Thanks for taking the time to share your thoughts. Your feedback is valuable to us and helps us improve our service.
This Privacy Notice tells you what to expect when Flintshire County Council collects your personal data.
We are committed to compliance with data protection legislation, as well as your rights to confidentiality and respect for privacy. The Council will ensure that it keeps your personal data accurate and secure to provide you with efficient services.
We will only use the data it holds about you in accordance with the law. We will also only collect the minimum data necessary, and when it no longer has a need to keep your data, it will be disposed of in a secure manner.
We have a Data Protection Officer who makes sure we respect your rights and comply with the law. If you have any concerns about how we look after your personal data please contact the Data Protection Officer at firstname.lastname@example.org or by calling 01352 702802.
Do you know what personal data is?
Personal data is any information that relates to an identifiable living individual directly or indirectly. This includes data that when combined with other data can then identify a person. For example your name and contact details.
Do you know that some of your personal data is considered as ‘special’?
Some data is considered to be special and needs more protection and safeguards due to its sensitivity. It is often data that is very personal to you, that you wouldn’t expect or want to be widely known. This will include anything that can reveal your: -
Why do we need your personal data?
We may need to use some information about you to:
When processing your personal data we must have legal reason to do so. Generally we collect and use your personal data where:
At the time of collecting your data, the Council will inform you: -
Who do we share your information with?
We use a range of organisations to help us deliver our services, where we have these arrangements there is always an agreement in place to make sure that those organisations comply with data protection law.
We sometimes have a legal duty to share personal data with other organisations. This is often at the request of the courts when:
We may need to share your personal data when we feel there’s a reason that’s more important than protecting your privacy:
For all the reasons above, the risk must be serious before we can override your right to privacy.
Transferring data outside the European Economic Area (EEA)
The Council will only transfer personal data outside of the EEA in compliance with Chapter V of the General Data Protection Regulation. Transfers may be made where the Commission has decided that a third country (a country outside the EEA), a territory or one or more specific sectors in the third country, or an international organisation ensures and can demonstrate that individual’s rights are protected by adequate safeguards.
How does the Council keep your personal data secure?
The Council secures your personal information from unauthorised access, use or disclosure. The Council secures the personal data you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
We may store your personal information using European Union based cloud providers, but only where a data processing agreement is in place that complies with obligations equivalent to those of the General Data Protection Regulation.
National Fraud Initiative
The Council is required by law to protect the public funds it administers, to this end we may share your personal data with other bodies responsible for auditing or administering public funds to prevent and detect fraud. The Auditor General for Wales requires all local authorities under his powers in Part 3A of the Public Audit (Wales) Act 2004, to provide data it holds for this purpose. The data is shared with the Wales Audit Office/Audit Commission.
Individuals have certain rights in respect of their own personal data, which are (further information relating to your rights including how to make a request can be found on our Data Protection Page):
1. The right to be informed – This emphasises the need for transparency over how the Council uses your personal data, this will be done typically through a privacy notice at the time your data is obtained.
2. The right of access – Individuals have the right to obtain confirmation that their data is being processed and access to their personal data held by the Council.
3. The right to rectification – Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
4. The right to erasure – The right to erasure is also known as ‘the right to be forgotten’. This enables an individual to request that the Council deletes or removes their personal data where there is no compelling reason for its continued processing.
5. The right to restrict processing – Individuals have the right to block or supress processing of personal data where there is no compelling reason for the processing. When processing is restricted the council will be permitted to store the personal data, but not further process it, and will retain just enough data about you to ensure that the restriction is respected in future.
6. The right to data portability – Individuals have the right to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
7. The right to object– Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercises of official authority, direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – This provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
For further information on the use of your data including how to make a request under your individual rights above please visit our Data Protection Page or contact our Information Governance Team using the details below:-
Information Governance Team
Flintshire County Council
Alternatively you can contact the Council’s Data Protection Officer Alun Kime using the following details:-
If you feel the Council has handled your data unfairly or unlawfully you can lodge a complaint with our Information Governance Team using the process below:-
Data Protection Complaints Procedure
This procedure is exclusively for dealing with complaints in relation to the operation of the Data Protection Act within Flintshire County Council. Where you are dissatisfied with the way that any Data Protection issue relating to yourself has been dealt with and you have been unable to obtain satisfaction through discussion with the officer dealing with the matter then you are encouraged to use the following procedure.
To make a complaint
Please contact our Data Protection Officer on:
Data Protection Officer
Acknowledging your complaint
Your complaint will be acknowledged and consideration given to the best way of dealing with it. You will be informed within 7 working days of the way the complaint will be dealt with and a timescale of when a response will be made to it. If any indicated timescale is not met you will receive an explanation for this and an updated timescale.
If you remain dissatisfied with the time the Council is taking to deal with your complaint or with our response, you may wish to pursue the matter with the Information Commissioner by contacting:
Information Commissioner’s Office
0303 123 1113
If you remain dissatisfied with how the Council has handled your personal data you may wish to contact the Information Commissioner’s Office by:-