This privacy notice explains how Ards and North Down Borough Council, (as a Data Controller), collects, uses and protects personal data that it holds.
Your personal data - what is it?
Personal data is any data that identifies or relates to a living individual. Identification can be through the information alone or in conjunction with any other information in the Council’s possession or likely to come into its possession. The processing of personal data is governed by the General Data Protection Regulation (the GDPR) 2016 and the Data Protection Act (DPA) 2018 and the principles set out in them.
Who are we?
Ards and North Down Borough Council is the data controller for the purposes of this notice. This means it decides how your personal data is processed and for what purposes. More information about Council services can be found on this website.
How does the Council process your personal data?
The Council complies with its obligations under the GDPR, and the principles of the DPA, by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA and GDPR, the Council has a legal duty to protect any personal data it collects. It will take all reasonable steps, including using technologies, to safeguard your data and keep strict security standards to prevent any unauthorised access to it.
What is the legal basis for processing your personal data?
The purposes for which the Council is processing your personal data will determine the legal basis for processing. Generally, the legal basis for processing by the Council as a public authority will be:
To perform a function or provide a service required by statute (Article 6 (1) (e) GDPR);
To comply with a legal obligation (Article 6 (1) (C) GDPR);
Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 1(b) GDPR);
Where disclosure is in the vital interests of yourself or another person (Article 6 (1) (d) GDPR);
With your explicit consent (Articles 6 (1) (a) and 9 (2) (a) GDPR).
In addition, the Council may process your personal information where it is in your legitimate interests, however, this does not apply where the processing relates to the Council’s statutory functions.
Where the purpose for processing your personal data has changed, you will be contacted and you will, where applicable, be advised at the point of collection or within one month of the Council receiving information, of the legal basis for the processing of your personal information.
In certain circumstances you may be able to withdraw your consent to processing. Please contact the Council’s Data Protection Officer (contact details provided below), who will explain if your consent can or cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which your personal data was originally obtained, and the use to which it is to be put, it may be shared with other organisations. Personal data may be shared, where necessary, with other organisations that provide services on our behalf, for example, contractors who print and post events brochures or e-marketing system providers.
In such cases, the personal data provided to that party is only the minimum necessary to enable them to provide services to you.
In most cases the Council will not disclose your personal data without your consent, however there may be statutory or regulatory circumstances when your consent is not required.
How long do we keep your personal data?
The Council will only keep your personal data for as long as is necessary and for the purpose for which it is being processed, unless there is a legitimate reason for keeping it longer, for example, any legal requirement to keep data for a set time period. Where the Council does not need to continue to process your personal data, it will be securely destroyed, in line with the Council’s Retention & Disposal Schedule.
Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
to request a copy of the personal data which is held about you;
to request that the Council corrects any personal data if it is found to be inaccurate or out of date;
to request that your personal data be erased where it is no longer necessary for the Council to retain such data;
to withdraw your consent to the processing;
to request that the Council provides you with your personal data or ask that it be forwarded directly to another controller;
to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
to object to the processing of personal data (where applicable);
to lodge a complaint with the ICO.
You can access the personal information that is held about you by submitting a Subject Access Request (SAR) to the Council. This request must be in writing and clearly specify the information you require and be made to the Data Protection Officer (contact details below).
Complaints or queries
The Council will strive to meet the highest data governance standards when collecting and using personal information. For this reason, it takes any complaint about this very seriously.
The Council encourages people to contact it if they think that the collection or use of information is unfair, misleading or inappropriate.
If you have any concerns, questions or comments please email the Council’s Data Protection Officer: firstname.lastname@example.org
If you are unhappy with the way in which the Data Protection Officer has dealt with matters, then you may request that the handling of the matter be reviewed by the Director of Organisational Development & Administration.
If you are unhappy with the outcome of that review process, you can contact the Information Commissioner’s Office (ICO) at:
ICO Office Northern Ireland 3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114