Data Protection Act 1998 – Fair Processing Notice.
The use and disclosure of personal data is governed in the UK by the Data Protection Act 1998.
Denbighshire County Council is a ‘data controller’ for the purposes of the Data Protection Act 1998 and is notified with the Information Commissioner. Our notification number is Z573781X. As a data controller, the Council will make every reasonable effort to ensure that we or any third party who may process data on our behalf, complies with the principles of the Data Protection Act when processing personal data.
The 8 Data Protection principles can be found below:
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
This notice is known as a ‘fair processing’ notice for the purposes of the Data Protection Act 1998 and intends to inform you of the types of personal data Denbighshire County Council may hold and what it may do with it.
What types of information will Denbighshire County Council be holding about me?
We may be holding such information as your name, address, date of birth or bank account details, but we could also be holding more sensitive types of information about you for example, information about your health, religion, sexual orientation or any criminal offences you may have committed. The type of information we hold will depend upon the service being delivered.
Personal data could be information which is held on a computer, in a paper record i.e. a file, but it can also include other types of electronically held information i.e. CCTV images.
The information we hold about you may be collected from a variety of sources for example, from you, your legal representative, partners and relatives or from other agencies.
What will Denbighshire County Council do with my information?
Denbighshire County Council collects and holds personal information about members of the public, staff and those people that it carries out business with or provides services to. Denbighshire County Council will only use the information that it holds to comply with its statutory duties for example, the collection of council tax or to provide you with a service that you have requested or need.
In certain circumstances you may have consented to us collecting and holding your information for example, by signing up to a marketing list for a certain type of public event.
How will my personal data be protected?
Denbighshire County Council will make every effort to keep your information secure and will endeavour to comply with all relevant legislation including the Data Protection Act 1998 and applicable standards, for example the ISO27001 Information Security Standard. This means that we have to put measures in place to ensure that our computers and files are secure and that the information you give to us will be kept confidential.
Who will Denbighshire County Council disclose my information to?
From time to time Denbighshire County Council is obliged by law to disclose personal information that it holds, for example to the Revenue and Customs, the Police, the Health Service or other agencies. Any disclosures made will only be done in accordance with the law.
What can I do if I want to find out what information Denbighshire County Council holds on me?
A person is entitled, in accordance with the provisions of the Data Protection Act 1998, to ask for a copy of the information that a ‘data controller’ holds. This is known as a ‘Subject Access’ request. Denbighshire County Council has procedures in place so that people can make a subject access request.
What can I do if I think the information held on me is incorrect, or misleading?
Denbighshire County Council will ensure that it will keep its information as up to date as possible however, please tell us if you think that the information held about you is incorrect in any way. This will not only help us to keep you informed about vital services you may be entitled to, but will also ensure that we comply with our legal requirements.
The Data Protection Act 1998 gives you the right to have information blocked, rectified, erased, amended or deleted. However, in some circumstances we may be required by law to keep your information for a certain period of time so it may not always be possible to do so. Where this is the case we will tell you.
If you wish to tell us that the information held about you is incorrect, please contact us.
If you want to find out more about the Data Protection Act, please contact the Information Commissioner.
National Fraud Initiative
In order to prevent and detect fraud, we are required by law to protect the public funds we administer and may share information with other bodies responsible for auditing or administering public funds.
The Auditor General for Wales appoints an auditor to audit our accounts. He or she is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Auditor General requires us to provide information data matching to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching for each exercise, and these are set out in the Wales Audit Office’s guidance, which can be found at http://www.wao.gov.uk/about-us/national-fraud-initiative.
Details are set out in the Auditor General’s handbooks, which can be found at www.wao.gov.uk.
The use of data by the Auditor General in a data matching exercise is carried out with statutory authority under its powers in Part 3A of the Public Audit (Wales) Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Auditor General is subject to a Code of Practice. This may be found at www.wao.gov.uk.
For further information on the Auditor General’s legal powers and the reasons why he matches particular information, see www.wao.gov.uk or contact: NFI Co-ordinator, Wales Audit Office, 24 Cathedral Road, Cardiff CF11 9LJ, 029 2032 0616 or email firstname.lastname@example.org.