Privacy Notice for Data Protection Rights and Breaches

What do we use the information for?

The information governance and feedback team collects, processes and holds your personal data to:

  • Respond to requests made under access to information legislation under the Data Protection Act 2018 (including requests for access, erasure, rectification and objection)
  • Investigate concerns about the council’s handling of personal information
  • Investigate and take action on information security incidents including data breaches that include personal data
  • Develop Information Governance policies, guidance and training for the council and its partners
  • Provide information governance advice and support to council departments, including development of Data Protection Impact Assessments (DPIAs)
  • Oversee the council’s compliance with Local Government Transparency requirements, including the publication of the personal data of certain staff
  • Deliver traded information governance services to local organisations.

The information governance and feedback team also process your personal data in order to respond to requests for disclosure for the following reasons:

  • For the prevention or detection of crime
  • For the apprehension or prosecution of offenders
  • For the assessment or collection of a tax or duty
  • Where disclosure is required by law
  • In connection with legal proceedings.

We use information to improve our services so that they are more appropriate to people’s requirements.  We recognise that your personal information is important to you, and we take our responsibilities for ensuring that we collect and manage it proportionately, correctly and safely very seriously.

What information do we hold and use? 

We collect and process the following information:

  • Personal information (including full name, date of birth, address and contact details) 
  • Details of your request or concerns, including allegations against council employees
  • Any details within council records or data systems which may have been affected by a data breach, are the subject of a data protection complaint or that are being considered for disclosure.

On what grounds do we use the information?

The Information Governance and Feedback team collect and lawfully process your personal information under the following:

  • Data Protection Act 2018
We collect and process personal data for the following reasons:
  • GDPR Article 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific reasons
  • GDPR Article 6(1)(c) - processing is necessary for compliance with a legal obligation to which the controller is subject
  • GDPR Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest.
We process special category data for the following reason:
  • GDPR Article 9(2)(g) - processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

How do we collect this information?

We may collect information in the following ways:

  • Face to face
  • Telephone
  • E-mail
  • Letter.

Who do we share your information with?

We share relevant information internally with all other departments within the Council to enable investigations to be carried out and requests to be fulfilled.

We may disclose your information to others, but only where this is necessary either to comply with our legal obligations or as permitted by Data Protection legislation.  We may share it externally with the following:

  • Police
  • HM Revenue & Customs
  • Department for Work & Pensions
  • Information Commissioners Office (ICO).

We will keep your personal information safe and confidential but it may be shared where:

  • It is required by law
  • Any person may be at risk of harm if the information is not shared
  • The interests in favour of disclosure outweigh any privacy impacts on individuals
  • It is necessary to for legitimate interests of another party, for example law enforcement purposes or in connection with legal proceedings.

How long do we store it and is it secure?

The information governance and feedback team have a retention schedule in place to ensure that information is only held for as long as it is needed. We will not keep your information for longer than is required to by law.  Your information will be disposed of in a controlled and secure manner in accordance with the council’s Records Management and Data Quality Policy. The council’s IT security and confidentiality policies ensure that your information is protected, and accessed only by staff directly involved in providing you with a service.  

For information on how long your information will be held, visit the retention page.

What rights do you have?

The rights that you have depend on the grounds upon which we collected your information.  All of the rights you could have are outlined on the data protection rights page. 

In most cases, people will have the following rights:

  • The right of access – you are entitled to see the information that we hold about you
  • The right to rectification – we will amend information accordingly, if any information the service holds about you is incorrect
  • The right to restrict processing – you may wish to limit how we use your data
  • The right to object – in addition to the right to limit the use of your data, you also have a right to object to the use of you data for certain actions
  • The right to erasure/ right to be forgotten - in certain circumstances, you may be able to ask for some of the information we hold to be deleted. The service has determined that all requests to permanently delete a service user record will be dealt with on an individual basis.

To exercise any of your above rights, please contact data.protection@eastriding.gov.uk

Where can I find out more?

If you would like to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concerns with us in the first instance; contact details are available on the general privacy information page. Alternatively, you can contact the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest and they handle public concerns regarding organisations information rights practices. 

Information Commissioner’s Office (external website)

When was this privacy notice last updated?

We will continually review and update this privacy notice to reflect any changes in our services, feedback from customers, and to comply with any changes in the law. This privacy notice was last updated on 27 January 2021.

Stay connected

Sign up for the latest news and updates from East Riding of Yorkshire Council.

We will use GovDelivery to send you emails, it is secure and you can choose to stop receiving emails at any time. Find out more in our Privacy notice.