Identity and contact details of the Council
Denbighshire County Council is a 'data controller' and is notified with the Information Commissioner. Our notification number is Z573781X.
As a data controller, the Council will make every reasonable effort to ensure that we or any third party who may process data on our behalf, complies with the principles of Data Protection legislation when processing personal data.
You can contact us for a range of services, or via forms on our website: www.denbighshire.gov.uk
Issues of how data is handled are dealt with by the Council's Data Protection Officer who can be contacted by email at email@example.com or at the postal address shown above.
As a public authority, we must comply with all relevant legislation relating to data handling. The Information Commissioner's Office (ICO) is the supervisory authority in the United Kingdom established to ensure that your data rights are upheld.
Categories of personal data we hold
Obtaining, recording, holding and dealing with personal information is known as 'processing'.
We hold a variety of different categories of data depending on the relationship the Council has with you. We may be holding such information as your name, address, date of birth or bank account details, but we could also be holding more sensitive types of information about you for example, information about your health, religion, sexual orientation or any criminal offences you may have committed. The type of information we hold will depend upon the service being delivered.
Personal data could be information which is held on a computer, in a paper record i.e. a file, but it can also include other types of electronically held information i.e. CCTV images.
How departments within the Council collect and use your personal data
Denbighshire County Council has overall responsibility for a wide range of public services across our Local Authority Area and it is necessary to collect personal data to enable those services to be delivered to residents.
A list of Council services can be found on the website: www.denbighshire.gov.uk
Here are some examples of how we collect and use your data:
Providing a service
We hold the details of these people who have requested a service in order to provide it. However, we only use these details to provide the service requested or for other closely related services.
Personal information is collected and used when we provide social care services or administer council tax, housing benefit, grants and other important services to the public.
Some departments collect personal data as a result of enforcement activity carried out by the Council. For example, such data is collected by our Public Protection and our Highways departments when enforcing regulations concerning trading standards, fly-tipping, highways and parking offences.
Some departments provide discretionary services and invite you to sign up for mailing lists in order to be kept informed of their services, special offers or activities which may interest you. This personal data is collected only where you provide your consent that you wish to be kept informed.
You are able to and have the right unsubscribe or ask for your data to be erased when you no longer wish to receive marketing information.
When individuals apply to work for the Council, we will only use the information they supply to process their application and to monitor equal opportunities statistics.
Once a person has taken up employment with the Council we compile a personnel file relating to their employment. The information contained in this is kept secure and will only be used for purposes directly relevant to that employment.
Registering to vote
When a person registers to vote, their name and address are included in the electoral register. Two versions of the register are compiled and published each year. The Full Register is available for inspection under supervision.
The Edited Register does not include the names and addresses of people who have asked to be excluded from this version of the register. The Edited Register can be bought by anyone who asks for a copy and they may use it for any purpose.
The source of personal data
The vast majority of personal data we hold will have been provided to us directly from you. There are occasions where personal data is collected about you in other ways.
- When partner agencies share information with us to provide a joined-up service to you
- When you move into our Local Authority Area, data may be shared from your previous local authority
- When the police and other law enforcement agencies share information to enable the local authority to safeguard residents
- When members of the public report issues to us
People we share data with
We share data with others to enable a requested or statutory service to be provided. This could be where we use another agency to deliver the service for us or where we collaborate with other agencies.
The agencies involved may be regional partnerships, Welsh Government, local schools and colleges, and the Health Trusts. We also provide information on occasion to the private and charity sectors where they are involved in the delivery of service for us.
Joint working example
A request for aids and equipment to assist an elderly service user. Such a request would be a service that could be delivered jointly by our Social Care, Health and Housing teams as well as with the Health Board.
A paid-for service example
We pay some organisations to provide services on our behalf such as providers of residential accommodation and home care. In such cases, the information provided to them is only the minimum necessary to enable them to provide services to you on our behalf.
Transfer of information to another local authority
Personal information about you may also be provided to other local authorities. An example would be where you have moved from one area to another and it is necessary to share personal information to allow for services you are receiving to continue.
Transfer of information required by law
We also share personal information where we are required to do so by law. Examples include where we are required to publish or report matters to Welsh Government, to assist law enforcement agencies prevent, detect and prosecute crime, to protect the vital interests of the person concerned or to comply with a Court Order.
Access to information by private companies
In some instances we share information with private companies in order for them to act as data processor for us. Such arrangements are subject to data processing agreements with strict rules on processing to keep the data secure.
On occasions, some private sector companies may have access to personal data in a strictly controlled way in order to carry out defined maintenance activity on the system for a limited time period.
As a public authority, we are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. The Auditor General is responsible for carrying out data matching exercises under its powers under the Public Audit (Wales) Act 2004.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Auditor General currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. The Auditor General requires this authority to provide information it holds for this purpose. We are required to provide particular sets of data to the Auditor General for matching. Details are set out on the Wales Audit Office website, www.wao.gov.uk. As the use of data by the Auditor General in a data matching exercise is carried out with statutory authority (Part 3A of the Public Audit (Wales) Act 2004), it does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by the Auditor General is subject to a Code of Practice. This is to help all bodies involved in data matching to comply with the law and good practice, including maintaining data security (see www.wao.gov.uk).
For further information on the Auditor General’s legal powers and the reasons why he matches particular information, see Wales Audit Office website - www.wao.gov.uk
How long we keep your data
Data is held for no longer than is necessary and the Council follows legal guidelines and best practice on how long information should be kept before it is securely destroyed.
The timeframe for holding data is different depending on the type of data involved.
Transfers outside the European Economic Area
We do not share personal information beyond the European Economic Area (EEA) on a regular basis. Transferring personal data to a country beyond this area can only take place if the destination has been the subject of an adequacy decision that it meets certain criteria set by the European Commission. What this means is that we can only send information to a country if it meets very strict standards. If those standards are not in place we will not utilise the services.
In the very rare circumstances that your personal information might be transferred outside of the EEA, you will be notified beforehand, providing that does not conflict with a legal obligation imposed upon the Council.
Your data rights
1. Right to be informed
We must be completely transparent with you by providing information 'in a concise, transparent, intelligible and easily accessible form, using clear and plain language'. Our privacy notice is one of the ways we try and let you know how data is handled.
2. Right of access
You have the right to access your personal information. For details on how you an access your personal information see our data protection page.
3. Right to rectification
You have the right without undue delay to request the rectification or updating of inaccurate personal data.
4. Right to restrict processing
You can ask for there to be a restriction of processing such as where the accuracy of the personal data is contested. This means that we may only store the personal data and not further process it except in limited circumstances
5. Right to object
You can object to certain types of processing such as direct marketing. The right to object also applies to other types of processing such as processing for scientific, historical research or statistical purposes (although processing may still be carried out for reasons of public interest).
6. Rights on automated decision making and profiling
The law provides safeguards for you against the risk that a potentially damaging decision is taken without human intervention. The right does not apply in certain circumstances such as where you give your explicit consent.
7. Right to data portability
Where personal data is processed on the basis of consent and by automated means, you have the right to have your personal data transmitted directly from one data controller to another where this is technically possible.
8. Right to erasure or 'right to be forgotten'
You can request the erasure of their personal data including when:
(i) the personal data is no longer necessary in relation to the purposes for which they were collected
(ii) you no longer provide your consent, or
(iii) you object to the processing.
The Information Commissioner regulates data handling by organisations in the U.K and work to uphold the data rights of citizens and the Information Commissioner's website provides more information on the rights available to you.
If you consented to providing your personal information to us and you have changed your mind and you no longer want the Council to hold and process your information, please let us know. In the first instance please contact the relevant department. Withdrawing consent should be as easy to do as when you provided consent in the first place. If that isn't your experience with a particular service it is important you let us know of your difficulties so that we can put that right.
If you encounter any difficulties in withdrawing consent, please contact the Council's Data Protection Officer by email at firstname.lastname@example.org or by writing to:
Data Protection Officer, Denbighshire County Council. PO Box 62, Ruthin, LL15 9AZ.
Automated decision making and profiling
The Council does not carry out automated decision-making, and as such any decision taken by us which affects you will always include human intervention. We do on occasion carry out profiling to enable us as a local authority to target services to those in society who are in need of help and support and who may suffer harm without our assistance.
The right to complain about data handling
The Council sets very high standards for the collection and appropriate use of personal data. We therefore take any complaints about data handling very seriously. We encourage you to bring to our attention where the use of data is unfair, misleading or inappropriate and we also welcome suggestions for improvement.
In the first instance we would ask that you try and resolve data handling issues directly with the relevant department. You can also contact our Data Protection Officer: email@example.com should you encounter difficulties achieving a resolution with the relevant section.
We are committed to handling data appropriately and are confident that we can resolve most issues informally.
You can ask for your issue to be investigated via our online complaints form.
If you remain dissatisfied following an internal complaint, you can lodge a complaint with the Information Commissioner: Information Commissioner's Office - https://ico.org.uk/
This privacy notice explains how the Electoral Registration Officer & Returning Officer for Denbighshire County Council collects and uses personal information about you to deliver services efficiently and effectively
We use this information to enable us to carry out specific functions for which we are responsible and to provide you with a statutory service, as set out in the Representation of the People Act 1983, Electoral Administration Act 2013 and associated regulations.
The Electoral Registration Officer & Returning Officer is the Data Controller and is registered with the Information Commissioner's Office under registration reference Z6341445. The Data Controller is
Denbighshire County Council, County Hall, Wynnstay Road, Ruthin, LL15 1YN
What information is recorded?
We keep records about potential and actual electors. .These may be written down (manual records), or kept on a computer (electronic records).
These records may include:
- Basic details about you, for example, name, address, date of birth, N I number, contact details (email address/telephone number), nationality and your previous address
- Absent vote information (postal / proxy including details of your proxy and anyone who has helped you)
- Scanned application forms & dates of any letters of correspondence
- Notes about any relevant circumstances that you have told us
- Other occupants in your home
- If you are over 76 or under 16/17
- Whether you have chosen to opt out of the Open version of the Register
- Any further evidence we may require from you, such as copies of your passport, Marriage certificate, driving licence, biometric residence permit, EEA Identity Card
- Political Affiliation
It is important that your records are accurate and up-to-date as they will help make sure that our staff are able to provide you with the help, advice or support you need. If your information is not correct, then please contact us so that we can rectify this.
To verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service. You can find more information about this here: https://www.registertovote.service.gov.uk/register-to-vote/privacy
What is the information used for?
We will only use the information you give us for electoral purposes. We will look after personal information securely and we will follow the data protection legislation. We will not give personal information about you or any personal information you may provide on other people to anyone else or another organisation unless we have to by law.
The Electoral Register is a public document which can be viewed by appointment only under strict control.
Your information may be shared / disclosed with the following –
- Contracted printer or supplier (processor) who act on our behalf
- Registered political parties, elected representatives, candidates, agents and other permitted participants who are able to use it for electoral purposes only
- The Department for Work and Pensions will also use your information to verify your eligibility for the electoral register.
- Credit reference agencies, the British Library, UK Statistics Authority, the Electoral Commission and other statutory recipients of the Electoral Register
- Details of whether you have voted (but not how you have voted) to those who are entitled in law to receive it after an election
- Where the health and safety of others is at risk
- When the law requires us to pass on information under special circumstances
- Crime prevention or the detection of fraud as part of the National Fraud Initiative
Anyone who receives information from us has a legal duty to keep it confidential. They won’t use it for any other reasons and they have to look after it in the same way.
We are required by law to report certain information to appropriate authorities, for example:
- Where a formal court order has been issued.
- To law enforcement agencies for the prevention or detection of a crime
- To the Jury Central Summoning Bureau indicating those persons who are aged 76 or over and are no longer eligible for jury service
How long for?
The Electoral Registration Officer & Returning Officer is obliged to process your personal data in relation to preparing for and conducting Elections. Your details will be kept and updated in accordance with our legal obligations and in line with statutory retention periods. The Electoral Registration Officer & Returning Officer maintains a document retention policy incorporated into the corporate document retention policy of Denbighshire County Council.
Special Categories of personal data
Some of the information that is collected is classified as special category personal data. This is processed for reason of substantial public interest as set out in Representation of the People Act 1983 and associated regulations. To process this type of information we have a separate policy document that sets out how this information will be handled.
Right to Object
You have the right to object to the use of your email address or telephone contact details for the purposes of electoral registration. If you no longer want to be contacted by email or telephone you should contact the Electoral Registration Officer who is the Data Controller to unsubscribe.
Right to be Forgotten
This does not apply when maintaining the electoral register. You cannot ask for your details to be removed from current or historical registers.
For further information and if you think there has been a breach of your rights, please contact
Access to Information, Corporate Information Management Team, Denbighshire County Council, PO Box 62, Ruthin, LL15 9AZ.