Data Protection and GDPR

Radford Semele Parish Council is a public body (‘The Council’). Its prime duty is to the general public at large in the electoral area of the Parish of Radford Semele, Warwickshire.

The Council is committed to ensuring that any personal data, in whatever format, is obtained, stored and processed in a secure and legally compliant way. The Council has a legitimate interest under current data protection regulation and to carry out its public functions. 

To support its duties and maintain its objectives, personal data on individuals involved with the Council may be obtained and stored so the Council can keep in touch with the individuals in respect of their affairs or dealings with the Council. The individuals for whom we hold personally identifiable information are referred to as “data subjects”. 

The Council may legitimately obtain, store and process personal data as necessary, to enable it to deal with people in, or connected with, the Parish area and deal with the affairs of the data subjects either directly with them or on their behalf with other public bodies such as Warwickshire County Council and Warwick District Council. 

In the exercise of the Council’s duties, it may be necessary for the Council to keep statistics prepared from information that it has received from time to time; it may be necessary also for the Council to keep maps, plans and photographs of sites including private houses. 

Our Policy for keeping personal data concerning data subjects is as follows: 

1. The Council will ensure that any personal data it obtains, stores or processes will be fair, lawful and transparent.
   
   
2. The Council will only keep personal data for such a period as to allow the Council to perform those duties that require that personal data to be held.
   
   
3. The Council will only obtain, store and process such personal data for specific and legitimate purposes, it will not be held and used for any other purposes beyond the specific intent for which it was obtained.
   
   
4. Personal data concerning data subjects will be kept for no longer than is necessary for the Council to carry out its duties in respect of the matters for which the personal data was obtained. The Council will in any case, review every 12 months whether a data subject’s personal data should continue to be kept or deleted.
   
   
5. Any personal data held by the Council will be processed so as to ensure suitable security of the personal data, including protection against unauthorised use or unlawful processing and against accidental loss, destruction or damage.
   
   
6. At any time, a data subject can put in a subject access request (SAR) to see the personal data kept by the Council relating to that person. There is no charge for this, but if a request for information is excessive the Council may refuse to supply it to the extent that it is excessive; in that event there is a right of appeal by the individual to the Information Commissioner’s Office.
   
   
7. The Council will ensure suitable measures are in place to keep personal data accurate and up to date.
   
   
8. At any time, a data subject can ask to have any errors in the personal data held by the Council rectified.
   
   
9. A data subject has a right not to be subjected to automated processing but to have an intelligent human input into decisions about the keeping of the data.
   
   
10. The stored information is for the Council’s use only and will not be passed on to other organisations without the specific consent of the data subject in respect of the use for which the data it to be put.
    
    
11. A data subject may request that personal data held by the Council be moved, copied or transferred to another party. This only relates to the data originally supplied by the data subject.
    
    
12. The Council will not undertake any high-risk data processing of the personal data it holds, such as, data farming or individual profiling.
    
    
13. At any time, a data subject can request deletion of all or part of the data on that individual being stored by the Council; for the sake of good order the request for this must be made in writing, if there is a lawful and legitimate reason for retaining this information, this request may be refused, and the data subject will be informed of this decision.
    
    
14. The Council will not process, store or transfer any personal data outside of the European Economic Area (EEA).
    
    
15. The Council will only collect, store or process personal data if a data subject can be taken to have agreed to this by approaching the Council, one of the Councillors, or the Clerk for their assistance.
    
    
16. In exercise of its public duties the Council may store personal data on individuals who have not approached the Council, one of the Councillors, or the Clerk, where the Council has a legitimate interest to fulfil its public functions.
    
    
17. Any serious data breaches involving personal data held by the Council will be notified to the Information Commissioners Office within 72 hours of the Council becoming aware of that data breach.
    
    
18. The person who is responsible for keeping the data – known as the Data Controller is:
    
    Mr David Leigh-Hunt
    Clerk to Radford Semele Parish Council
    1 Lewis Road, Radford Semele CV31 1UB
    Email address clerk@radfordsemelepc.org.uk
    01926 330844

Approved and readopted at Parish Council Meeting 25th March 2024

Radford Semele Parish Council Data Protection Policy and GDPR Policy Revised March 2024.pdf