Privacy Policy

Introduction

 

Plan Bodmin is the name of the Neighbourhood Development Plan for Bodmin town. We want you to feel assured that any information you give us is held securely and safely and will be used solely for the purposed of the consultation process for Plan Bodmin.

 

This policy outlines what data we collect, how we may use it and how we keep your data safe. 'We' or 'us' means Plan Bodmin, which is associated with Bodmin Town Council.

 

The Privacy Policy applies to all Bodmin Town Council employees, Councillors and contractors.  The Policy provides a framework within which the Town Council will ensure compliance with the requirements of the regulations and will underpin any operational procedures and activities connected with the implementation of the regulations.

 

Identity, Contact Details of the Controller and the Data Protection Officer 

 

Bodmin town council is the Data Controller and has a responsibility under the EU the General Data Protection Regulation (EU GDPR) and the UK Data Protection Act (DPA) 2018 to hold, obtain, record, use and store all personal data relating to an identifiable individual in a secure and confidential manner.  This Policy is a statement of what the Town Council does to ensure its compliance with these regulations.

 

Bodmin Town Council is the Data Controller and have an appointed Data Protection Officer whom can be contacted via email: DPO@bodmin.gov.uk

 

The data we gather

 

We process and hold information in order to provide public services. This notice explains how we use and share your information. Information may be collected on a paper or online form, by telephone, email or by a member of our staff, or one of our partners.

 

We record personal information if you:

 

  • subscribe to or apply for services that require personal information,

  • report a fault and give your contact details for us to respond,

  • contact us and leave your details for us to respond.

 

Why we collect information

 

We collect and hold information about you, in order to:

 

  • deliver public services

  • confirm your identity to provide some services

  • contact you by post, email or telephone

  • understand your needs to provide the services that you request

  • understand what we can do for you and inform you of other relevant services and benefits

  • obtain your opinion about our services

  • update your customer record

  • help us to build up a picture of how we are performing at delivering services

  • prevent and detect fraud and corruption in the use of public funds

  • allow us to undertake statutory functions efficiently and effectively

  • make sure we meet our statutory obligations.

 

 

 

Our Right to Process Information

 

We are permitted to process information under GDPR Article 6 (1) (a) (b) and (e) when:

 

  • Processing is with consent of the data subject, or

  • Processing is necessary for compliance with a legal obligation, or

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

 

How we use your information

 

We will only use any personal information you send us for the purposes for which you provide it. We will only hold your information for as long as necessary. All employees who have access to your personal data and are associated with the handling of that data are obliged to respect the confidentiality of your data. All your communications to us are protected against unauthorised access by third parties.

 

Bodmin Town Council tries to keep the information we have about you accurate and up to date. If, however, you find errors or inaccuracies in your data, we will erase, complete or amend that information upon request. Our contact details are below.

 

We will process your information for the following purposes:

 

  • for the service you requested, and to monitor and improve the council’s performance in responding to your request.

  • to allow us to be able to communicate and provide services and benefits appropriate to your needs.

  • to ensure that we meet our legal obligations.

  • where necessary for the law enforcement functions.

  • to prevent and detect fraud or crime.

  • To process relevant financial transactions including grants and payments for goods and services supplied to the Council

  • where necessary to protect individuals from harm or injury.

  • to allow the statistical analysis of data so we can plan the provision of services.

 

Recipients of the Personal Data

 

Only Bodmin Town Council who have an operational need to see your personal data will be allowed access to it.

 

We never sell your data. We may pass your personal data on to our service providers who are contracted to Bodmin Town Council and who may deal with you.

 

We may need to pass your information to other people and organisations that provide the service. These providers are obliged to keep your details securely and use them only to fulfil your request. If we wish to pass your sensitive or confidential information onto a third party, we will only do so once we have obtained your consent, unless we are legally required to do so. We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the GDPR and Data Protection Act.

 

Where we need to disclose sensitive or confidential information to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.

 

The following are categories of recipients that customer information could be transferred to: 

  • Data Centres – This is so we can store your data securely 

  • External IT Providers – To provide disaster recovery and back up services 

  • organisations that we contract/partner with to provide services on our behalf

  • Local Authorities

  • Law Enforcement - The prevention or detection of crime and fraud

  • Data Protection Authorities – To provide details of any compromises or data breaches

 

All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will not disclose your information to any of the relevant third parties listed above for marketing purposes.

Consultation Survey

This information is being gathered for the purpose of collecting samples of how the Community of Bodmin wish to see their Town and surrounding areas develop. Also, to understand the needs of the community and how they can be reflected in an overall Neighbourhood plan to ensure your voice is heard when development is being proposed in your area.

We would like to thank you for taking part in this survey, in order to allow us to use the information that you provide would you please tick the box to give consent for its use. The information provided will be kept for a period of six months to allow time for completion of the Neighbourhood plan document. The information will be managed in accordance with Bodmin Town Council GDPR and privacy policy. The information will not be distributed to third parties and will only be used for the purpose set out within the introduction.

 

Details of Transfers to Third Countries and Safeguards

 

Bodmin Town Council cares to ensure the security of personal data. We make sure that your information is protected from unauthorised access, loss, manipulation, falsification, destruction or unauthorised disclosure. This is done through appropriate technical measures and appropriate policies. All staff and Councillors must ensure that information relating to identifiable individuals is kept secure and confidential at all times. 

 

Bodmin Town Council has one information system that requires them to transfer personally identifiable information to a third party located in a third country, e.g. USA, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred. This is applicable to the MailChimp Marketing Platform. Aside from this, we ensure that all other personally identifiable information held on our customers and employees remains within the European Economic Area (EEA).

 

Retention Period

 

We retain your personal information for as long as it is reasonably necessary for the purpose of our relationship, for as long as we are legally obliged or until you object to us processing your data or withdraw your consent to us doing so. 

 

Children

 

We will not process any data relating to a child (under 13) without the express parental/ guardian consent of the child concerned.

 

Rights of Data Subjects

 

The Data Subject has the following rights:

 

  1. Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.

  2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.

  3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.

  4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.

  5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.

  6. Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.

  7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.

  8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.

  9. Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled, please contact us.

  10. Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages. The relevant Data Protection Supervisory Authority where the complaint should be made is the one that is competent for your place of residence or your state or to the supervisory authority which is competent for us - this is: 

 

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

United Kingdom 

 

Telephone: 01625 545 700
Website: https://ico.org.uk/

 

When you have lodged a complaint, the Data Protection Supervisory Authority will inform you of the progress and outcome of the complaint.

 

  1. Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

 

You can exercise these rights at any time by contacting our Data Privacy Officer:

 

Data Protection Officer

Bodmin Town Council

Shire Hall,

Mount Folly,

Bodmin

PL31 2DQ

 

DPO@bodmin.gov.uk

 

Cookies

 

We do not use cookies on our website.

 

Notification of Changes to Policy

 

If we decide to change our privacy policy, we will post details of any changes on our home page. This will help ensure that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we share it with other parties.

 

If you have any concerns, questions or comments please contact the Data Protection Officer using the contact details shown on the left of this page.