This statement covers the treatment of personally identifiable information that Mansfield District Council collects when you are visiting our website.
Privacy Statement (May 2018)
Mansfield District Council is registered as a data controller with the Information Commissioner's Office (registration number: Z7131075).
Mansfield District Council is committed to protecting your privacy when you use our services. This privacy notice tells you what to expect when the Council collects personal information. It also explains when and why we collect this information, how we use it, the conditions under which we may disclose it to others, how we keep it secure and what rights you have in relation to the data we hold about you.
If you have enquires about this privacy statement or about use of your personal data, you can contact the County Council's Data Protection Officer (DPO) at:
Data Protection Officer
Mansfield District Council
Chesterfield Road South
What is the purpose of this privacy statement?
This privacy statement tells you what to expect when Mansfield District Council collects personal data. It applies to information we collect about:
- Visitors to our website
- People who register for an on-line account
- People who register for and use our services
- People who are referred to us by other persons, agencies, organisations
- People who contact us with an enquiry or complaint
- Job applicants and our current and former employees
- People who participate in publicity for the Council
- People who are recorded on CCTV operated by the Council
What is personal data?
Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual). The following types of personal data may be used:
- Personal contact details such as name, address, phone number, etc.
- Personal identifiers such as an NHS number
- Visual images, personal appearance and behaviour
- Personal or professional opinions about an individual
- Family details
- Housing needs
- Lifestyle and social circumstances
- Pension or financial activity records
- Offences (including alleged offences)
There are 2 classes of personal data - "normal" personal data, as shown above and "special categories" of personal data. Some information is 'special' and needs more protection due to its sensitivity. It's often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- Racial or Ethnic Origin
- Religious or philosophical beliefs
- Trade Union membership
- Physical or Mental Health
- Genetic or biometric data for the purpose of uniquely identifying a natural person
- Sexual life or orientation
- Political opinions
Where "normal" personal data is involved, the basis for processing under the GDPR would normally be Public Task. However, there are other bases available as necessary.
Where "special categories" of personal data are involved, then more rigorous procedures are necessary and:
- Explicit consent of the person concerned must be obtained; or
- One of the conditions in schedule 1 of the Data Protection Act 2018. For example, conditions relating to the employment or the substantial public interest conditions, must be satisfied.
How you can contact us
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, at DPO@mansfield.gov.uk
Notification of Change of Privacy Notice
We may modify this privacy notice at any time, but if we do so, we will notify you by publishing the changes on the www.mansfield.gov.uk website. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email. If, after being informed of these changes, you do not end your association with Mansfield District Council, you will be considered as having expressly consented to the changes in our privacy notice. If you disagree with the terms of this notice, or any updated version of this notice, you may exercise your rights to end your association with Mansfield District Council, at any time. This notice was last updated in May 2018.
How do we collect and use your personal information
Why do we collect your information?
We obtain information about you when you are registered within the district, for example, when you register to pay Council Tax, when you register for Council services or when you apply for services for example, applying for a Council property or to receive benefits etc.
Why do we need your personal information?
We may need to use some information about you to:
- Deliver services and support to you;
- Manage those service we provide to you;
- Train and manage the employment of our workers who deliver those services;
- Help investigate any worries or complaints you have about your services;
- Keep track of spending on services;
- To undertake public tasks;
- To uphold legal rights and obligations
- Check the quality of services; and
- To help with research and planning of new services.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- You, or your legal representative, have given consent
- You have entered into a contract with us
- It is necessary to perform our statutory duties
- It is necessary to perform our public tasks
- It is necessary to perform our Legal Obligations
- It is necessary to protect someone in an emergency
- It is required by law
- It is necessary for employment purposes
- You have made your information publicly available
- It is necessary for legal cases
- It is to the benefit of society as a whole
- It is necessary to protect public health
- It is necessary for archiving, research, or statistical purposes
If we have consent to use your personal information, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact DPO@mansfield.gov.uk and tell us which service you're using so we can deal with your request.
If you would like more information about the basis on which personal data is processed, please visit - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
We only use what we need!
Where we can, we only collect and use personal information to meet the obligations set out above.
If we don't need personal information we'll either keep you anonymous if we already have it for something else or we won't ask you for it. For example in a survey we may not need your contact details we'll only collect your survey responses.
If we use your personal information for research and analysis, we'll always keep you anonymous or use a different name unless you've agreed that your personal information can be used for that research.
We don't sell your personal information to anyone else.
What rights do you have in relation to your personal data?
You have a number of rights in relation to your personal data. Please note that not all rights are automatic and some may not be available in certain circumstances where a lawful exception applies. For instance, this could be because a copy of your personal data may need to be kept or used for the purposes of complying with a legal obligation, for use in legal proceedings, for prevention or detection of crime or for a monitoring officer investigation, etc.
|Right to find out about the personal data we hold about you and access a copy of it (personal information request)
||This applies to both paper and electronic records. You can ask us whether we hold your personal data and you can request a copy of the information we hold. Requests should be in writing. If you are unable to ask for your records in writing we will make sure there are other ways you can. Please see Requests for Information Charging policy August 2014
||Some of the information requested may be exempt from disclosure. This could be because it relates to another individual, it is subject to legal professional privilege, its disclosure would result in serious harm to someone, it may stop us preventing or detecting a crime or another lawful exception applies.
|Right to withdraw your consent
If you have provided us with consent for use of your data, for instance, marketing purposes, you have the right to withdraw your consent to stop the further use of your data for that purpose.
The right to withdraw your consent will only affect future use of your data. It will not affect the validity of any pre-existing use.
|This right is not available where your data can be used without your consent, for instance, where we are under a legal obligation to use your information or another lawful exception applies.
|Right to raise a concern or enquiry about use of your personal data
||For enquiries, please see our Freedom of information page. To make a complaint about how your personal data is being managed, please contact the Data Protection Officer at DPO@mansfield.gov.uk
|Right to contact the Information Commissioner's Office
||For independent advice about data protection, privacy and data sharing issues, or if you are dissatisfied with how we have handled a complaint about use of your data, you can write to the Information Commissioner's Office at the following address:
Or email: firstname.lastname@example.org
|Right to rectification of your personal data
||You may ask for your personal information to be corrected if information we hold is inaccurate or for incomplete information to be completed.
We may not always be able to change or remove that information but we'll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
This right may not be available in limited circumstances where a lawful exception applies.
|Right to erasure of your personal data (right to be forgotten)
||You can request that some or all of your data be erased where:
- We have no further legitimate use for it
- The law requires its deletion
- Where your personal information is no longer needed for the reason why it was collected in the first place
- Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
|This right is not available where a lawful exception applies or where the retention of the data is necessary for:
- Public health purposes, public interest, archiving, or research/statistical purposes
- Where your personal information has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
|Right to restriction of use of your personal data
||You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it
- we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
- it is not used in a certain way while we consider any concerns you have about its accuracy
- It is not used in a certain way while we consider any objections you have raised about our use of your data for our public functions
When information is restricted it can't be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it's for important public interests of the UK.
Where restriction of use has been granted, we'll inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we'll seek to comply with your request, but we may need to hold or use information because we are required to by law.
This right is not available where a lawful exception applies or in respect of data being used for:
The protection of the rights of another person, or, reasons of important public interest.
|Right to object to the use of your personal data
You can object to use of your data:
- for direct marketing purposes;
- for service delivery purposes except to the extent that we have an overriding legitimate reason for use of your data or are you using your data for a legal claim;
- for research you have consented to take part in.
|This right may not be available in limited circumstances where a lawful exception applies.
|Right to ask for an automated decision to be reconsidered by a human
Where we notify you that a significant decision has been taken about you without any human input, you can request that:
- We reconsider the decision, or take a new decision that is not taken solely by automated means.
This right is not available in respect of data being used on the basis of:
- your explicit consent for the purposes of a contract that you have entered into with us
You can ask to have your information moved to another provider (data portability)
It's likely that data portability won't apply to most of the services you receive from the Council.
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we're using your personal information with consent (not if we're required to by law) and if decisions were made by a computer and not a human being.
You can ask to have any computer made decisions explained to you, and details of how we may have 'risk profiled' you.
You also have the right to object if you are being 'profiled'. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when Mansfield District Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who'll be able to advise you about how we using your information.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.
We'll complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
We may also share your personal information when we feel there's a good reason that's more important than protecting your privacy. This doesn't happen often, but when we need to share your information, it will be because one of the exemptions in the Data Protection Act 2018 applies. For example:
- For the purpose of prevention and detection of crime
- Apprehension or prosecution of offenders
- Assessment and collection of tax etc.
- Information required to be disclosed by law. E.g. if the court orders that we provide the information
- Functions designed to protect the public
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we'll make sure that we record what information we share and our reasons for doing so.
How we record what personal data we hold
Please see our Information Asset Register for details of what information we hold, the basis for processing the information, how long we keep your data and who we may share it with and why. The register is divided into service areas enabling you to search it more easily.
How do we protect your information?
We'll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we'll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what's called a 'cypher'. The hidden information is said to then be 'encrypted'
- Pseudonymisation, meaning that we'll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Where in the world is your information
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it's stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We'll take all practical steps to make sure your personal information is not sent to a country that is not seen as 'safe' either by the UK or EU Governments.
If we need to send your information to an 'unsafe' location we'll always seek advice from the Information Commissioner first.
How long do we keep your personal information?
There's often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule
For each service the schedule lists how long your information may be kept for.
How you can use this website
We use Google Analytics to collect information about how people use this site. We do this to make sure it's meeting peoples' needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are.
We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.
Unless the law allows us to, we do not:
- share any of the data we collect about you with others, or
- use this data to identify individuals
Your Credit or Debit Card Information
If you use your credit or debit card to make payments, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard, and don't store the details on our website or databases.
We have various methods and payment providers, our corporate Payment Card Industry payments solution(s) are provided by Capita. Capita are a validated PCI payments system supplier.
Where can I get advice and more information?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at DPO@mansfield.gov.uk or by calling 01623 463463.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Or email email@example.com
Further guidance on the use of personal information can be found at ico.org.uk