West Lindsey District Council will comply with the Data Protection Act and the General Data Protection (GDPR) principles to make sure that personal information is:
- Processed fairly and lawfully and in a transparent manner
- Obtained for one or more specified, explicit and lawful purposes
- Adequate, relevant and only limited to what is required
- Accurate and where necessary kept up to date
- Not kept in a form which permits identification of data subjects for longer than is necessary
- Processed in accordance with the rights of data subjects
- Processed in a manner that ensures appropriate security of the personal data
The council’s Privacy Notice sets out how we collect, process and store personal data.
The Data Protection legislation also gives data subjects additional rights about the information we hold about them and how we use it, including the following:
- Right of access - this right provides the data subject with the ability to ask for information about what personal data (about him or her) is being processed and the rationale for such processing. The data subject can request access to see and view their own personal data, and can request copies of the personal data.
- Right to rectification - provides the data subject with the ability to ask for modifications to their personal data in case the data subject believes that this personal data is not up to date or accurate.
- Right to withdraw consent - provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a specified purpose. This is only applicable where the lawful basis for processing the personal data is because the data subject has given consent to the processing of their personal data for one or more specific purposes.
- Right to object - provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted.
- Right to object to automated processing - provides the data subject with the ability to object to a decision based on automated processing. Using this right, a data subject may ask for their request for a service to be reviewed manually, because they believe that automated processing of their request may not consider their unique situation.
- Right to erasure (also known as the right to be forgotten) - allows the data subject to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on the retention schedule and retention period in line with other applicable laws. It is not available, for instance, where the legal basis for processing the data was “Legal Obligation” or “Public Task”.
- Right for data portability – allows the data subject to ask for transfer of their personal data. As part of such request, the data subject may ask for their personal data to be provided back to them or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.
Data Protection Officer: Steve Anderson
West Lindsey District Council
Guildhall, Marshall's Yard