Skip to content

Live chat is available Monday to Friday between 8.45am and 4.45pm (except public holidays)

 

Privacy policy

We gather and process information to deliver services to individuals and communities in East Renfrewshire, to carry out our statutory functions. We ensure that services can be delivered effectively and efficiently, and employment relationships with our staff are managed.

We do this in accordance with the Data Protection Act 2018 and in compliance with our obligations we're registered as a data controller with the Information Commissioner's Office (ICO) under registration Z7145991. 

What's personal data?

Personal data is information about a living person that means we can work out who they are, such as their name, address and bank details. This can include written letters or emails, photographs, and audio and video recordings. 

Some data is called special category data. This means it's more sensitive and we need to look after it more carefully. This can include details of an individual's ethnic origin, religious beliefs, sexual orientation, trade union membership or health, biometric (fingerprints, facial recognition) and genetic (DNA) data. 

Why we collect, use and store your information

We're required to process personal data lawfully and our data protection policy sets out our commitment as to how we'll comply with the Data Protection Act 2018.

As a local authority, we have a lawful basis for gathering and processing information:

  • where necessary for the delivery of services
  • to ensure that we undertake our statutory functions and public tasks when required to do so by law, including those relating to diversity and equalities
  • to safeguard public safety
  • where there is a risk of harm
  • in an emergency situation

Where we need your consent we'll ask for it. 

For some services, we need to use your personal data to get in touch with you and deliver services. For example,we use your data to:

  • provide our services and anything we must do by law
  • undertake our regulatory, licensing and enforcement roles, which we have to do by law
  • make payments, grants and benefits
  • spot fraud
  • listen to your ideas about our services
  • tell you about our services

If personal data is subject to an automatic decision making process (by a computer) then we'll inform you of this in our individual service privacy notices. Any automatic decision making results will be subject to a final decision by a council officer.

Providing personal information

To ensure that your personal information is reliable, accurate and up to date, it's expected that you provide us with accurate information and inform us as soon as possible if there's any changes to your personal information.

Steps we take to keep your personal data safe and secure

We've a responsibility to keep your information safe and we respect your privacy. All of our employees are required to undertake data protection and information security training to ensure that personal data is processed in accordance with data protection principles.

We'll not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause damage or harm to you.

How long we keep your personal data

There are factors that can affect how long we keep your personal data for. This includes:

  • your personal data rights
  • where a record including your information forms evidence gathered as part of an investigation
  • where a record including your information is selected for permanent preservation

We'll only hold your personal data for as long as is necessary for business purposes or if we're required to keep it by law.

Read our retention schedule

Information sharing

We may need to share your information with other people and organisations who'll carry out activities on our behalf. Where this happens we'll ensure satisfactory protection by ensuring contracts and sharing agreements are in place that define the security controls that specify data is held safely and securely.

Fraud detection and prevention

We're required by law to protect the public funds we administer and there are circumstances under which we're legally required to disclose information. These purposes are

  • performing statutory enforcement notices
  • disclosures required by law
  • detecting/preventing crime and/or fraud
  • auditing and/or administering public funds

We may share information provided bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. Organisations include:

  • the Cabinet Office
  • DWP
  • other local authorities
  • HMRC
  • Audit Scotland
  • the Police

Emergency resilience

We may use data matching to help us identify people who need additional support or if a potential incident affects us. This may require us to share information with partner organisations to respond to the incident.

Council services privacy notices

You can find out more details about how our services use your personal data within their separate privacy notices.

Your rights

You've certain rights over your personal data. Some of these rights are only available in certain circumstances and are usually dependant on the legal basis upon which we hold your data.

Depending on why we need to process your personal data, you'll have rights to how your information is used. You'll find further information about how our various services use your personal data within our services privacy notices.

We have a lawful basis for the gathering and processing of information necessary for the delivery of critical services. You've the right to request that we stop processing your personal data in relation to any of our services. However, this may cause delays or prevent us delivering a service to you. 

Where possible, we'll seek to comply with such requests, but this may not be possible where we are required to do so by law. For example, to safeguard public safety, where there is a risk of harm or in an emergency situation.

Where we rely on your consent to process information you've the right to withdraw this consent at any time. Details of how to withdraw your consent will be given to you at the time you provide your consent.

You can ask to see what data we hold about you and ask to be sent a copy. This is called a subject access request.

Subject access requests are free of charge. However, where a request is unclear, unfounded or excessive then we may ask for a reasonable fee to cover administrative costs in relation to your request.

We hope to respond to enquiries within 30 days of their submission. If the matter is complex we may need more time, but you'll will be informed of this.

You can also ask us to:

  • correct your data if you think it's wrong (Right to Rectification)
  • delete your personal data in certain circumstances (Right to Erasure)
  • stop using your data if you think it's wrong or we shouldn't have it (Right to Restriction)
  • stop using your data if you think we no longer should be using it (Right to Object)
  • transfer the information you gave us from one organisation to another or give it to you. This right only applies if processing is based on consent or in talks about entering into a contract and the processing is automated (Right to Data Portability)
  • consider any complaint you have about how we have used your data

In addition you've the right to:

  • not be subject to a decision that's based solely on automated processing if the decision affects your legal rights or other equally important matters. For example, e-recruiting practices without human intervention.
  • understand the reasons behind decisions made about you by automated processing and the possible consequences of the decisions
  • object to profiling in certain situations, including direct marketing

Requests for information or complaints

Please consult our data protection page for details of how to submit a request for your personal data.

Should you wish to make a complaint about how your personal data or information has been managed, you can contact our Data Protection Officer by email: dpo@eastrenfrewshire.gov.uk or write to: Data Protection Officer, East Renfrewshire Council, Council Headquarters, Eastwood Park, Giffnock, G46 6UG.

For independent advice or to lodge a complaint about data protection, privacy or data sharing issues, you can write to the Information Commissioner's Office (ICO) at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Alternatively, you can phone 0303 123 1113 or email: casework@ico.org.uk.

Further information

We'll keep our privacy notice under regular review to reflect changes in our services, feedback from our service users and to comply with changes in the law. 

Read our disclaimer

Read our cookies information


Help improve this webpage

Was this page helpful?

Please use the official complaints channel if your comment is about service provision:

Complaints, feedback and having your say





(Include if you would like a response to your feedback)