This privacy notice explains how Ards and North Down Borough Council, (as a Data Controller), collects, uses and protects personal data that it holds.
Personal data is any data that identifies or relates to a living individual. Identification can be through the information alone or in conjunction with any other information in the Council’s possession or likely to come into its possession. The processing of personal data is governed by the General Data Protection Regulation (the GDPR) 2016 and the Data Protection Act (DPA) 2018 and the principles set out in them.
Ards and North Down Borough Council is the data controller for the purposes of this notice. This means it decides how your personal data is processed and for what purposes. More information about Council services can be found on this website.
The Council complies with its obligations under the GDPR, and the principles of the DPA, by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA and GDPR, the Council has a legal duty to protect any personal data it collects. It will take all reasonable steps, including using technologies, to safeguard your data and keep strict security standards to prevent any unauthorised access to it.
The purposes for which the Council is processing your personal data will determine the legal basis for processing. Generally, the legal basis for processing by the Council as a public authority will be:
In addition, the Council may process your personal information where it is in your legitimate interests, however, this does not apply where the processing relates to the Council’s statutory functions.
Where the purpose for processing your personal data has changed, you will be contacted and you will, where applicable, be advised at the point of collection or within one month of the Council receiving information, of the legal basis for the processing of your personal information.
In certain circumstances you may be able to withdraw your consent to processing. Please contact the Council’s Data Protection Officer (contact details provided below), who will explain if your consent can or cannot be withdrawn.
Depending on the purpose for which your personal data was originally obtained, and the use to which it is to be put, it may be shared with other organisations. Personal data may be shared, where necessary, with other organisations that provide services on our behalf, for example, contractors who print and post events brochures.
In such cases, the personal data provided to that party is only the minimum necessary to enable them to provide services to you.
In most cases the Council will not disclose your personal data without your consent, however there may be statutory or regulatory circumstances when your consent is not required.
The Council will only keep your personal data for as long as is necessary and for the purpose for which it is being processed, unless there is a legitimate reason for keeping it longer, for example, any legal requirement to keep data for a set time period. Where the Council does not need to continue to process your personal data, it will be securely destroyed, in line with the Council’s Retention & Disposal Schedule.
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
You can access the personal information that is held about you by submitting a Subject Access Request (SAR) to the Council. This request must be in writing and clearly specify the information you require and be made to the Data Protection Officer (contact details below).
The Council will strive to meet the highest data governance standards when collecting and using personal information. For this reason, it takes any complaint about this very seriously.
The Council encourages people to contact it if they think that the collection or use of information is unfair, misleading or inappropriate.
If you have any concerns, questions or comments please email the Council’s Data Protection Officer: dataprotection@ardsandnorthdown.gov.uk
If you are unhappy with the way in which the Data Protection Officer has dealt with matters, then you may request that the handling of the matter be reviewed by the Director of Organisational Development & Administration.
If you are unhappy with the outcome of that review process you can contact the Information Commissioner’s Office (ICO) at:
ICO Office Northern Ireland 3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114
Email: ni@ico.org.uk
For information on how the Planning section look after your personal data please refer to the their section of the website.
The Council will use Mailchimp to send you invitations to attend events or to register for training workshops. This means that your name and email address will be stored on, and transferred to, servers in the USA. The MailChimp service is covered by both the EU-US and Swiss-US Privacy Shield regimes and is used widely by other UK based organisations. You can read more about Mailchimp’s privacy measures at: https://mailchimp.com/legal/privacy/ or contact dataprotection@ardsandnorthdown.gov.uk.