1. General Data Protection Regulations
As data controller and when handling any personal information we take all necessary steps to comply with the Data Protection Act 1998 (as modified by the General Data Protection Regulations 2016) and relevant subordinate legislation. When you supply any personal information to us we will meet our legal obligations to you in the way that we deal with that information. In accordance with the Data Protection Principles we are required to collect personal information fairly and to let you know how we will use it (see section 2 below) and whether we will pass the information onto anyone else (see section 3 below). We will comply with the Principles by ensuring that:
all personal information supplied to us is held securely
information will be held only as long as necessary for our services
we use up to date industry procedures to keep personal data as safe and secure as possible against loss, unauthorised disclosure or access (see section 5 below).
2. What personal information do we collect and why do we collect it?
We may collect the following types of information:-
(a) web analytic data;
(c) contact information and other personal information
When someone visits this website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. Similarly, like many sites we reserve the option to collect information about online behaviour using cookies, which contain identification information that enables us to see how users are interacting with the site and how frequently they are returning. The cookies do not contain any information which enable you to be personally identified and are not combined with other information the Council holds to provide personally identifiable information.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Only the information in (c) is Personal Data which falls within the provisions of the Data Protection legislation. We may come to hold your Personal Data (such as name, e-mail address and other contact information) when you contact us to make comments, submit a problem or request information from us, or register to receive e-news posts from us and provide your name or return contact information.
3. To whom will we supply your personal data?
Data about traffic and usage of the site together with information collected about online behaviour using cookies may be shared with third parties but only in aggregated anonymous form.
We do not disclose personally identifying information except in very specific instances.
It is not our normal policy to release (sell, trade, provide or rent) your information to other parties. If a good reason for changing that policy were to arise it would remain the case we would not release any of your personal data without having first obtained your consent at the point of collection of your personal data. If you do give us that permission we will only share information with organisations we have carefully selected and believe to be reputable. (see also paragraphs 3.1 and 3.2).
Where an individual provides personal information (such as name, e-mail, address and other contact information) to us via our website for whatever purpose (e.g. registration, survey, feedback etc.) that personal information will only be used for the purpose of communicating with you in relation to the matter raised or for any other purpose for which you have given your consent.
The Council will regard it as normal processing to share communications internally between staff and current Council members to ensure that any issue raised is properly dealt with.
Specific personal information may be released where we are required to do so e.g., court order or for any of the Council’s statutory purposes.
3.1 Will you use my personal information for direct marketing? Can I prevent this?
Personal data obtained from optional surveys or contests may be used by us for the purpose of making you aware of other services or promotions from the Council, which we think you may be interested in. It is not our normal policy to release such information to other parties for direct marketing. If a good reason for changing that policy were to arise it would only be in a case where the third party had been carefully selected/vetted, and we would not release any of your personal data without having first obtained your consent at the point of collection of your personal data. Such consent may also be withdrawn at any time by sending an e-mail to and typing Remove in the subject line. In addition, if we send you a direct marketing communication it will include an option to remove yourself from the mailing list.
3.2 Is my personal information sent abroad?
Countries in the European Economic Area (EEA, which includes the UK at time of writing) are required to have a similar standard of protection of personal data. Lower standards often apply outside that area. The Parish Council does not propose releasing such material outside the EEA. In addition, before releasing any data to a third party under the constraints above, guarantees will be elicited that processing of this personal information will continue to restricted to the EEA, and we will take all reasonable steps to ensure that data is held with adequate security.
4. Links to other websites
We take care to ensure the security of the Upwell Parish Council website and your personal information. We have put in place appropriate technical and organisational measures to ensure the safety and security of the information we collect on line. Any third party processing such information on the Council’s behalf is contractually obliged to put in place similar measures. However, you should consider any communication that you transmit to us (such as data, questions, answers, comments or suggestions) as non-confidential. The Council will not be liable if information that belongs to you is intercepted and used by an unintended recipient.
7. Access to personal information and contacting us
Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulations. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to; and
let you have a copy of the information in an intelligible form.
If you wish to find out what information we hold about you please contact us providing your contact details, a brief description of the information you require and enclose proof of your identity. This could be a scanned copy of a household bill, passport or driving licence. You will receive a response to your request within 20 days