What it covers:
This policy covers the treatment of personally identifiable information that Andover Town Council collects when you are using the Andover Town Council website, when you make contact both in person and in writing, when you email us, or when you complete and submit an online form via our website. Andover Town Council holds and processes personal data in accordance with all current legislation relating to data protection.
The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive and comes into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.
This policy explains how we use and share your information.
We record personal information if you:
- subscribe to or apply for services that require personal information,
- report a fault and give your contact details for us to respond,
- Contact us and leave your details for us to respond.
Why we collect and hold the information about you:
Information may be collected on a paper or online form, by telephone, email, or by a member of our staff, or another local authority.
- deliver public services
- confirm your identity to provide some services
- contact you by post, email or telephone
- understand your needs to provide the services that you request
- understand what we can do for you and inform you of other relevant services and benefits
- update your customer record
- prevent and detect fraud and corruption in the use of public funds
- allow us to undertake statutory functions efficiently and effectively
- make sure we meet our statutory obligations
- fulfilling your request for information or services
How we use your information:
Andover Town Council will only hold your information for as long as necessary. All employees who have access to your personal data and are associated with the handling of that data have to respect the confidentiality of your data. All your communications to us are protected against unauthorised access by third parties.
The Council tries to keep the information we have about you accurate and up to date. If, however, you find errors or inaccuracies in your data, we will erase, complete or amend that information upon request.
We will process your information for the following purposes:
- for the service you requested.
- to allow us to be able to communicate and provide services and benefits appropriate to your needs.
- to ensure that we meet our legal obligations.
- where necessary for the law enforcement functions.
- to prevent and detect fraud or crime.
- to process relevant financial transactions including grants and payments for goods and services supplied to the Council
We may need to pass your information to other people and organisations that provide the service. These providers have to keep your details securely, and use them only to fulfil your request.
We will not sell or rent your personally identifiable information to anyone.
Protecting your information:
We have a Data Protection, Privacy Policies, Privacy Statement and a set of Information Security processes. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas.
- Information will be protected against unauthorised access.
- Confidentiality of information will be assured.
- Integrity of information will be maintained.
- Regulatory and legislative requirements will be met.
- Information security training is given to all staff.
- All breaches of information security, actual or suspected, will be reported to, and investigated by the GDPR Officer andsent to the Information Commissioner’s Office (ICO).
You have the right to:
- information about the processing of your personal data
- obtain access to the personal data held about you
- ask for incorrect, inaccurate or incomplete personal data to be corrected
- request that personal data be erased when it’s no longer needed or if processing it is unlawful
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
- request the restriction of the processing of your personal data in specific cases
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’)
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
- The page localisation system - a cookie is used to store the last address you searched for. The data in this cookie is encrypted. This enables individual pages to show information that is localised to your address. We do not assign a name to the address. Pressing the “clear” button on the address selector form will clear the address data from this cookie. For extra security, the data stored can only be read by pages on the andovertowncouncil.gov.uk domain.
- The homepage customisation system - a cookie is used to store where you have placed the widgets on your screen and which are viewable.
- The online mapping system - a cookie is used to store the last address you searched for. The data in this cookie is encrypted. This enables individual pages to show information that is localised to your address. We do not assign a name to the address. Pressing the “clear” button on the address selector form will clear the address data from this cookie.
It is only when you complete a form that requests personal information or email Andover Town Council that you can be identified. When completing forms you may be asked for a variety of personal information such as name, address, post code etc.
The Council also automatically receives and records information on server logs from your browser including your IP address and the page you requested.
Questions or suggestions:
You may write to Committee & GDPR Officer, Andover Town Council, 68b High Street, Andover, Hampshire, SP10 1NG to ask for a copy of your information. We will acknowledge your request and respond fully within forty days.