We receive and process personal data relating to our service users in order to fulfil our role as the local authority building control service. We are committed to being transparent about how we collect and use this data and meet our data protection obligations.
What personal data do we collect?
We receive and process a range of personal data. This may include:
- your name, address, signature and contact details, including email address and telephone number
- information provided to us in your submissions
- financial information such as payment details
- information about medical or health conditions, including whether or not you have a disability where relevant to your building regulation application
We collect this information in a variety of ways. For example, it is supplied to us directly (or via your agent on your behalf) or we receive it from a third party website that provides a transaction service e.g. an electronic portal such as the planning portal
Why do we process personal data?
Processing your information is necessary to enable the building control service to perform their duties administering building regulation applications and in the exercise of our official authority. For example;
- to make decisions and provide advice on building regulation applications
- to undertake site inspections
- to undertake enforcement action
- to maintain registers of works undertaken
- to respond to allegations of unauthorised works
Some information provided to us we are obliged to make available on building regulation registers under the regulations. This is a permanent record of building regulation related works that form part of the history of a site, along with other facts that form part of the "land search".
Who has access to your personal data?
The register of building regulation applications is available via the council offices and may in future be on the council website for the public to view (in the same way as the planning register). We operate a policy where we routinely redact the following details before making forms, documents, letters, reports available online:
- personal contact details - e.g. telephone numbers, email addresses
- special Category Data - e.g. supporting statements that include information about health conditions and information agreed to be confidential
- financial Information
Sometimes we might decide it is necessary, justified and lawful to disclose data that appears in the list above. In these circumstances we will discuss this with you.
If you are submitting supporting information which you would like to be treated confidentially or wish to be specifically withheld from the public register, please let us know as soon as you can - ideally in advance of submitting the application. The best way to contact us about this issue is email@example.com.
Where necessary for the purposes stated your information will be shared with the parties set out below.
- other council departments, including internal consultees
- engineering/ plan checking consultants
- legal advisors
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not transfer your data to countries outside the European Economic Area.
How do we protect personal data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its authorised employees or individuals working on behalf of the Council in the performance of their duties.
How long do we keep your personal data?
How long we keep information will depend on the specific reason we are processing the data. We will keep your data for as long as necessary for the purpose it was provided or to comply with the law Some information will be kept longer to understand decisions that have been made.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a subject access request)
- require us to change incorrect or incomplete data
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
- object to the processing of your personal data in certain circumstances. We may still be required to hold or process information if there are legitimate grounds for doing so.
You can make a subject access request by following the instructions for making a subject access request.
To contact us about any of your other data protection rights, please contact the Data Protection Officer.
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially contact our Data Protection Officer and if dissatisfied with the outcome you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner.