council may be a joint data controller with other organisations, and you may exercise any of your rights with any data controller who is handling your
personal data. A description of what personal data Witham Town Council processes and for what purposes is set out within this Privacy Notice.
4. What does Thetford Town Council process?
The Council will process some or all of the following personal data where necessary to perform its general tasks:
• Names, titles and aliases.
• Photographs
• Contact details (email/phone)
• Where relevant services are provided by the Council, or where you provide them to us, we may process inf
• Where goods and services are paid for, bank details and transaction histories.
• The data we process may include sensitive personal data.
5. How we use sensitive personal data.
We may process sensitive personal data to comply with legal requirements and obligations to third parties.
Sensitive Personal Data is defined under the General Data Protection Regulation as a special data category that requires a higher level of protection with all such data
justified. The Town Council may only utilise and process such data on legitimate grounds, such as:
• Limited circumstances with your written consent.
• Where we must carry out our legal obligations.
• Where it is required in the public interest.
Less commonly, we may process this type of personal data where it is needed concerning legal claims or where it is needed to protect your interests, or somebody
else’s interests and you are not capable of giving your consent, or where you have already made the information public.
6. Consent for processing sensitive personal data.
In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full
details of the personal data that we would like and the reason we need it so that you can carefully consider whether you wish to consent.
7. General Compliance
The Council has taken all necessary steps to ensure compliance with data protection legislation. Thetford Town Council ensures that all data held is:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes that we have told you about and limited to only those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purpose we have told you about.
• Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect
personal data from loss, misuse, authorized access, and disclosure.
8. The Council may use your personal data for some or all of the following purposes:
• To deliver public services including understanding your needs and providing services that you request and to understand what we can do for you, informing you of any other relevant services.
• To confirm your identity to provide some services.
• To contact you through approved channels.
• To help us evaluate our performance as a local authority.
• To prevent and detect fraud and corruption in the use of public funds, and where necessary, law enforcement functions.
• To enable us to discharge our statutory functions as a local authority.
• To carry out appropriate safeguarding policies.
• To promote the interests of the Council.
• To maintain the Council’s accounts and records.
• To seek your views, opinions, and comments.
• To notify you of relevant changes to our facilities, Council membership and elections.
• To send you communications that you have requested or may be of interest to
you.
• To process relevant financial transactions including grants and payments for
goods and services and services supplied to the Council.
• To allow for the statistical analysis of Council services for future planning and
provision.
9. Data Processing for CCTV Systems
The Town Council may also process data concerning our CCTV systems for the prevention and prosecution of crime. The management of the Town Council’s CCTV is defined across the Council’s data retention policies.
10. The Legal Basis for Processing Personal Data
The Council is a statutory public authority and holds both discretionary powers to perform tasks and statutory duties that it must complete. The vast majority of data
processed by the Town Council is processed in accordance with the Council’s statutory duties. We may process personal data where it is necessary for contractual
obligations to you, such as hiring or using a council-run facility. Where additional consent is required, consent will be sought before the data being used.
11. Sharing your personal data
This section provides information about the third parties with whom the council may share your personal data. These third parties must put in place appropriate security measures and will be responsible to you directly for how they process and protect your personal data. We must likely share personal data with
• Approved data controllers and contracted agents, such as Information Centre partners.
• Our agents, suppliers, and contractors where contractors provide services on our behalf such as newsletter distribution.
• On occasion, with other local authorities or not-for-profit bodies with which we are carrying out joint ventures, such as partnership working with other Councils.
12. Data Retention
We will keep some records permanently if we are legally required to do so. We may keep other records for an extended period on legitimate public interest grounds. A full
schedule of document retention periods is detailed in our Data Retention Policy.
13. Your Rights Concerning Personal Data
You have statutory rights concerning the use and management of your personal data. When exercising your rights and processing any request made by you, we may need to verify your identity for your security. In such cases, we will need you to supply the Council with proof of your identity before exercising your rights.
I. The right to access your personal data held by the Council (Subject Access Request)
At any point, you can contact the Council to request a copy of any of your personal data held by us, as well as why this information is being held, and where the
information was obtained from. Requests will be responded to within a 30-day window. There are no fees or charges for making a Subject Access Request.
Excessive requests which are manifestly unfounded or malicious may be subject to administration fees or refusal.
II. The right to correct and update the personal data we hold on you.
If the data we hold on you is out of date, incomplete, or incorrect, you can inform us and your data will be updated.
III. The right to have your personal data erased.
If you feel that the Council should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal
data we hold. When we receive such requests, we will confirm whether your data has been deleted, or the reasons as to why it cannot be deleted. You should note that a request to erase your personal data may impact the services provided to you by the Council, and you may be required to supply your personal data again if you wish to use Council services.
IV. The right to object to the processing of your personal data or to restrict it to certain purposes only.
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request, we will contact you and let you know
if we are able to comply or if other legal obligations prevent us from ceasing the processing of data.
V. The right to data portability.
You have the right to request that we transfer some of your data to another controller. We will comply with your request where it is feasible to do so, within one month of
receiving your request.
VI. The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
You can withdraw your consent easily by telephone, email or by post (see contact details below).
VIII The right to make a complaint with the Information Commissioner’s Office (ICO).
You may contact the Information Commissioners Office on 0303 123 1113 or at the Commissioner’s Office Address: ICO Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.
14. Further Processing
If we wish to use your personal data for a new purpose not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use before
commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing.
15. Contacting us about this policy.
This policy is overseen and enforced by the Town Council’s Data Protection Officer. If you have questions concerning Data Protection, please contact the Data Protection
Officer: Sonya Wright, Town Clerk, The Carnegie, Cage Lane, Thetford, IP24 2DS. Last Reviewed: 17 th September 2024 – Corporate Services Committee
Cookies
| Category | Cookie Name | Purpose |
|---|---|---|
| NID,1P_JAR,GCIC,CONSENT,ANID,__Secure-3PAPISID,__Secure-3PSID,__Secure-3PSIDCC | Used by Google to deliver Google Maps and Captcha services on the website | |
| Necessary Cookies | cookiesAcceptedGoogle | Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences. |
| Necessary Cookies | PHPSESSID | Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences. |
| Necessary Cookies | aubergine_cookie_consent | Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences. |
| Necessary Cookies | close_site_notice | Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences. |
| Necessary Cookies | _GRECAPTCHA | Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences. |