Translation disclaimer (Translation disclaimer)

This content has been translated by a computer program and may not be 100% accurate.

(This content has been translated by a computer program and may not be 100% accurate.)

Information Governance - privacy notice

View our latest privacy notice.

Calderdale Metropolitan Borough Council of Town Hall, Crossley Street, Halifax, HX1 1UJ is registered with the Information Commissioner's Office (ICO) under the provision of the Data Protection Act 2018. The Council takes its responsibilities as Data Controller under the Data Protection Act and UK GDPR very seriously.

This privacy notice explains how your personal information will be processed by our Information Governance team when we process:

  • Freedom of Information 2000 (FOI) and Environmental Information Regulations 2004 (EIR) requests.
  • Requests from individuals exercising their rights under the Data Protection Act 2018 (DPA) and UK GDPR. This includes: Subject Access Requests (SARs), CCTV footage requests, rectification requests, erasure requests, objections or complaints.
  • Re-use of Public Sector Information 2015 requests.
  • Information held in connection with personal data breaches.
  • Third-party requests for information made under the provisions of the GDPR.

Information we will collect

We collect personal information from you directly (such as via our online request form, email or post) or from third parties either making a request on your behalf or requesting your information under the provisions of the GDPR.

Dependant upon the type of request, we will process this information:

  • Name.
  • Contact details (email address, phone number, postal address).
  • Type of requestor and organisation.
  • Confirmation of identity. (For example, copies of documents such as passport, driving licence or other forms of acceptable identification.)
  • Copy forms of authorisation.
  • CCTV footage.
  • Personal data, including sensitive personal information (special category data and criminal offence data) collated in the process of dealing with requests.

Why we collect and hold this information

  • To respond to your request or complaint.
  • To comply with our obligations as a Local Authority and data controller under relevant legislation and laws such FOI, EIR, the Data Protection Act and GDPR.
  • To respond to the Information Commissioner's Office when dealing with complaints or investigations made under their regulatory powers.
  • To help us assess the effectiveness of our services and to plan and improve future services.

Sharing your personal data

Your information may be obtained from and shared with, the following organisations/services as necessary to deal with your request:

  • Other internal council services.
  • The Information Commissioner’s Office (ICO).
  • Third parties that you have authorised to represent you.

We only share relevant information about you with third parties where there is a legal basis to do so.

The lawful basis for the processing your data

We need to collect this information to meet our obligations under this legislation (but not limited to):

  • Freedom of Information Act 2000.
  • Environmental Information Regulations 2004.
  • Data Protection Act 2018.
  • UK General Data Processing Regulation (GDPR).
  • Re-use of Public Sector Information 2015.

We process personal information under these GDPR lawful bases:

  • Article 6(1)(a) - The individual has given clear consent for the council to process their personal data for a specific purpose.
  • Article 6(1)(c) - For compliance with the legal and statutory duties the Council is subject to under legislation as above.
  • Article 6(1)(e) - For the performance of our public task.

Where the information we process is special category data, the additional bases for processing that we rely on are:

  • Article 9(2)(a) - Explicit consent.
  • Article 9(2)(g) - Reasons of substantial public interest (with a basis in law) under condition (6) Statutory etc and government purposes.

How long we will keep your personal information

  • 6 years after the date of closure of your case. It will then be securely destroyed.

Your rights

The GDPR provides these rights for individuals:

  1. To be informed
  2. Access
  3. To rectification
  4. To erasure
  5. To restrict processing
  6. To data portability
  7. To object
  8. Rights in about automated decision making and profiling.

Not all rights are absolute and may only apply in certain circumstances.

You also have the right to complain to the Data Protection Officer if you feel that your data has not been handled in accordance with the law. To contact our Data Protection Officer, email: information.management@calderdale.gov.uk .

You also have the right to lodge a complaint with the Information Commissioner's Office.

Webpage feedback

Was this page helpful? Rate this page helpful Rate this page unhelpful