What are your individual rights over your personal data?
You can access the personal data we hold about you
You have the right to receive a copy of the information the council holds about you. A request for this information is called a subject access request.
You can request the correction of your personal data when incorrect, out of date or incomplete
If you think that we have inaccurate data about you or you don’t agree with what we hold on your file you can ask us to review.
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include a note on our system to show that you disagree with it.
You can withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
You can withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end that we stop using your personal data for direct marketing
You have the right to erasure (right to be forgotten)
The right to erasure does not provide an absolute ‘right to be forgotten’. You can ask to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
Please note that we can’t delete your information where:
- we’re required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for, scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims
You have the right to restrict processing
You have the right to request you restrict the processing of your personal data in the following circumstances:
- You have contested the accuracy of your personal data and we are verifying the accuracy of the data
- the data has been unlawfully processed and the you have request restriction rather than erasure
- we no longer need the personal data but the you require us to keep it in order to establish, exercise or defend a legal claim
- you have objected to us processing your data and we are considering whether our legitimate grounds override individual rights.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This only applies if we’re using your personal information with consent (not if we’re required to by law) and we are carrying out the processing by automated means.
It’s likely that data portability won’t apply to most of the services you receive from the council.
You can ask us to stop direct marketing
You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes.
You can also object if the processing is for:
- a task carried out in the public interest
- the exercise of official authority vested in you
- your legitimate interests (or those of a third party).
But if we are processing data for scientific or historical research, or statistical purposes, the right to object is more limited.
You can ask us to review a decision that was made by automated means including profiling
If we have made an automated decision including profiling, you can ask for an officer to review the decision.
For further information on any of the above rights or to make a request please email: dataprotection@ealing.gov.uk or call the data protection team on 020 8825 5124.
Contacting the Information Commissioners Office
If you feel your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint to the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit ico.org.uk or email casework@ico.org.uk.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.