INTRODUCTION:
In order to conduct its business, service and duties, Blaengwrach Community Council processes a wide range of data, relating to its own operations and some which it handles on behalf of partners. In broad terms, this data can be classified as:
a) Data shared in the public arena about the services it offers, its mode of operations and other information it is required to make available to the public;
b) Confidential information and data not yet in the public arena such as ideas about other or policies that are being “worked up”;
c) Confidential information about other organisations because of commercial sensitivity;
d) Personal data concerning its current, past and potential employees, Councillors and volunteers;
e) Personal data concerning individuals who contact it for information, to access its services or facilities or to make a complaint.
The Council will adopt procedures and manage responsibly, all data which it handles and will respect the confidentiality of both its own data and that belonging to partner organisations it works with and members of the public. In some cases, it will have contractual obligations towards confidential data, but in addition will have specific legal responsibilities for personal and sensitive information under data protection legislation.
This policy is linked to our Quality Policy and ICT Policy which will ensure information considerations are central to the ethos of the organisation.
The Community Council will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioner`s Office.
The Council will be as transparent as possible about its operations and will work closely with the public, community and voluntary organisations. Therefore, in the case of all information which is not personal or confidential, it will be prepared to make it available to partners and members of the community. Details of information which is routinely available is contained in the Council`s Publication Scheme which is based on the statutory model publication scheme for local councils.
PROTECTING CONFIDENTIAL AND SENSITIVE INFORMATION:
The Council recognises it must, at times, keep and process sensitive and personal information about both employees and the public. It has therefore adopted this policy not only to meet its legal obligations but to ensure high standards.
The General Data Protection Regulations (GDPR) which became law on 25th May 2018 and will like the Data Protection Act 1998 before them, seek to strike a balance between the rights of individuals and the sometimes, competing interests of those such as the Community Council with legitimate reasons for using personal information.
THE POLICY IS BASED ON THE PREMISE THAT PERSONAL DATA MUST BE:
a) Processed fairly, lawfully and in a transparent manner in relation to the data subject;
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) Accurate and, where necessary, kept up to date;
e) Kept in form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
DATA PROTECTION TERMINOLOGY:
DATA SUBJECT – means the person whose personal data is being processed. That may be an employee, prospective employee, associate or prospective associate of the Blaengwrach Community Council or someone transacting with it in some way, Community Councillors or volunteer who may be transacting or contracting with one of our clients when we process data for them.
PERSONAL DATA – means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person. It can be anything from a name, a photograph, an address, date of birth, email address, telephone number, bank details, and posts on social networking sites or a computer IP address.
SENSITIVE PERSONAL DATA – includes information about racial or ethnic origin, political opinions, religious and other beliefs, trade union membership, medical information, sexual orientation, genetic and biometric data or information related to offences or alleged offences where it is used to uniquely identify an individual.
DATA CONTROLLER – means a person who (either alone or jointly or in common with other persons) (e.g. Community Councillor, employer, Council) determines the purposes for which and the manner in which any personal data is to be processed.
DATA PROCESSOR – in relation to personal data, means any person (other than an employee of the data controller)who processes the data on behalf of the data controller.
PROCESSING INFORMATION AND DATA – means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
a) organising, adapting or altering it;
b) retrieving, consulting or using the information or data;
c) disclosing the information or data by transmission, dissemination or otherwise making it available;
d) aligning, combining, blocking, erasing or destroying the information or data, regardless of the technology used.
The Blaengwrach Community Council processes personal data in order to:
a) fulfil its duties as an employer by complying with the terms of contracts of employment, safeguarding the employee and maintaining information required by law;
b) pursue the legitimate interests of its business and its duties as a public body, by fulfilling contractual terms with other organisations, and maintaining information required by law;
c) monitor its including the equality and diversity of its activities;
d) fulfil its duties in operating the business premises including security;
e) assist regulatory and law enforcement agencies;
f) process information including the recording and updating details about its Councillors, employees, partners and volunteers;
g) process information including the recording and updating details about individuals who contact it for information, or to access a service, or make a complaint;
h) undertake surveys, censuses and questionnaires to fulfil the objectives and purposes of the Council;
i) undertake research, audit and quality improvement work to fulfil its objectives and purposes;
j) carry out Council administration.
Where appropriate and governed by necessary safeguards we will carry out the above processing jointly with other appropriate bodies from time to time.
The Council will ensure that at least one of the following conditions is met for personal information to be considered fairly processed:
1) The individual has consented to the processing;
2) Processing is necessary for the performance of a contract or agreement with the individual;
3) Processing is required under a legal obligation;
4) Processing is necessary to protect the vital interests of the individual;
5) Processing is necessary to carry out public functions;
6) Processing is necessary in order to pursue the legitimate interests of the data controller or third parties.
Particular attention is paid to the processing of any sensitive personal information and the Community Council will ensure that at least one of the following conditions are met:
1) Explicit consent of the individual;
2) Required by law to process the data for employment purposes;
3) A requirement in order to protect the vital interests of the individual or another person.
WHO IS RESPONSIBLE FOR PROTECTING A PERSON`S PERSONAL DATA?
The Community Council as a corporate body has ultimate responsibility for ensuring compliance with the Data Protection legislation. The Council has delegated this responsibility day-to-day to the Clerk to the Council.
email: blaengwrach.clerk@gmail.com;
telephone: 07522 085222;
address: The Clerk, Blaengwrach Community Council, The Welfare Hall, Heol Y Felin, Cwmgwrach, Neath SA11 5TB.
The Community Council is registered with the Information Commissioner`s Office who monitor compliance with Data Protection legislation.
DIVERSITY MONITORING:
The Council monitors the diversity of its employees and Councillors in order to ensure that there is no inappropriate or unlawful discrimination in the way it conducts its activities. It undertakes similar data handling in respect of prospective employees. This data will always be treated as confidential. It will only be accessed by authorised individuals within the Council and will not be disclosed to any other bodies or individuals. Diversity information will never be used as selection criteria and will not be made available to others involved in the recruitment process. Anonymised data derived from diversity monitoring will be used for monitoring purposes and may be published and passed to other bodies.
The Council will always give guidance on personal data to employees, Councillors, partners and volunteers through a Privacy Notice and ensure individuals on who personal information is kept are aware of their rights and have easy access to that information on request.
Appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data will not be transferred to a country or territory outside the United Kingdom unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
INFORMATION PROVIDED TO US:
The information provided (personal information such as name, address, email address, telephone numbers) will be processed and stored so that it is possible for us to contact, respond to or conduct the transaction requested by the individual. By transacting with the Blaengwrach Community Council, individuals are deemed to be giving consent for their personal data provided to be used and transferred in accordance with this policy, however, in some cases, specific written consent may be sought. It is the responsibility of those individuals to ensure that the Community Council is able to keep their personal data accurate and up-to-date. The personal information will not be shared or provided to any other third party or be used for any purpose other than that for which it was provided.
THE COUNCIL`S RIGHT TO PROCESS INFORMATION:
The General Data Protection Regulations (and Data Protection Act), Article 6(1)(a)(b) & (e);
Processing is with consent of the data subject;
Processing is necessary for compliance with legal obligation;
Processing is necessary for the legitimate interests of the Council.
INFORMATION SECURITY:
The Community Council cares to ensure the security of personal data. We make sure that your information is protected from unauthorised access, loss, manipulation, falsification, destruction or unauthorised disclosure. This is done through appropriate technical measures and appropriate policies. We will only keep your data for the purpose it was collected for and only for as long as is necessary, after which it will be deleted.
CHILDREN:
We will not process any data relating to a child (under 13)without the express parental/guardian consent of the child concerned.
RIGHTS OF A DATA SUBJECT:
ACCESS TO INFORMATION – an individual has the right to request access to the information we have on them. They can do this by contacting the Clerk to the Council.
INFORMATION CORRECTION – If they believe that the information we have about them is incorrect, they may contact us so that we can update it to keep our data accurate.
INFORMATION DELETION – If the individual wishes the Community Council to delete the information about them, they can do so b y contacting the Clerk to the Council.
THE RIGHT TO OBJECT – If an individual believes their data is not being processed for the purpose it has been collected for, they may object by contacting the Clerk to the Council.
The Community Council does not use automated decision making or profiling of individual personal data.
COMPLAINTS – If an individual has a complaint regarding the way their personal data has been processed, they may make a complaint to the Clerk to the Council or the Information Commissioner`s Office – casework@ico.org.uk or telephone: 0303 123 1113.
The Council will always give guidance on personal data to employees through the Employee Induction Pack.
The Council will ensure that individuals on whom personal information is kept are aware of their rights and have easy access to that information on request.
MAKING INFORMATION AVAILABLE:
The Publication Scheme, which can be found on this website, is a means by which the Council can make a significant amount of information available routinely, without waiting for someone to specifically request it. The Scheme is intended to encourage local people to take an interest in the work of the Council and its role in the community.
In accordance with the provisions of the Freedom of Information Act 2000, this scheme specifies the classes of information which the Council publishes or intends to publish.
All formal meetings of the Council and its committees are subject to statutory notice being given on notice boards and this website. The Council publishes an annual programme of dates of the monthly meetings in May of each year. All formal meetings are open to the public and the press and reports to be made to those meetings and any relevant background papers can be made available for the public to see. The Council welcomes public participation and has a public participation session in each Council and/or committee meeting. Details can be seen in the Council Standing Orders, which are available on this website (for a “hard copy” please contact the Clerk to the Council).
Occasionally, the Council or its committees may need to consider matters in private. Examples of this are matters involving personal details of staff, or a particular member of the public, or where details of commercial/contractual sensitivity are to be discussed. This will only happen after a formal resolution has been passed to exclude the press and public and the reasons for the decision are stated. Minutes from all formal meetings are public documents.
The Openness of Local Government Bodies Regulations 2014 requires written records to be made of certain decisions taken by officers under delegated powers. These are not routine operational and administrative decisions such as giving instructions to the workforce or paying an invoice approved by the Council, but would include urgent action taken after consultation with the Chair of the Council, such as responding to a planning application in advance of the Council. In other words, decisions which would have been made by Council or committee had the delegation not been in place.
The 2014 Regulations also amend the Public Bodies (Admission to Meetings) Act 1960 to allow the public or the press to film, photograph or make an audio recording of Council and/or committee meetings normally open to the public. the Council will, where possible, facilitate such recording unless it is being disruptive. It will also take steps to ensure that children, the vulnerable and members of the public who object to being filmed are protected without undermining the broader purpose of the meeting.
The Council will be pleased to try to make special arrangements, upon request, for persons who have hearing or sight difficulties.
DISCLOSURE INFORMATION:
The Council will as necessary undertake check on both staff and Councillors with the Disclosure and Barring Service and will comply with their Code of Conduct relating to secure storage, handling, use, retention and disposal of Disclosures and Disclosure Information. It will include an appropriate operating procedure in its integrated quality management system.
DATA TRANSPARENCY:
The Council has resolved to act in accordance with the Code of Recommended Practice for Local Authorities on Data Transparency (September 2011). This sets out the key principles for local authorities in creating greater transparency through the publication of public data and is intended to help them meet obligations of the legislative framework concerning information.
“Public data” means the objective, factual data on which policy decisions are based and on which public services are assessed, or which is collected or generated in the course of public service delivery.
The Code will therefore, underpin the Council`s decisions on the release of public data and ensure it is proactive in pursuing higher standards and responding to best practice as it develops.
The principles of the Code are:
1) Demand Led – New technologies and publication of data should support transparency and accountability;
2) Open – The provision of public data will be integral to the council`s engagement with residents so that it drives accountability to them;
3) Timely – Data will be published as soon as possible following production.
The UK Government has also issued a further Code of Recommended Practice on Transparency, compliance of which is compulsory for Community Councils with turnover (gross income or gross expenditure) not exceeding £25,000.00 per annum. These councils will be exempt from the requirements to have an External Audit from April 2017. The Blaengwrach Community Council exceeds this turnover but will never the less ensure the following information is published on this website for ease of access:
1) All transactions above £100.00;
2) End of Year Accounts (NOTE: The Council`s Financial Year is 1st April to 31st March);
3) Annual Governance Statement;
4) Internal Audit Reports;
5) List of Councillors;
6) Details of Assets;
7) Draft Minutes of Council and/or Committee meetings (within one month of the date of the meeting taking place);
8) Agendas etc. no later than three working days before the date of the scheduled meeting.
THIS POLICY WAS ADOPTED BY THE BLAENGWRACH COMMUNITY COUNCIL ON 13th September 2018.