Data Protection and your rights

Under data protection legislation, you have the right to request access to the information that we hold about you. In certain circumstances you also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • have inaccurate personal data rectified, blocked, erased or destroyed.

Why we collect information

When the Council collects information about you, you have the right to know what the Authority is collecting under the 'Right to be informed'. The Council will always be transparent with you about this and will make it clear why we are collecting your information and will explain what we intend to do with it. This will either be explained to you in person, through the privacy notice on our website, or by providing you with a leaflet which will outline why we are collecting your information.

Accessing your personal information

The General Data Protection Regulation (GDPR) gives you the right to access your personal information under the 'Right of Access'.

Under this right you have the right to request:

  • confirmation that we hold your personal information and the reasons for doing so
  • request a copy of your personal information.

How do I ask for my personal information?

To request a copy of the information, you will need to supply us with as much detail as possible such as:

  • your full name and current address
  • contact email and phone numbers
  • any previous names
  • date of birth
  • details of any siblings or other family members
  • previous addresses, dates or periods that you were in, or receiving care
  • proof of identity.*

* Your proof of identity should be scanned copies of two official documents which show your date of birth, name and current address on it. These could include your current driver’s licence, current passport, utility bill, council tax bill etc. If you wish, you can appoint someone you trust to act on your behalf. If you are applying to see someone else’s records you will need to enclose their signed permission or other legal documentation (e.g. Parental rights or Power of Attorney) to confirm their request.

Our Subject Access Request forms

More information onSubject Access Requests.

Once completed you can return the form by email or post.

  • Email:dpo@bassetlaw.gov.uk
  • By post: Data Protection Officer, Bassetlaw District Council, Queen’s Buildings, Potter Street, Worksop, S80 2AH

What personal information can I ask for?

You can ask for any information that we hold about you. Under Data Protection Legislation, personal information is any information that we collect about you or can be used to identify you. Examples of information that can be considered personal information include:

  • a case file or report about you
  • the IP address of the computer that you used to access any of our website services
  • other people’s opinions about you
  • photographs
  • your finger or voiceprints
  • your blood type
  • video or audio footage where you appear or are heard.

There may also be some circumstances where it is not possible to provide you with all of your information, these include but are not limited to information:

  • supplied in a confidential reference
  • supplied in confidence
  • that could be used to obstruct attempts to prevent or detect crime
  • about you that is already publicly available
  • that is used about you in management forecasting or planning
  • that could cause you serious harm

Does it cost anything to access my personal information?

Requests for access to your personal data are free of charge, however we will charge an administration fee if your request is for further copies of the same information or your request is considered excessive or manifestly unfounded as defined by General Data Protection Regulation. If we do have to apply an administration charge we will only do so after informing you of the approximate cost up front and you agree to proceed with the request at that cost. If you feel that we are trying to apply an unreasonable fee, you have the right to make a complaint to the Information Commissioner’s Office. Examples of what could be classed as excessive or manifestly unfounded include, making repeated requests for information to the council with the aim of impacting on the delivery of services.

What format can I receive my information in?

We have a range of format options available to you and will normally respond to you by the method in which you made contact with us.

  • Electronic fileIf you contacted us by email or use any of our online forms, then we will normally supply you with an electronic copy of your information, this will be usually be in Portable Document Format (PDF).
  • Paper copyIf you write to us, or request a paper copy when contacting us by email or online, you will receive a paper copy of your file.
  • In personIf you make a request to access your information from one of our offices, we will invite you in to come in to see us
  • Portable formatUnder the GDPR you can also request access to your information in a format that will allow you to use it within other computer software, this is called the 'Right to data portability'. When making this type of request please be aware that we can only supply you with the information that you have provided to us and we will not be able to provide you with any of our detailed assessments of your data. If you have a disability that requires a format other than paper or the format prevents you from accessing the material by electronic means then you should let us know when you make your request.

What happens if I am not satisfied with the response?

If you are not happy with the information that you have received from us then you will need to contact the officer that you received the information from, highlighting your concerns. If you are unable to resolve this with the officer, then you can ask for the Data Protection Officer to conduct an in internal review of your request. If you are still not satisfied, then you have the right to make a complaint about the response to the Information Commissioner’s Office.

Responding to your requests

Under Data Protection Legislation we are required to respond to any of your 'individual rights' requests within one calendar month. Sometimes there may be specific circumstances where we may not be able to respond to your request within one month and we may be required to apply a two-month extension. This may be due to the size of the files or complexity of the request at the time. If we need to apply an extension we will notify you within one calendar month and always outline the reasons why. If you have concerns over the way we are handling your personal information or need to appeal against any of our decisions with regard to your rights, in the first instance, you will need to write to the Council’s Data Protection Officer.

If you still have concerns over the way we handled you request or you are not happy with the way we are handling your personal data you can write to the Information Commissioner’s Office

Your other rights

You can also ask us to:

  • correct your data if you think it is wrong
  • stop using your data if you think we no longer should be using it
  • stop using your data if you think it is wrong, until it’s put right
  • ask that no automated processing (‘Computer says no!’) takes place with your data
  • ask for any automated portable electronic data file we hold on you to be sent to another organisation; or
  • consider any complaint you have about how we have used your data

Details on your specific rights are published in each of our service privacy notices, if you want to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means

In certain circumstances, to have inaccurate personal data rectified, blocked, erased or destroyed, then you will need to write to the Council’s Data Protection Officer.

Retention periods

When we collect information about you, we store it for a set period of time depending on legislation, guidelines or codes of practice that specifies the length of the time that records must be kept. Information on this is stored in our Retention Schedules. When no guidance exists, we work with the services within the Council, to determine how long records must be kept. When we develop our retention schedules we take into consideration the requirements of the following overarching pieces of legislation:

  • Records of Processing Activities – Article 30 GDPR
  • Principle (e) of the General Data Protection Regulation
  • Section 46 of the Freedom of Information Act
  • Section 22 of the Local Government Act

View the most recent copy of the Retention Schedule. The Retention Schedule is a Live Document and as such, is updated regularly. Read our policy and guidelines that govern how we manage our Retention Schedule.

How secure is your information

You can be confident your information is safe with the Council. The Authority takes all reasonable steps to ensure that your personal information is kept secure by following recognised security and information handling codes of practice. The Council takes the protection of your personal information seriously and has appointed staff into the following key posts:

Data Protection Officer

Responsible for assessing all privacy risks and providing advice and guidance to clients and services.

Bassetlaw District Council is a Data Controller for the personal data that we hold. The contact details for you to exercise any of your data protection rights, or to raise any concerns you may have regarding your personal data are:-

Data Protection Officer,
Bassetlaw District Council,
Queens Buildings,
Potter Street,
Worksop,
Notts,
S80 2AH.

Email: DPO@bassetlaw.gov.uk

Telephone: 01909 533533


Last Updated on Thursday, October 10, 2024