Data Protection As of 25 May 2018, there are two new legislations that sets out how Dundee City Council handles and processes personal data about you. There are: General Data Protection Regulation (GDPR)Data Protection Act (DPA) (2018) Overview Dundee City Council is a Local Authority established under the Local Government etc. (Scotland) Act 1994. Our main offices are at City Square, Dundee, DD1 3BY. Data Controller Dundee City Council is data controller as it determines how your personal information will be processed. By law, data controllers must register with the UK Ombudsman for Data Protection, the Information Commissioner’s Office. Dundee City Council’s registration number: Z7211936 In order for us to provide services to you as a Local Authority, we need you to give us your personal information. To deliver our services, to meet our legal obligations and protect public funds we need to collect, store, use, share and dispose of personal information. This is known as data processing. We also use your information to verify your identity where required, contact you by post, email or telephone and to maintain our records. We also receive and share information with third parties. This can be with other public authorities or government departments, such as the police and court service, Audit Scotland, NHS Tayside, HM Revenues and Customs and the Department for Work and Pensions. However, it could also be with other local authorities, our contractors and from members of the public. Details of how this information is passed between us all is given in the specific privacy statements relating to functions where we routinely receive personal information from third parties. We collect different categories of personal information, depending on the service we provide to you. In most cases, we will need your name and contact details. Personal Information Personal information is also referred to as personal data and only relates to a living, identifiable individual or could be identified if combined with other information. Personal information about you is normally information that identifies you, such as: Name Address Phone number Date of Birth Bank Details Some data is called special category which is more sensitive, and we have to look after it more carefully. This includes details of: ethnic origin religious beliefs trade union membership health data biometric and genetic data (e.g. fingerprints, facial recognition, DNA) Retention of Personal Information We will not keep your information for any longer than it is needed, and will dispose of paper and electronic information in a secure way. The length of time we need to keep information will depend on the purpose for which it is collected. Our service-specific privacy notices give further information on how long we keep your information. Information Sharing To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf, or alongside us. The Council may also provide your personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under data protection legislation. Examples of organisations, we may share your personal information with: NHS Tayside Department for Work & Pensions HMRC Police Scotland Scottish Government (and related agencies) Ombudsmen (such as the Information Commissioner’s Office, The Care Inspectorate, etc.) Care providers and voluntary organisations For more information about who we share with and why, please see the section ‘Service Related Privacy Notices’. The Council only shares your information with partners or contractors who agree to protect your information. Data Matching The Council is legally required to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud, which we do through data matching. Audit Scotland is responsible for carrying out these types of data matching exercises. For more information, please visit their website. Data matching is where computer records held by one body are compared against other computer records, held by a different part of the same body, or those held by another organisation to see how far they match. Where a match is found it may indicate that there is an inconsistency that requires further investigation. Data matching exercises also helps bodies ensure that their records are up to date. Sharing information outwith the UKAlmost all personal data the Council uses is stored and processed in the UK. Some information may also be stored within the EU. If we need to transfer your personal information outwith these areas in relation to a particular activity, this will be explained in the service-specific privacy statements relating to that function along with a description of the protective measures we have put in place to keep it secure. Your Rights The data protection legislation provides the following rights for individuals: The right to be informed – you have right to be know about the collection and use of their personal data. We will do this through our service-specific notices The right of access – you can request to know what we hold on you by making a subject access request The right to rectification – you have the right to request that your information is rectified or changed if it is factually inaccurate or incomplete The right to erasure – you have the right to ask us to delete personal information where: you think that we no longer need to hold the information for the purposes for which it was originally obtained we are using that information with your consent and you have withdrawn your consent. Please note that in general we do not rely on consent as the legal basis for processing your personal information you have a genuine objection to our use of your personal information our use of your personal information is contrary to law or our other legal obligations. The right to restrict processing – you have the right to request that we restrict using your data in certain circumstances The right to data portability – you can request to have the information you have supplied the Council in certain circumstances The right to object – you have the right to object to us using your information for direct marketing purposes Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead. Data Protection Officer The Council must appoint a Data Protection Officer to make sure it is complying with data protection legislation. The Council’s Data Protection Officer is: Ian Smail, Information Governance ManagerCorporate ServicesDundee City Council21 City SquareDundee DD1 3BYEmail: email@example.comTel: 01382 434206 Complaints We aim to directly resolve all complaints about how we handle personal information. If your complaint is about how we have handled your personal information, you can contact the Council's Data Protection Officer by email at: firstname.lastname@example.org or by telephone on 01382 434206 However, you also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office, who can be contacted by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. By phone on 0303 123 1113 (local rate) or 01625 545 745. Visit their website for more information at- https://ico.org.uk/concerns. If your complaint is not about a data protection matter you can find details on how to make a complaint on our website at: https://my.dundeecity.gov.uk/en/service/Enquiry_Suggestion_Compliment_Co... This page was last updated on 28 May 2018.