We collect and process personal data in order to pay our creditors. We are committed to being transparent about how we collect and use that data and meet our data protection obligations.
What information do we collect?
We collect and process a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number
- bank account number and sort code
- transactional data including payments to and from you;
We collect this information in a variety of ways. For example, data is collected through application forms and correspondence with you.
Information is also obtained from other council departments.
Why do we process personal data?
Processing data for the purpose of paying creditors is undertaken to comply with a contract to which we are subject.
We also have a legal obligation to process information such as publish records of payments made over £500.
Who has access to data?
Where necessary your information will be shared with the parties set out below for the purposes stated above.
- National Fraud Initiative (NFI).
- HMRC for those registered in the Construction Industry Scheme
- HMRC in respect of VAT on invoices
- Public register of payments over £500 published on our website
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not transfer your data to countries outside the European Economic Area.
How do we protect data?
We take the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our systems is limited to authorised members of the finance team whose job role requires access to the personal data.
For how long do we keep your data?
We will hold your personal data for as long as necessary for the purposes stated. Some data may be required to be held for longer than other data. A detailed breakdown of these retention periods are listed in our document retention schedule. If you would like to review our retention schedule please contact our Data Protection Officer.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a subject access request)
- require us to change incorrect or incomplete data;
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
object to the processing of your personal data in certain circumstances. We may still be required to hold or process information if there are legitimate grounds for doing so.
You can make a subject access request by following the instructions for making a subject access request.
To contact us about any of your other data protection rights, please contact the Data Protection Officer.
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially contact our Data Protection Officer and if dissatisfied with the outcome you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner.