Information governance privacy notice - Privacy notices

Who are we and what services do we provide?

Runnymede Borough Council are responsible for complying with information laws and regulations, ensuring we meet information rights and have effective management and protection of data assets. Our information management team processes information to meet this objective.

What personal information do we collect?

We collect and processes a range of information to meet our responsibilities for data management and protection.

  • Identity data [name, address, date of birth, gender etc]
  • Contact data [email address and telephone number etc]
  • Identification documents [driving licence, passport and utility bill etc]
  • Information provided as part of a request or enquiry [personal circumstances, interactions with council etc]

We collect this information in a variety of ways. For example, data is collected through online forms, correspondence with you and referrals from other council departments.

What lawful basis is engaged?

Our lawful basis for the above purposes is as follows.

Legal Obligation - we need to collect or use your information to comply with a legal obligation which we are subject to. 
We have a legal obligation to process and respond to FOI & EIR requests and your rights under data protection law such as SARs and we require your personal information in order to comply with this obligation.

All of your data protection rights may apply, except the right to erasure and the right to portability.

Where it is necessary to process special categories of personal data, this will be processed under:

  • Article 9(2)(g) of the UK GDPR – processing is necessary for reasons of substantial public interest. 
     
Why do we process personal data?
We have a legal obligation to process and respond to FOI & EIR requests and your rights under data protection law such as SARs and we require your personal information in order to comply with this obligation.
Who has access to your personal data?

Our processors use your data to provide us with services necessary to meet our objectives. We ensure that there are appropriate agreements in place to protect your data and it is only processed under our instruction.

IKEN - Case management system

Who do we share data with?

Where necessary, for the purpose stated, your information will be shared with the parties 

  • Council departments
  • Information Tribunal
  • Courts
  • Information Commissioner’s Office 
  • Insurers to assess and process any claims 
How do we protect personal data?

Please see the ‘How we take care of your personal data’ section of our main Privacy Policy. 

How long do we keep your personal data?

We keep the register of requests for 2 years, but the actual emails received are kept in line with our email retention policy. Please see our Record Retention Document for further information. 

Your rights

Rights available are directly related to our lawful basis for processing which is set out above. To find out more about your rights please see the ‘Your Rights’ section of our main Privacy Policy.