Data Protection Law has changed
The Council will continue to update these pages in readiness for the change in law.
To deliver our services we need to collect, store, use, share and dispose of personal information. This is known as data processing.
When we collect personal data, we must tell you why we need it, and what we will do with it. This information is called a privacy notice.
This privacy notice explains how we process your personal information as a Council. More specific information will also be provided by Council services when you use them. If this privacy notice changes in any way, we will place an updated version on this page. By regularly reviewing this page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with others.
In processing personal information, Inverclyde Council must comply with the EU General Data Protection Regulation and the Data Protection Act 2018. We refer to this as data protection legislation.
Data controllers are the organisations or individuals that determine how your personal information will be processed. By law, data controllers must pay a fee to register with the UK Information Commissioner (external link) who is the data protection regulator within the UK.
The Inverclyde Council data controller registration number: Z5004355
Data collection and personal data categories
The personal information we hold about you may be collected on a paper or online form, by telephone, email, CCTV, by a member of our staff, or one of our partners. When we collect and process your personal information, we are committed to the principles set out in data protection legislation.
Data protection principles
- We only collect information that we need
- We keep your personal information secure
- We don't keep your information for longer than we need to
- We tell you why we need your information and what we will do with it
- We collect accurate information and, where necessary, keep it up to date
- We don't use your information for a different reason than the one we have told you about. The exception to this is if we have to do so by law e.g. to prevent and detect crime.
Personal data categories
We process personal data and special category data.
Personal data is information which can be used to identify you such as your
- date of birth
- a unique identifier, such as your National Insurance number.
Special category data is information that reveals
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade-union membership
- data concerning health or sex life.
Purpose of processing personal information
Processing personal information allows us to provide our services and fulfil our legal responsibilities, such as collecting Council Tax, paying benefits and grants, planning services and enforcement, licensing, trading standards and food safety.
On occasions, we may keep your personal information within the Council's archives for evidential and historical reasons, or use it for research and statistical purposes.
It will sometimes be necessary to process personal information to protect individuals from harm or injury, to prevent and detect crime, to comply with legal orders, and to provide information in accordance with a person's rights.
The Council will only process your personal information when it is lawful to do so.
- It is required by law
- It is necessary as part of a contract
- You have given us permission to do so
- It is necessary to protect someone's life
- It is necessary to provide a Council service which is part of our public task.
The Council's Information Asset Register sets out the activities that involve the collection and use of personal information and the reason why we can process your information lawfully.
If we require your permission to process your personal information, we will ask you. If you wish to withdraw your consent, you can do so through contacting the Council's Information Governance Team.
Information Governance Team
Inverclyde Council - Legal and Property Services
Tel: 01475 712498
Tel: 01475 712725
To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf.
The Council may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under data protection legislation.
Examples of organisations who we may share your information with include
- NHS Greater Glasgow and Clyde
- Police Scotland
- Voluntary organisations and care providers.
Our service specific privacy notices set out the recipients or organisations involved in providing services on our behalf, or with whom we share personal information.
We will only share your information with partners or suppliers who have sufficient measures and procedures in place to protect your information and can meet their legal obligations under data protection legislation. These requirements will be set out in contracts or information sharing agreements.
We will not share your information for marketing purposes, unless you have specifically given us permission to do so.
Details of transfers to third country and safeguards
Your information will normally be stored and processed on servers based within the European Economic Area. While it may sometimes be necessary to transfer personal info overseas, any transfers will be in full compliance with data protection legislation.
Retention periods and your rights
We will not keep your information for any longer than it is needed, and will dispose of both paper and electronic records in a secure way. The length of time we need to keep information will depend on the purpose for which it is collected. The Council has a Record Management Plan which sets out how long we keep records and the reason why.
- to be informed about how we collect and use your personal information through privacy notices such as this.
- to request information we hold about you. This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex.
- to rectification. You are entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.
- to erasure. You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example if we have a legal obligation to keep the information. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.
- to restrict processing. You have the right to restrict how your data is processed in certain circumstances, for example if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. If we decide to lift a restriction on processing we must tell you.
- to data portability. If we are processing your personal data with your consent, and it is held in a structured, commonly used, machine readable form, you have a right to ask us to transmit it to another data controller so they can use it. This right does not apply if we process your personal data as part of our public task.
- to object. You can object to your information being used for profiling, direct marketing or research purposes.
- to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
Collecting Information Automatically
Please see our cookies page for further information about the information we collect automatically when using our website.
To make a subject access request, or to exercise any of your rights, please contact the Information Governance Team.
Incidents, complaints and comments
Data Protection incident
If you are concerned about what we do with your data, or think something has gone wrong, for example if you have received correspondence from the Council which is not addressed to you, contact the Council's Data Protection Officer to report a data protection incident.
Complaints and comments
If you wish to make a complaint or comment about how we have processed your personal information, you can do so by writing to the Council's Data Protection Officer. If you are still unhappy with how the Council has handled your complaint, you may contact
UK Information Commissioner’s Office
Tel: 08456 30 60 60 | Website: www.ico.gov.uk (external link)
Data Protection Officer
The Council must appoint a Data Protection Officer to make sure it is complying with data protection legislation. The Council's Data Protection Officer is Andrew Greer, Solicitor, Information Governance
Information Governance Team
Inverclyde Council - Legal and Property Services
Email: firstname.lastname@example.org Tel: 01475 712498
Page last updated: 21 June 2018