General Privacy Notice
What is GDPR and how does it affect Charlwood Parish Council?
The General Data Protection Regulation (GDPR) came into force on 25th May 2018. It is an important and complex piece of legislation that places particular responsibilities on Charlwood Parish Council as a public authority.
In order to conduct its business, services and duties, CPC processes a wide range of data, relating to its
own operations and some which it handles on behalf of partners. In this respect, CPC is the Data Controller for your data.
In broad terms, this data can be classified as:
• Data shared in the public arena about the services it offers, its mode of operations and other
information it is required to make available to the public.
• Confidential information and data not yet in the public arena such as ideas or policies that are being
• Confidential information about other organisations because of commercial sensitivity.
• Personal data concerning its current, past and potential employees, Councillors, and volunteers.
• Personal data concerning individuals who contact it for information, to access its services or facilities
or to make a complaint.
Exactly what is meant by 'Personal Data'?
Personal data is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). CPC takes the protection of your data seriously. Our aim is to provide a personalised and valuable service whilst safeguarding our users’ privacy. Collecting some or all of the following personal information is necessary to perform its tasks:
• Names, titles, and aliases, photographs
• Contact details such as telephone numbers, addresses, and email addresses
• Where they are relevant to the services provided by a council, or where you provide them to us, we may process information such as gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition, and dependants
• Where you pay for activities such as use of a council hall, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers
• The personal data we process may include sensitive or other special categories of personal data such as criminal convictions, racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received, political beliefs, trade union affiliation, genetic data, biometric data, data concerning and sexual life or orientation.
Sensitive personal data
• We may process sensitive personal data including, as appropriate:
- information about your physical or mental health or condition in order to monitor sick leave and take decisions on your fitness for work
- your racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation
- in order to comply with legal requirements and obligations to third parties
• These types of data are described in the GDPR as “Special categories of data” and require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data
• We may process special categories of personal data in the following circumstances:
- In limited circumstances, with your explicit written consent
- Where we need to carry out our legal obligations
- Where it is needed in the public interest
- Less commonly, we may process this type of personal data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public
Do we need your consent to process your sensitive personal data?
In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Visitors to this web site
When someone visits this website, we or the website administrators use a third party service, such as Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We and they do this to find out things such as the number of visitors to the various parts of the site. This information is only processed by us in a way which does not identify anyone. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We use a third party service to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to the site.
Links to other websites
This privacy notice does not cover the links within this site to other websites. We encourage you to read the privacy statements on the other websites you visit.
CPC will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioners Office. It will be as transparent as possible about its operations and will work closely
with the public, community and voluntary organisations. Therefore, in the case of all information which is not personal
or confidential, it will be prepared to make it available to partners and parishioners.
Details of information which is routinely available is contained in the Council’s Freedom of Information Publication Scheme which is based on the statutory model publication scheme for local councils.