This Privacy Notice was superseded on 18 February 2021
This version was valid from 25 May 2018 to 18 February 2021
West Lindsey District Council is committed to protecting your privacy when you use our services. The Privacy Notice below explains how we use information about you and how we protect your privacy.
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer at dpo@west-lindsey.gov.uk or by calling 01427 676676 and asking for the Data Protection Officer.
How we use your information
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
- visitors to our websites
- people who register for an online account
- people who register for and use our services
- people who are referred to us by other persons, agencies, or organisations
- people who contact us with an enquiry or complaint
- job applicants and our current and former employees
- people who participate in publicity for the Council
- people who are recorded on CCTV operated by the Council
Do you know what personal information is?
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example this could be your name and contact details. Here are some examples we might use:
- personal details
- family details
- employment and education details
- student and pupil records
- housing needs
- lifestyle and social circumstances
- visual images, personal appearance and behaviour
- physical or mental health details
- racial or ethnic origin
- data concerning a natural person’s sex life or sexual orientation
- trade union membership
- political affiliation
- political opinions
- offences (including alleged offences)
- religious or other beliefs of a similar nature
- criminal proceedings, outcomes and sentences
- goods and services
- financial details
- CCTV footage
- licenses or permits held
- business activities
- case file information
Why do we need your personal information?
We may need to use some information about you to:
- deliver services and support to you
- manage and promote those services we provide to you
- train and manage the employment of our workers who deliver those services
- carry out our licensing and regulatory duties
- provide commercial services including the administration and enforcement of parking regulations and restrictions
- provide non-commercial activities including refuse collections from residential properties
- marketing our local tourism
- carry out health and public awareness campaigns
- manage our property
- provide leisure and cultural services
- maintain our own accounts and records
- carry out surveys to help with research and planning of new services
- administer the assessment and collection of taxes and other revenue including benefits and grants
- to keep track of spending on our services
- comply with our legal obligations for data matching under local and national fraud initiatives
- help with crime prevention and prosecuting offenders including the use of CCTV
- help investigate any worries or complaints you have about your services; and
- manage archived records for historical and research reasons
To find out more about why and how our services use your information click on a particular department to review that department’s privacy notice:
- Benefits
- Building Control
- Commercial Waste
- Communities and Commercial Programmes
- Community Safety
- Corporate Policy
- Corporate Systems
- COVID-19 (Coronavirus)
- Customer Relationship Management System
- Customer Strategy and Services
- Electoral Registration
- Enterprising Communities
- Environmental Protection
- Finance and Business Support
- Food Safety and Health and Safety
- Growth and Regeneration
- Housing
- Licensing
- People and Organisation Development
- Planning and Development
- Property and Assets
- Revenues
- Self-Isolation Payment
- Waste and Recycling
- Wellbeing and Health
When you use Council services
We collect personal information because you have asked us to provide a Service (which we provide as part of our public duties); and we use that information to process and deliver the service to you. If you choose not to provide this information we will not be able to provide the service you asked for.
We will also store that information in our records for use in the future should you contact us for other services. We only collect information which is relevant to providing council services to you; and for communicating with you regarding those services.
We will share information such as your name, address and contact details across the council. If we have collected more specific information, or documentation relevant to a particular service you have requested, we may also share that information to other departments in the council when that information is needed to assess and provide other services.
We do this, to reduce the amount of information you will need to provide to us when you ask for additional services; and to help us locate information about your services easily and quickly to respond to your queries.
We will share your information with internal council departments and with partner organisations which deliver services on our behalf for the following purposes:
- To provide information and answer any queries that you have
- To assess, process and provide you with services that you requested
- To send you information about the services and topics you have asked to be kept informed about.
- To seek feedback on the services or information you have been provided.
We will not share your information with any other third-party organisation or transfer it outside the European Union without your consent.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information.
Each privacy notice explains for each service which legal reason is being used. Generally we collect and use personal information where:
- we have your (or your appointed representatives) consent. For example, you may have indicated your consent on a paper form or online form on our website
- where we have a contract with you or you have asked us to process your information prior to entering onto a contract
- where we are under a legal obligation that requires us to process your personal information
- we are protecting your vital interests, or those of other persons. For example, sharing details of your care record with a medical professional in an emergency
- where we are carrying out a public task, for instance, performing our safeguarding role, planning or waste services function
- where we have a legitimate need to use information for a specific purpose that does not unjustifiably infringe on your rights or freedoms
- it is required for the prevention or detection of crime
- it is required for obtaining legal advice or for the purposes of legal proceedings
- it is used for research purposes
If we have your consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact dpo@west-lindsey.gov.uk and tell us which service you’re using so we can deal with your request.
We only use what we need!
Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details so we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We don’t sell your personal information to anyone else.
Who may we share personal information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.
We’ll often complete a data privacy impact assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations. For instance, we need to give it to courts if the court orders that we provide the information.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
- in order to find and stop crime and fraud; or if there are serious risks to the public, our staff, or to other professionals
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can override your right to privacy.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so.
Organisations we may share data with are listed in the Privacy Notice for each Department.
Will personal information ever be transferred overseas?
In some circumstances we may need to transfer personal information (including sensitive personal data (also known as Special Category data)) to other organisations who are based overseas, including countries which are outside the European Economic Area. When doing so, we will ensure that procedures and technologies are put in place to maintain the security of all personal information which is processed overseas.
Where transferring to a country that has not be approved by the European Commission (EC) as providing adequate protection of individuals' rights, one or more of the following safeguards may be relied upon:
- use of EC approved contractual terms to protect individuals' rights
- transfers to US companies that are members of the EU-US Privacy Shield and have agreed to protect individuals' rights
- companies that have EC approved internal rules to protect individuals' rights.
How long do we keep your personal information?
We keep information for a set period of time which is often set out in law and we try to include all of these in our Retention and Disposal Schedule which lists how long we hold your information. This can range from months for some records to decades for more sensitive records.
What if I have any concerns about the use of personal information or its accuracy?
If you have concerns about the use of your personal information by West Lindsey District Council, or its accuracy, you may contact us at the address above.
How do we protect your information?
We will take appropriate steps to make sure we hold records about you (on paper and electronically) in a secure way, including:
- all employees who have access to your personal information or are associated with the handling of that information are obliged to respect the confidentiality of your personal information
- we will have put in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction
Some examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
- Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
What rights do you have in relation to your personal Information?
The law gives you a number of rights to control what personal information is used by us and how it is used by us. Please note that not all rights are automatic and some may not be available in certain circumstances:
You can ask for access to the personal information we hold on you
You can ask us whether we hold your personal information and you can a request a copy of the information we hold. We must normally provide it within 1 calendar month.
However, we can’t let you see any parts of your record which contain:
- Confidential information about other people; or
- Information a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or
- If we think that giving you the information may stop us from preventing or detecting a crime
This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies).
If you can’t ask for your records in writing, we’ll make sure there are other ways that you can. If you have any queries about access to your information please contact foi@west-lindsey.gov.uk or 01427 676676.
You can ask us to change information you think is inaccurate
You should let us know if you disagree with something written on your file.
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can ask us to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place
- Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we’re required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for, scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims
You can ask us to limit what we use your personal information for
You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it
- where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When information is restricted it can’t be used other than to securely store it and with your consent to handle legal claims and protect others, or where it’s for important public interests of the UK.
Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.
It’s likely that data portability won’t apply to most of the services you receive from the council.
You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.
You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when West Lindsey District Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we using your information.
Where can I get advice?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at dpo@west-lindsey.gov.uk or by calling 01427 676676.
For independent advice about data protection, privacy and information sharing issues, or if you are still dissatisfied with how the council have handled a complaint about use of your information, you can write to the Information Commissioner’s Office at the following address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Or email: casework@ico.org.uk
Visitors to our websites
When someone visits the following websites:
- west-lindsey.gov.uk
- planning.west-lindsey.gov.uk
- licensing.west-lindsey.gov.uk
- democracy.west-lindsey.gov.uk
- maps.west-lindsey.gov.uk
- west-lindsey-self.achieveservice.com
- west-lindseycalc.entitledto.co.uk
- trinityarts.co.uk
- discovergainsborough.com
We collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone and we do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Please note that if you make a comment (called ‘a representation’) on a specific planning application via the website, both your comments and contact details will be made public as part of the planning process. Similarly, representations about Licensing Applications made under the Licensing Act 2003 will be made public together with name and contact details.
Our websites may also use, on some pages, an Analysis and Feedback tool. We do not collect through the tool or transfer to it any Personal Identifiable Information.
The tool may collect and process information which is automatically and passively collected, whilst you navigate through and interact with the content on a tool-enabled site, together with information on your device or computer (such as cookies).
The sole purpose of passively collecting your information is to improve your experience when using the tool-enabled site.
Through the code embedded on a tool-enabled site, the information collected and processed includes:
Device-specific data
The following information may be collected related to your device and browser:
- device's IP address (captured and stored in an anonymized format)
- device screen resolution
- device type (unique device identifiers), operating system, and browser type
- geographic location (country only); and
- preferred language used to display the tool-enabled site
User interactions
- Mouse events (movements, location and clicks)
- Keypresses
Log data
For a sampling of visitors, the tool servers automatically record information which is collected from Customer Websites and the tool site. This data includes:
- referring URL and domain
- pages visited
- geographic location (country only)
- preferred language used to display the webpage
- date and time when website pages were accessed
The tool uses a variety of services hosted by third parties, such as Google Analytics and Optimizely. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP request. For information on how Google Analytics and Optimizely collect and use your information, please refer to their privacy policies. Keystrokes from password fields and fields marked as “sensitive” are never recorded or sent over the network.
Use of cookies by the council
You can read more about how we use cookies, and how to delete or reject them, on our Cookies page.
Search engine
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the council or any third party.
Online reporting tools
We collect information volunteered by members of the public by surveys and forms. We only use the personal information we collect to process the information and/or to check the level of service we provide.
Security and performance
The council’s website is hosted by EasySite. EasySite processes the IP addresses of visitors to help maintain the security and performance of the website.
People who telephone us
When you call the council we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.
We also offer a translation service provided by a third party company for customers when English is not their first language. The company that provides this service does not retain any information from the calls or record them.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to make sure that any email you send to us is within the bounds of the law.
People who make a complaint about someone else to us
When we receive a complaint from a person about someone else (e.g. complaints regarding anti-social behaviour, excessive noise, contraventions of planning regulations etc.) we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint, assist with enforcement, and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We will never disclose the complainant’s identity to whoever the complaint is about unless the complainant gives us their explicit consent or we are legally required to. We will only share personal information collected about the complaint with relevant agencies and bodies in line with our data sharing agreements.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for six years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
People who make a complaint about us
When we receive a complaint about us from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to the service or individual(s) that the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for six years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
If a complaint is escalated to the Local Government Ombudsman we may share information regarding your complaint with them to aid their investigation. Any information that is made available to the Local Government Ombudsman will not be shared with any wider audiences.
Job applicants, current and former Council employees
When individuals apply to work at the council, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for six months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the council, we will compile a file relating to their employment. We will process information about them for a variety of purposes including all aspects of the administration of their employment. The information contained in the file will be kept secure and will only be used for purposes directly relevant to that person’s employment. We will not share information with third parties except where the employee has asked us to or where the council is required to by law. Once their employment with the council has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Use of CCTV
The council operates monitored CCTV systems in some of our locations used by members of the public. The purpose of this CCTV is for the safety of the public and staff at these locations and to prevent and detect crime. In locations that have CCTV there are signs displayed notifying you that CCTV is in operation.
We will only disclose CCTV images to third parties for the purposes as stated above. CCTV images will not be released to the media for entertainment purposes or places on the internet.
CCTV images will be monitored, used and retained in accordance with the council’s CCTV Code of Practice. You can view the Council’s CCTV Code of Practice online.
You have the right to see CCTV images of yourself and be provided with a copy subject to certain criteria. Please visit our CCTV page to learn more about completing a Data Subject Access Request.
The council also operates public space and private customer CCTV solutions. You can find out more about these services on our CCTV page.
Disclosure of personal information
In many circumstances we will not disclose personal information without consent. However, when we investigate a complaint, for example, we will need to share personal information with the department concerned and with other relevant bodies.
Data matching for the prevention and detection of fraud and crime
West Lindsey District Council is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed on the National Fraud Initiative webpages.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Data matching by the Cabinet Office is subject to a Code of Practice.
Complaints or queries about our collection of personal information
The council tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 25 May 2018