Data protection and privacy
The General Data Protection Regulation (GDPR) is legislation that sets out how we should manage and protect your personal information and it also provides you with various rights in relation to this information.
Information is classed as personal if it could identify you as an individual either directly or by adding information together.
North Lincolnshire Council is committed to protecting your privacy when you use our services and our Council Privacy Notice explains how we do this and how we use your information.
In addition we have created Privacy Notices for the different teams who use personal data that will be added in due course and these provide more information about why we are collecting your personal information and how we use it. Links to these can be found in following Team Privacy Notices section.
We have also created a Data Protection and Confidentiality Policy [PDF, 644Kb] to explain how we will comply with the GDPR.
We have a Data Protection Officer who helps us to look after your personal information and who will answer your questions about how we look after this information. Our Data Protection Officer is Phillipa Thornley and she can be contacted at firstname.lastname@example.org or by calling 01724 297000 and asking for your query to be directed to her.
We must ensure we abide by the six principles of the GDPR to ensure personal information is:
- Used in a lawfulness, fair and transparent way
- Collected for specified, explicit and legitimate purposes and not used in an incompatible way
- Adequate, relevant and limited to what is necessary
- Accurate and where necessary kept up to date
- Kept so that only identifies someone for no longer than is necessary
- Used in a manner that ensures appropriate security
We are also responsible for, and must be able to demonstrate, compliance with these principles.
Demonstrating compliance includes:
- Adopting and implementing Data Protection policies;
- Taking a ‘Data Protection by Design and Default’ approach;
- Putting written contracts in place with organisations that process personal data on our behalf;
- Maintaining documentation of our processing activities;
- Implementing appropriate security measures;
- Recording and, where necessary, reporting personal data breaches;
- Carrying out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests;
- Appointing a Data Protection Officer; and
- Adhering to relevant codes of conduct and signing up to certification schemes.
The GDPR provide everyone with a series of rights as shown below. The first rights means we must keep you informed about how we are processing your personal information. We are doing this by publishing a series of Team Privacy Notices.
An important part of these Privacy Notices is identifying the legal basis for the processing of your personal information. The legal basis will be one of the conditions set out in Articles 6 of the GDPR and also a condition from Article 9 where special categories of personal data are being processed, as follows:
- Performance of a contract
- Performance of a task or provision of a service in the public interest
- To comply with a legal obligation
- Protection of vital interests
- Legitimate interests
- Reasons of substantial public interest
- Preventative or occupational medicine
- Employment and Social Security
- Public interest in area of Public Health
- To establish, exercise or defend legal claims / courts acting in judicial capacity
- Personal data made public by the Data Subject
- Protection of vital interests
- Archiving purposes, scientific or historical research or statistical purposes
- Legitimate activities in relation to not for profit organisations with a political, philosophical, religious or trade union aim
- Adults and Community Resilience
- Blue Badges [PDF, 506Kb]
- Economy and Growth
- Human Resources
- Legal and Democracy
- Electoral Registration [PDF, 418Kb]
- Waste and Public Protection
- Learning, Skills and Culture
- Early Years, Early Education and Statutory Assessments [PDF, 543Kb]
- Governor Services [PDF, 435Kb]
- Governance, Partnerships and other cross council privacy notices
- Public Health
What is personal data?
Personal information – is any information relating to a natural person who can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or genetic information.
Special categories of personal data – relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
What does processing mean?
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller and data processor
Data controller – means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.
Data processor – means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
If you require assistance to make your request or about any other aspect of Data Protection or the General Data Protection Regulation (GDPR) please call our Customer Contact Centre on 01724 297000 or contact one of our Local Links, where your query will either be answered or passed on to the Data Protection Officer / Information Governance Team.
What to do if you are not happy
We aim to comply with the GDPR by meeting our organisational responsibilities and by responding to requests promptly and correctly. However, if you have an issue or would like to make a complaint, please see our Information Complaints page.
When we have investigated if you are still dissatisfied your route of Appeal is to the Information Commissioner’s Office (ICO) by completing the web contact form, by telephoning on 0303 123 1113 or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- Data Protection Officer
- Requesting your Personal Information
- Other GDPR Rights
- Information Security
- Investigatory Requests for Personal Information
- Professional Requests for Personal Information
- Freedom of Information
- Environmental Information Regulations
- Information Sharing
- Records Management
- Information Complaints
- Adoption File Access
- Data Protection Act 2018
- Information Commissioner’s Office (ICO)
- General Data Protection Regulation (GDPR)
Monday to Thursday: 8.30am to 4.30pm
Friday: 8.30am to 4pm