- What personal information do we collect?
-
We collect and process a range of information about you in a variety of ways.
For example, your information has been referred to us from a third party such as the Department for Levelling Up, Housing and Communities (DLUHC) and the Home Office, your information has been collected through application forms and correspondence with you.
This can include
- your name, gender, date of birth, age, address and contact details, including email address and telephone number
- personal data about others, such as your family members, other members of your household (including guardians and carers)
- financial / payment data including your bank account details
- criminal allegations, convictions or offences
- special category information such as ethnicity, religion, biometric and health data
- Why do we process personal data?
-
Processing your information is necessary for the performance of a task carried out in the public interest / in the exercise of our official authority and where special category data is processed, it is necessary for reasons of substantial public interest.
For example to
- to make pre-arrival and post arrival checks / appointments.
- accommodation checks
- address validation checks
- disclosure and Barring Service (DBS) checks
- any other checks required to assess your suitability as a host / guest
- make any payments to hosts / sponsors
We may also need to process the data where we have a legal obligation to do so.
Criminal offence data will be processed under the most relevant of the 28 conditions of Schedule 1 of the Data Protection Act 2018 which are available for the processing of criminal offence data. This information is processed as part of the suitability checks.
- Who has access to your personal data?
-
Your information may be shared with the parties set out below for the purposes stated above.
- other Council Departments
- other Local Authorities
- other Government Departments
- law enforcement agencies such as the Police, Trading Standards and the Environmental Agency.
- Health & Safety Executive
- The Disclosure and Barring Service (DBS)
- charities and voluntary organisations (where consent is provided)
- those providing translation / interpretation services (where appropriate)
We may also need to contact these agencies to check information provided by you, or information about you provided by a third party with other information we hold.
We may also get information from third parties or give information to them to check the accuracy of information, to prevent or detect crime, or to protect public funds.
We may also disclose information when necessary to prevent risk of harm to an individual.
Where we need to disclose sensitive information such as medical details to a third party, we will only do so once we have obtained your explicit consent, or where we are legally required to or have another lawful basis to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
The organisation will not routinely transfer your data to countries outside the European Economic Area.
- How do we protect personal data?
-
We take the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Data will only be processed by members of staff authorised by the Data Controller for this purpose. Access to our systems is limited to authorised members of the legal team whose job role requires access to the personal data.
- How long do we keep your personal data?
-
For data relating to the initial expressions of interest exercise, this will be held for two years unless DLUHC identifies that its continued retention is unnecessary before that point.
For personal data held by the Council for its own functions, the retention period will be as set out in our retention and disposal schedule.
- Your rights
-
As a data subject, you have a number of rights, including access to your data. A request for access can be made via our website or by sending an email to foi@runnymede.gov.uk
Data Protection Subject Access Request(SAR) | Introduction – Runnymede Borough Council
To find out more about your rights please see the ‘Your Rights’ section of our main privacy statement
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially try to resolve it with the relevant department.
If you are unable to resolve the issue to your satisfaction contact our Data Protection Officer (DPO) who will investigate. If you remain dissatisfied with the outcome of the DPO’s review you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on their website Information Commissioner's Office (ICO)