Information about how we gather and use information to support our services.
We gather and process information to deliver services to citizens and communities, to carry out our statutory functions and ensure that:
- services can be delivered effectively and efficiently
- employment relationships with our staff are managed
We do this in accordance with the Data Protection Act 2018 and in compliance with our obligations we're registered as a data controller with the Information Commissioner's Office (ICO) under registration Z7145991.
Some data is called special category data. This includes details of ethnic origin, religious beliefs, sexual orientation, trade union membership, health data, and biometric such as fingerprints and facial recognition, and genetic data such as DNA.
As a local authority, we have a lawful basis for gathering and processing information where necessary for the delivery of services;
- to ensure that we undertake our statutory functions and public tasks when required to do so by law, including those relating to diversity and equalities
- to safeguard public safety; and
- where there is a risk of harm or in an emergency situations
Where we need your consent we'll ask for it.
For some services, we need to use your personal data to get in touch with you and deliver services. For example, we use your data to:
- provide our services and anything we must do by law
- undertake our regulatory, licensing and enforcement roles, which we have to do by law
- make payments, grants and benefits
- spot fraud
- listen to your ideas about our services
- tell you about our service
- use data matching to help us identify people who need additional support or if a potential incident affects us. This may require us to share information with partner organisations to respond to the incident, for example emergency resilience
If personal data is subject to an automatic decision making process (by a computer) then we'll inform you of this in our individual service privacy notices.
- provide us with accurate information
- inform us as soon as possible if there's any changes to your personal information
We'll not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause damage or harm to you.
Information is processed by the council in the UK or in the EU. However, we'll inform you within our Services Privacy Notices of any instances where this may not be the case.
- your personal data rights
- where a record including your information forms evidence gathered as part of an investigation
- where a record including your information is selected for permanent preservation
- if we are required to keep it by law.
Within the council we may share your information between our services:
- so that the information held about you is up to date
- to allow us to improve our services to you
- for statistical analysis for performance and management insight to help improve our services
We may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under data protection legislation.
Examples of organisations who we may share your information with include
- NHS Greater Glasgow & Clyde
- Police Scotland
- Voluntary organisations and care providers.
Our service specific privacy notices set out the recipients or organisations involved in providing services on our behalf, or with whom we share personal information.
We'll only share your information with partners or suppliers who have sufficient measures and procedures in place to protect your information and can meet their legal obligations under data protection legislation. These requirements will be set out in contracts or information sharing agreements.
We'll not share your information for marketing purposes, unless you have specifically given us with permission to do so.
- performing statutory enforcement notices
- disclosures required by law
- detecting/preventing crime and/or fraud
- auditing and/or administering public funds
We may share information provided to bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. Organisations include:
- The Cabinet Office
- other local authorities
- Audit Scotland
- the Police
To be informed about how we collect and use your personal information
- Privacy notices such as this set out how we collect and use your personal details
To request information we hold about you
- This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex. Consult our data protection page for details of how to submit a request for your personal data.
- You're entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we'll tell you why and let you know about your right of complaint to the UK Information Commissioner.
- You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example if we have a legal obligation to keep the information. If we decide to take no action, we'll tell you why and let you know about your right of complaint to the UK Information Commissioner.
To restrict processing
- You have the right to restrict how your data is processed in certain circumstances, for example if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. If we decide to lift a restriction on processing we must tell you.
To data portability
- If we're processing your personal data with your consent, and it is held in a structured, commonly used, machine readable form, you have a right to ask us to transmit it to another data controller so they can use it. This right does not apply if we process your personal data as part of our public task.
- You can object to your information being used for profiling, direct marketing or research purposes.
To automated decision making and profiling
- This is to reduce the risk that a potentially damaging decision is taken without human intervention
Data Protection Incidents
If you're concerned about what we do with your data, or think something has gone wrong, for example if you have received correspondence from the Council which is not addressed to you can contact the Council's Data Protection Officer to report a data protection incident.
If you wish to make a complaint or comment about how we have processed your personal information, you can do so by contacting the Council's Data Protection Officer.
If you are still unhappy with how the council have handled your complaint, you may contact the UK Information Commissioner's Office
Information Commissioner's Office
Cheshire SK9 5AF
or find out more on the Information Commissioner's Office website
We accept no liability in respect of the content nor the availability of the linked websites. You should read their privacy notices to learn how they deal with your information.
Changes to this privacy statement
We'll keep our privacy notice under regular review to reflect changes in our services, feedback from our service users and to comply with changes in the law.
This notice was last updated on 14 August 2023.