The Temple Normanton Parish Council (TNPC) respects your privacy. The information that you provide us with, or that is gathered automatically, helps us to monitor our services and provide to you the services that you are entitled to as a member of the association or visitor to our website.

Is my visit to this web site anonymous? Yes! Your visit to our site is anonymous (no personal information about you is recorded or gathered) unless you contribute it or fill in a form requesting information.

Cookies and Traffic Logs Our website uses 'cookies' which we do not use to identify an individual. We use cookies to assist in the delivery of services to you and for some technical reasons. If you are registered to the site you can use cookies to stay logged in when returning. You can use your browser software to restrict or to refuse to accept these, or at a later point in time, to remove them. We do not pass on information gathered from these cookies to any third party.

What's a Cookie? A cookie is small file placed on a user's computer by a Website, which logs information about the user and their previous/current visits for the use of the site next time the user visits the site. More information about cookies can be found in Guidance to the Privacy and Electronic Communications (EC Directive) Regulations 2003 which can be accessed by going to the Information Commissioner's website and following the relevant link.

What are Traffic Logs? We use traffic logs to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website in order to tailor it to customer needs. We only use this information anonymously for statistical analysis purposes.

Links Our website contains links to other sites. We are not responsible for the privacy practices within any of these other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements on other websites you visit.

DATA PRIVACY POLICY

1. Introduction

The Data Protection Act 2018, and the General Data Protection Regulations 2018, govern the way in which personal information and data is held and processed. This policy addresses the way staff and the TNPC work to adhere to the Act.

All staff and Executive Committee members are contractually responsible for following good data protection practice.

All staff and Executive Committee Members are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.

2. Principles under which we operate

TNPC regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.

TNPC intends to ensure that personal information is treated lawfully and correctly.

To this end, TNPC will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 2018 and the General Data Protection Regulations 2018.

Specifically, the Principles require that personal information:

a) Must be processed lawfully, fairly and transparently,
b) Is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent,
c) should be adequate, relevant and limited ie only the minimum amount of data should be kept for specific processing,
d) Must be accurate and, where necessary, kept up to date,
e) Should not be stored for longer than is necessary, and that storage is safe and secure,

Should be processed in a manner that ensures appropriate security and protection.

3. Your personal data – what is it?

"Personal data" is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the personal data alone or in conjunction with any other personal data. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the "GDPR) and other local legislation relating to personal data and rights such as the Human Rights Act.

4. Control of Data

Temple Normanton Parish Council is the data controller for your data. The information we hold about you is either:

- provided to us to fulfil a contractual obligation, or
- provided to us to maintain a register of information pertinent to the parish of Temple Normanton.

The Association works with other Data Controllers such as the Derbyshire association of Local Councils, National Association of Local Councils, the Society of Local Council Clerks, other not for profit entities and contractors.

We may need to share your personal data we hold with them so that they can carry out their responsibilities to the Association. If we and other data controllers listed above are processing your data jointly for the same purposes, then the Association and the other data controllers may be 'joint data controllers' which means that we are collectively responsible for your data. Where each of the parties listed above are processing your data for their own independent purposes then each of us will be independently responsible to you.

5. We use your personal data for some or all of the following purposes:

• To deliver a contractual service to you including to understand your needs to provide the services that you request and to understand what we can do for you and inform you of other relevant services;
• To confirm your identity to provide some services;
• To contact you by post, email, telephone or using social media (e.g., Facebook, Twitter, WhatsApp);
• To help us to build up a picture of how we are performing;
• To prevent and detect fraud and corruption and where necessary for the law enforcement functions;
• To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments and generally as necessary to protect individuals from harm or injury;
• To promote the interests of the Association;
• To maintain our own accounts and records;
• To seek your views, opinions or comments;
• To notify you of changes to our premises, services, events and staff, councillors and role holders;
• To send you communications which you have requested and that may be of interest to you;
• To process relevant financial transactions;
• To allow the statistical analysis of data so we can plan the provision of services.

6. What is the legal basis for processing your personal data?

We process personal data in relation to the performance of a contract with you, or your Council, or to take steps to enter into a contract. Sometimes the use of your personal data requires your consent. We will first obtain your consent to that use. We will always take into account your interests and rights.

7. Sharing your personal data

The Association will implement appropriate security measures to protect your personal data. This section of the Privacy Policy provides information about the third parties with whom the council will share your personal data. These third parties also have an obligation to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data. It is likely that we will need to share your data with some or all of the following (but only where necessary):

• Our agents, suppliers and contractors. For example, we may ask a commercial provider to publish documents on our behalf, or to maintain our database software;

On occasion, other local authorities or not for profit bodies with which we are carrying out joint ventures e.g. in relation to training or events for the Association's membership.

8. How long do we keep your personal data?

We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 8 years to support HMRC audits or provide tax information. The Association is permitted to retain data in order to defend or pursue claims. In some cases the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.

9. Your rights and your personal data

You have the following rights with respect to your personal data:

When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.

(i) The right to access personal data we hold on you

(ii) The right to correct and update the personal data we hold on you

(iii) The right to have your personal data erased

(iv) The right to object to processing of your personal data or to restrict it to certain purposes only

(v) The right to data portability

(vi) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained

(vii) The right to lodge a complaint with the Information Commissioner's Office.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

10. Transfer of Data Abroad

Any personal data transferred to countries or territories outside the European Economic Area ("EEA") will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.

11. Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a Privacy Notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

12. Changes to this policy

We keep this Privacy Policy under regular review and we will place any updates on This Policy was last updated in September 2018.

13. Contact Details

Please contact the Clerk if you have any questions about this Privacy Policy or the personal data we hold about you or to exercise all relevant rights, queries or complaints.