This website is operated by Horsham District Council which is responsible for the processing of your personal data and is the data controller for all such information. We regard your privacy as very important.
Being transparent and providing accessible information to individuals about how we use personal information is a key element of the General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice.
Alongside this privacy notice we also provide service and project specific privacy notices that give further details on how we process your personal data.
1. Data Controller
A Data Controller is an individual or organisation that determines the purposes and means of processing personal data.
Horsham District Council is registered as a data controller with the Information Commissioner's Office (registration number: Z7294458).
As data controller we take all necessary steps to comply with the Data Protection Act 2018 and its relevant subordinate legislation when handling any personal information.
2. Purpose of processing personal information
As a local authority, the Council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.
If you use a specific Council service, we will usually let you know how that service will use your personal information via a separate privacy notice.
The General Data Protection Regulation ensures that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
- Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
- Keep your personal information securely using appropriate technical or organisational measures.
We will usually seek your consent prior to processing or sharing your information, however, if there is a legal reason, as outlined under the GDPR, we may not require your consent, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime.
Where we need to disclose special category or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
4. What personal information do we collect and why do we collect it?
- Personal information relating to identified natural persons used to deliver services such as:
- Housing needs, planning applications, access to information requests, legal claims, customer services, highways claims and complaints, parking services, and more.
- Special categories of information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life.
Health and wellbeing information. All local authorities have a duty to improve the health of the population they serve. To help with this, we use information from a range of source data, including data collected at the registration of a birth or death to understand more about the health and care needs in the area.
- Research and statistical data to provide intelligence about the District including demographic data, population projections, the economic situation, health and wellbeing information. This personal information is often pseudonymised when an identifier such as name is replaced with a unique number.
5. Information sharing
To ensure that the Council provides you with an efficient and effective service we will sometimes need to share your information between teams within the Council as well as with our partner organisations that support the delivery of the service you may receive, for example:
- County Council
- Fire Service
- Voluntary organisations
We may also need to supply your information to organisations we have contracted to provide a service to you. We will only ever share your information when necessary for performance of a statutory public task or with your consent and if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
For election purposes, to verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service.
Before sharing information the Council will ensure that:
- Privacy Notices are completed if appropriate.
- Technical security such as encryption and access controls are in place to keep information secure.
- Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
- Data Protection Impact Assessments are completed to assess any risks or potential negative effects.
- Common retention periods and deletion arrangements are set for the information.
- Subject access rights are catered for.
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA).
6. Your rights and retention periods
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion. Once your information is no longer needed it will be securely and confidentially destroyed. Service and project specific retention periods can be found in our Data Retention Schedule.
You have certain rights under the General Data Protection Regulation (GDPR), these are:
- The right to be informed via Privacy Notices such as this.
- The right to withdraw your consent. If we are relying on your consent to process your data then you can remove this at any point.
- The right of access to any personal information the Council holds about yourself. To request a copy of this information you must make a subject access request in writing. You are entitled to receive a copy of your personal data within 1 calendar month of our receipt of your subject access request. If your request is complex then we can extend this period by up to a further two months, if we need to do this we will contact you. You can request a subject access request, either via a letter to Data Protection Officer, Information Governance Team, Parkside, Chart Way, Horsham, West Sussex RH12 1RL.
- To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (such as a copy of your driving licence, passport and two different recent utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what Council service you were involved with.
- The right of rectification, we must correct inaccurate or incomplete data within one month. If this data has been shared with other organisations we must also inform those organisations of any changes so they can update their records.
- The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
- The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
- The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
- The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
- You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
If you want to exercise any of these rights then you can do so by contacting;
Data Protection Officer
Information Governance Team
7. Data Protection Officer
As a public authority we are required to have a Data Protection Officer who is responsible for:
- Monitoring the Council's compliance with the GDPR and other data protection laws. Monitoring our data protection policies, awareness-raising, training, and audits.
- Advising the council in respect to their data protection obligations.
- Provide advice and monitor the Data Protection Impact Assessment process.
- Acts as a point of contact for the Information Commissioner's Office (ICO) and members of public on any matter relating to Data Protection.
If you need to contact the Data Protection Officer their details are:
Data Protection Officer
8. Access to the Council's official information
Under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 you have a right to request any recorded official information held by the Council. The information you require may already be publicly available. The Council has a duty to make official recorded information available. The Council has a duty to make information available via a publication scheme. Before you submit a request please check the publication scheme and the Freedom of Information public disclosure log.
If you need to make an FOI request, it must be done in writing. Environmental Information Requests (EIR) can be made verbally. You can:
- Submit a request online
- Email firstname.lastname@example.org
- Write to:
Information Governance Team
- You do not need to say why you want the information. Your request must include your name, and an address for correspondence (if you apply by email, your email address is a suitable address for correspondence). Please ensure you identify the information you want as clearly as possible.
With certain limited exceptions, you are entitled to a response within 20 working days.
It costs nothing to make an Information request. However, the District Council can refuse to deal with your request if it is manifestly unreasonable or excessive.
In certain circumstances, the District Council may also charge for the cost of photocopying and postage.
You may not get the information you asked for:
- If the Council does not hold the information you have requested
- If the information is exempt from disclosure
- if finding the information you have requested would take longer than 18 hours
If we are unable to supply any of the information you have requested, we will tell you the reasons why.
For more details please refer to the Information Commissioner's Office website.
We take great care to ensure the security of this website and your personal information. We have put in place appropriate technical and organisational measures to ensure the safety and security of the information we collect on line. Any third party processing such information on the Council's behalf is contractually obliged to put in place similar measures. However, you should consider any communication that you transmit to us (such as data, questions, answers, comments or suggestions) as non-confidential. The Council will not be liable if information that belongs to you is intercepted and used by an unintended recipient.
11. Contact us
Data Protection Officer
Information Governance Team
12. Links to other websites