Our Commitment to you
South Oxfordshire District Council understands the importance of ensuring that personal data, including sensitive personal data, is always treated lawfully and appropriately and that the rights of individuals are upheld.
We are required to collect, use and hold personal data about individuals to fulfil our statutory obligations, delivering services and meeting the needs of individuals that we deal with. This includes current, past and prospective employees, service users, members of the public, councillors, our contractors and partners and other local authorities or public bodies. Some personal data will appear on file records, which by law we are required to keep and make publicly available.
In order to comply with the requirements of the current Data Protection legislation we will ensure that:
The council has two registrations:
Data controller name: South Oxfordshire District Council Registration number: Z6629204
Data controller name: Electoral Registration Officer for South Oxfordshire District Council Registration number: Z6605488
Clicking on the above reference numbers starting with a ‘Z’ will connect you to the Information Commissioner’s Office on-line register where you can inspect the council’s entries.
Meeting our Policy’s Objectives
In order to meet the objectives that are listed above we need to ensure that the following are always considered and that appropriate controls and procedures are in place to ensure compliance with the Data Protection Act 2018.
Collecting and Processing Personal Data
When we collect personal data we will ensure that where required, we make individuals aware that their information is being collected, the purpose for collecting the data specified, and whether it will be shared with any third parties. This will be done through the use of privacy notices. Typically these will be included in the forms you complete to receive our services.
A Register of Processing Activity or ROPA will be maintained by the Data Protection Officer identifying:
Personal data will not be shared with a third party organisation without a valid business reason and where required we will notify individuals that the sharing will take place in the form of a privacy notice. If any new purposes for the data sharing are to take place, we will seek consent from the individuals concerned.
When personal data is to be shared regularly with a third party, a Data Sharing Agreement must be implemented.
Any data sharing will also take into consideration:
Data subjects rights
The current data legislation provides the following rights for individuals:
Many of these do not apply in certain circumstances, primarily where the council have a statutory duty to have your personal data or we are carrying out a public task. For more information on this please see the Information Commissioner’s Office website.
Compliance with this Policy
Implementation of this policy will be led by our Data Protection Officer.
Any questions or concerns about this policy should be taken up with our Data Protection Officer.
When and why we may need to share your personal data
We may sometimes need to share your personal data for a number of reasons. Our registration with the Information Commissioner’s Office lists of the purposes for which we may share personal information with partner bodies and agencies.
This information explains further about when and why we may need to share personal data with others
Preventing and detecting Fraud
The council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
By sharing information securely and effectively we will:
You will always have the right to opt out of any data sharing initiatives where no statutory requirement exists.
Your personal data will not be used for any sale or marketing purposes and we will not pass your information onto third parties unless we have your consent to do so or we are required by law to do so (e.g. fraud or crime purposes).
If you have any questions about any of the above please contact our Data Protection Officer.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under current data protection legislation.
Data matching by the Cabinet Office is subject to a code of practice.
The Cabinet Office may be contacted should you require further information on the legal powers and the reasons why it matches particular information. You can find their contact details on the NFI website.
If you would like to know more about how we use and store your data, please see our webpage www.southoxon.gov.uk/about-us/contact-us/requesting-information/data-protection.
If you believe we have not handled your personal data as we have described here, please either call 01235 422485 or contact us by email to firstname.lastname@example.org and your concerns will be fully investigated. If, after we have investigated your concerns, you are not satisfied with our conclusion, you have the right to refer the matter to the Information Commissioner’s Office (ICO). You can reach them through this link to their website or call them on 0303 123 1113. Their mailing address is:
Information Commissioner’s Office
The council’s Data Protection Officer is Adrianna Partridge and she can be contacted by email to email@example.com or writing to the address at the bottom of this page.