- What personal information do we collect?
-
We may collect the following types of personal data
- your name, address, email address, telephone number, social media handle and other information that allows us to contact you back to deal with your enquiry
- comments/images that may contain personal or sensitive data that you choose to share with us
In most cases this information is collected during our interactions with you when you contact us about a service or sign up to our newsletter. This information is only stored on the social media platform messaging service or on our e-newsletter provider’s secure server, but may occasionally be screenshotted and emailed to Council staff.
If we believe a resident is abusing our social media policy, we will store their username and screenshots of relevant comments on our server, in case of further action being taken.
- Why do we process personal data?
-
We process your information on one of the following grounds
- Our public task - to provide a good service for residents, for example, if you report a missed bin collection in consecutive months, we will be able to report the issue without needing repetition of your personal details
- With your consent – for example if you ask to receive our e-newsletter
- Our legitimate interests - for example, to monitor what is being posted online that could impact on the council and its residents
- Who has access to your personal data?
-
Your personal data that you supply to us may be shared with another service within Runnymede Borough Council to allow your query to be answered, for example, the Environmental Health Department, if your message relates to a missed bin collection.
All council officers are required to undertake relevant training to ensure that personal data is processed in accordance with the principles of data protection legislation.
We may share posts that you have already made public with council services or partners to ensure we meet our responsibilities where we believe the post may impact our residents or services. For example: in an instance where a social media user indicates an offense is about to be, or has been committed, or if a resident is breaching a term of contract with the Council, the Communications Team may view public profiles to identify the social media user and report to a relevant department.
- How do we protect personal data?
-
We take the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our social media and e-newsletter software is limited to members of the Communications Team whose job role requires access to the personal data.
- How long do we keep your personal data?
-
We will only keep your information for the minimum period necessary in order to help assist with your query or issue. Unless the conversation is ongoing, or the information within the conversation is relevant to a current conversation or investigation, any direct messages the Council receives via social media will be retained for six months and then deleted following the last correspondence. Messages will only be retained for the purposes of statistics, which will be anonymised.
Please note that the Council are only able to delete 'message conversations', not individual 'messages’. If you write to us through the same social media channel before the end of the retention period, older messages will be kept until the new query is deleted, six months after receipt.
- Your rights
-
As a data subject, you have a number of rights, including access to your data. A request for access can be made via our website or by sending an email to foi@runnymede.gov.uk
Data Protection Subject Access Request(SAR)
To find out more about your rights please see the ‘Your Rights’ section of our main privacy statement
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially try to resolve it with the relevant department.
If you are unable to resolve the issue to your satisfaction contact our Data Protection Officer (DPO) who will investigate. If you remain dissatisfied with the outcome of the DPO’s review you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on Information Commissioner's Office (ICO) website.