| Title of Process |
Corporate Enquires |
Why does the
Council process
personal data? |
We will only use your personal information when the law allows us or requires us to. Most commonly, we will use your personal information in the following circumstances:
1. We have been given responsibility and duties by law and we need to use personal information to comply with those
obligations.
2. We have been given an important function or job by law and need to use personal information to fulfil that function.
3. Where it is necessary for our legitimate interests (or those of a
third party) and your interests and fundamental rights do not
override those interests.
4. When we have your consent to do so.
5. Where we need to protect your interests (or someone else's
interests).
Some personal information has been given higher protection, this is called Special Category Information, we will only use that category of information when we have additional reasons. Most commonly this will be because:
1. There is a substantial public interest in us fulfilling our legal
duties and responsibilities
2. We need to comply with social security law
3. Where we need to protect your interests (or someone else’s interests) and that person is not able to give consent
4. We will also only process this type of information for archiving
or undertaking scientific or other research when we know we have appropriate protections in place. |
| |
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to
ensure that your personal information is not disclosed to any person
who has no right to receive it.
We have a process that allows you to challenge any decision we make about your data and you can also contact the ICO. We can provide details about this if you ask us and it is also available from Stirling Council Record and Compliance team, on request.
|
| |
We do not transfer the personal information we collect about you outside the European Economic Area without your consent, except where we ensure that your personal information will receive an adequate level of protection by putting in place appropriate measures to ensure that your personal information is treated by those third
parties in a way that is consistent with and which respects the EU and
UK laws on data protection. |
What personal data
is used? |
We monitor and assess all the work we do to improve the quality of
our work and to help us know when we need to put training in place. |
| |
When you give us information about your background to help us
understand who is using our services and what their needs are (this is
often called equalities monitoring information), we will collect the
information you give us to understand and improve our service. We do not collect any personal information such as your name or other
information that could identify you with this data. |
| |
Here are some examples of the types of information we may hold
and use when looking at a complaint:
When we are looking at a complaint we will normally let you know
what types of information we are asking for and why. For example
this may include:
your name
your contact details
details of anyone you have chosen to represent you
your relationship to other people who are mentioned in the
complaint
information you have told us about our needs to help us make
our service accessible
previous correspondence with Stirling Council
notes the Council holds about the complaint or previous,
related enquiries or complaints.
information about other people which we need to make a
decision
information held by other parts of the service which we need
to make a decision.
Special Category Information
Some of the information we collect may be what the data protection law
calls “special categories” of information. Special Categories include
information about someone’s:
race
ethnic origin
politics
religion
trade union membership
genetics
biometrics (where used for ID purposes)
health
sex life
sexual orientation.
Sometimes we will need information in these categories to look at
complaints or review decisions. We will only process this type of
information if it is relevant to the decision we need to make.
We ask people to share some of this information with us to help us
monitor our service and meet our commitments on equality.
|
What makes it lawful
for the Council to
process this personal data? |
How do we keep your information safe?
Data Protection law protects your information. There are rules in our
legislation which add additional legal protections by:
limiting when we can share information; and,
ensuring if information is made public we are not allowed to include names.
We also take steps to protect the information given to us.
we have put in place appropriate security measures to prevent
your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Additionally, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality;
we have put in place procedures to deal with any suspected
data security breach and will notify you and any applicable
regulator of a suspected breach where we are legally required
to do so; and,
third parties will only process your personal information on our
instructions and where they have agreed to treat the information confidentially and to keep it secure.
We can provide more details of these measures and procedures if you
ask for them and they are also available on our website. Stirling Council
Record’s and Compliance Team offer support and advice to internal and
external customers.
Keeping Special categories of data safe
We take additional steps to protect special categories of data. We
clearly identify when we hold special category data and have set out
specific procedures for ensuring this is held securely and only held for
as long as we need to.
When we collect information about you for the purposes of equalities
monitoring this is stored in a way that means it can never be traced back
to an individual.
When we collect information held by social work or about your health we will normally contact you about this before doing so.
|
| |
What are your rights?
You have the right to:
know when we are processing your data;
see the data we process about you;
correct any information;
object to processing;
ask for the information to be destroyed; and
withdraw consent where this has been provided.
Unless there are legal reasons which mean we can't do this.
You always have the right to lodge a complaint with the Information Commissioner's Office (ICO).
We respect these rights. If you have any concerns about our handling of your personal information, please let us know.
|
Where does the
Council obtain
personal data from? |
When you respond to any customer surveys we will collect and analyse the responses you give us to help us improve our service. We will not process any data that is included in any response to a survey that could identify an individual. Personal information will be destroyed as soon as we become aware of it. We may use third party services such as Survey Monkey. Their privacy notice is available on their website (link is external)
When do we collect your personal data?
We collect information that you give to us when you contact us and we
also collect information we need to allow us to undertake complaints
investigations. We collect information when:
you contact us to seek advice;
you bring a complaint to us;
we are looking at a complaint and need more information to make a decision;
you ask us to change any decision we’ve made;
we are asked to investigate services within Stirling Council on
your behalf who may hold data about you (housing, council tax etc.);
you use our website;
you respond to any surveys or attempts the Council makes to gather customer feedback regarding one of our services;
you give us information about your background to help us
understand who is coming to us and what their needs are (this
is often called equalities monitoring information);
you visit our office and we use our CCTV to store information for security;
you have made an information request to us. |
| |
When you visit our office and we use our CCTV to store information for security we will collect your image and the time you visited our office. This information is only accessed if we identify a security issue. Otherwise it is destroyed without anyone accessing it. |
| |
When you use our websites we collect information to help us
understand how our website is being used. We also use cookies to help make our website easier to use by
Enabling a service to recognise your device so you don’t have to give the same information during one task, for example to remember the information you entered on the first page of a multi-page form.
Remembering settings so you don’t have to re-enter them every time you visit a new page.
Measuring how many people are using the website and how they navigate the website, so that we can identify ways to make it easier to use and make sure that there is enough capacity for the website to perform well and respond quickly.
Our cookies aren’t used to identify you personally. They’re just here to
make the site work better for you. Indeed, you can manage and/or delete these small files as you wish. We provide more information about our cookies, how they are used and how long they are stored for directly on each website. |
| |
When you identify a family member/carer/advocate you would like us to liaise with as part of your enquiry/complaint we will collect your contact details and will use them when we need to contact you for updates or outcomes. |
| |
When you make an information request to us we need information
from you to respond to you and to locate the information you are looking for. This enables us to comply with our legal obligations. We will consult with any third parties we may have received the information being requested for their views on disclosure. |
Where does the
Council keep
personal data? |
At the initial point of receiving the data, often the data will be recorded
onto a notepad or into an electronic document and then recorded in the
Council’s electronic management system.
The data will always be sent to the relevant service/officer for their
attention and action to ensure a full response and investigation can be
carried out.
Any enquiries or request/complaint or enquiries received by customers, Elected Member(s), or MP/MSP will be electronically stored in electronic management system. |
How long does the
Council keep personal data? |
We will only retain your personal information for as long as necessary
to fulfil the purposes we collected it for. This includes for the purposes
of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the
potential risk of harm from unauthorised use or disclosure of your
personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. |
Who does the
Council share
personal data with? |
When you complain to the Scottish Public Services Ombudsman
about our service to you, we will share information with them about our
service in order to let them come to a decision |
| |
When we compile statistics and undertake research and analysis.
There may be public interest reasons for undertaking this work and whenever possible information is completely anonymised for these
purposes. |
| |
When do we share information with others?
We need to share information with others at times to share
benchmarking information to the Ombudsman relating to Stirling Council’s compliance with the complaints procedures:
Considering and investigating complaints
Compliance with the complaints procedures
Sharing best practice and monitoring complaints handling by
others
Reporting about our work to the Scottish Public Service
Ombudsman and the public
|
| |
The law says we need to share information:
receive comments about that information that we need to
make a decision;
receive expert advice from someone;
obtain a translation or provide a translation of information;
obtain further information we need to make a decision;
with your permission, provide independent advocacy support
|
| |
When that information shows there may be a risk to someone’s health
or safety or a complaint raising concerns relating to vulnerable children or adults.
|
| |
When that information is important to Stirling Council to ensure we are
compliant with our legal responsibilities to report. Those organisations
are named by law and the law also names the reasons we can share
information with them they include:
Audit Scotland (for purposes relating to audit);
The Care Inspectorate (for purposes relating to their role as a
regulator of care services);
The Scottish Social Services Council (for purposes relating to
their role as the registrar for care workers);
The Scottish Information Commissioner (for purposes relating
to their role as regulator for Freedom of Information);
The Information Commissioner (for purposes relating to their
role as the regulator for Data Protection);
Other UK Local Authorities (when the issue may be a cross�border issue);
The Scottish Public Services Ombudsman (when the complaint
has been escalated by customer for external scrutiny).
If a court or a law tells us we need to release information. |
| |
We sometimes use third parties to provide us with services and they may need to process information to do so. This may include people or
organisations who provide us with:
IT services;
legal services;
Professional advisers and consultants;
courier and secure shredding services;
survey management and processing services. |
| |
The right to access your information
You will not have to pay a fee to access your personal information (or
to exercise any of the other rights). However, we may charge a
reasonable fee if your request for access is clearly unfounded or
excessive. Alternatively, we may refuse to comply with the request in such circumstances. |
Who do I contact
about my personal
data? |
The Council has a Data Protection Officer to make sure it is complying
with data protection laws.
They can be contacted at:
Data Protection Officer, Stirling Council, Teith House, Kerse Road,
Stirling FK7 7QA
Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040 |