Information collected by us
We only collect the minimum that we need to deliver our service. This will include the following personal data:
- name
- address
- contact details
- date of birth
- proof of identity (we ask for this in relation to a data subject requests)
- images of you (we ask for this in relation to CCTV footage requests)
Once you have provided the necessary information to locate the material you have requested, we seek out and collate information from all service areas of the council that are holding information as described in your request.
If your request is a data subject request, this means we are likely to obtain and process all the information held by the relevant service area which holds the information you have requested. The information we obtain can therefore include both personal and special category information about you.
You should view each services individual Privacy Notices to see what information they are processing about you as appropriate.
We collect your personal information for the following purposes:
- the processing of Freedom of Information requests
- responding to requests for information covered by the Environmental Information Regulations
Responding to Data Subject Requests
Dealing with all Data Protection matters including any alleged data security incidents and /or personal data breaches
We will hold your personal information for 3 years. At its expiry date the information will be reviewed, and only retained where there is an ongoing requirement to retain for a statutory or legal purpose. Following this your personal information will be securely destroyed.
The lawful basis on which we collect and use your personal data is that
- processing is necessary for compliance with a legal obligation
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
We also process special category data, and the condition for processing this is
- processing is necessary for reasons of substantial public interest and is authorised by domestic law
This is supported by Section 10 of the DPA 2018, particularly Schedule 1, Part 2 – Substantial Public Interest conditions, paragraph 6 (statutory etc and government purposes) (2)(a). Where the relevant access regimes detailed in UK GDPR, DPA 2018, FOIA and EIR place a statutory obligation on the council to comply with requests for information.
We hold the information in line with the following legislation:
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
- Data Protection Act 2018
- UK General Data Processing Regulation (UK GDPR)
We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. We may share information with the following for these purposes:
- The Information Commissioner
- The Local Government and Social Care Ombudsman
- other internal council departments
- local health providers
- other local councils
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security incidents and we will notify you and the appropriate regulator of any incident where we are legally required to do so.
When computers make any decisions about you
The Information Governance service does not make or use any automated decisions.
When your data is sent to other countries
We do not send any information we collect about you outside the United Kingdom.
Rights for individuals under the UK GDPR
Find out about the rights for individuals under the UK GDPR in the council's corporate Privacy Notice
What are your rights?
Please contact the corporate information governance team at dataprotection@ealing.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our data protection officer via the same email address or write to: Data protection officer, Perceval House, 14-16 Uxbridge Road, Ealing W5 4HL
The UK GDPR also gives you the right to lodge a complaint with the Information Commissioners Office who are the supervisory authority responsible to regulate and monitor the legislative obligations within the UK.