Data protection and privacy
In order to deliver services to citizens and communities in East Ayrshire, it is necessary for us to collect, gather and process personal data about residents, employees and other individuals.
In compliance with the Data Protection Act 2018, the Council has registered as a Data Controller with the Information Commissioner’s Office (ICO). Registration number Z6911362
This registration can be viewed at ICO: Register of fee payers.
As a Data Controller, we determine the purpose and methods for processing information and ensures safeguards over any personal and/or sensitive information it handles.
Why we process your data
We are required to process personal data lawfully and in accordance with current Data Protection legislation.
We need you to give us your personal information in order to allow us to provide services to you as the local authority for East Ayrshire. We also use your information to verify your identify where required, contact you by post, email or telephone and to maintain our records.
In order to deliver essential services to the citizens and communities of East Ayrshire, we need access to personal information about clients, customers and employees. This information can be sensitive in nature so we put safeguards in place to ensure that:
- we only gather as much information as we need, and no more
- the information is accurate and up-to-date
- the information is only used for the purpose intended
- we keep the information only for as long as we need to
We will not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause unwarranted detriment.
However there are circumstances where we are legally required to disclose information:
- for the purpose of performing statutory enforcement duties
- disclosures required by law
- for the purposes of detecting/preventing fraud
- for the purposes of detecting/preventing crime
- auditing/administering public funds
Information is processed by the Council in the UK or the EU. However, we will inform you in our individual Service Privacy Notices of any instance where this may not be the case.
If personal data is subject to an Automatic Decision Making process (by a computer) then we will inform you of this in our individual Service Privacy Notices. Any Automatic Decision Making results will be subject to a final decision by a council officer.
Back to top
Data matching
We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. Further information can be found on our National Fraud Initiative page.
Back to top
Sharing and protecting your information
To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf. Within the Council we may share your information between our services:
- so that the information held about you is up to date
- to allow us to provide and improve our services to you
- for statistical analysis for performance and management insight to help improve our services
- for fraud prevention
We will only share your information where it is required to do so such as where services are delivered jointly with other organisations. We will tell you who these other organisations are when we gather your information. This is detailed further in each of the specific ‘Privacy Notices’ in the section below.
In order to provide services to you, we may need to appoint other organisations to carry out some activities on our behalf. These may include, for example:
- data processors
- IT providers
- payment processing organisations
- delivery organisations
- mailing houses
- contractors or consultants providing services to the council (or directly to service users) where we need to provide them with personal information to allow them to provide these services
We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which the council could not do itself.
Where information is shared with other organisations or processed on our behalf, we will ensure adequate protection by ensuring contracts and sharing agreements are in place that define security controls around the sharing of the information.
Information is also analysed internally in order to provide management information, inform service delivery reform and similar purposes.
We have a Data Protection Policy (PDF 304 KB). This policy is regularly reviewed by the Data Protection Officer to ensure that the Council complies with the requirements of the data protection law.
All council officers are required to undertake data protection and information security training to ensure that personal data is processed in accordance with data protection principles.
Back to top
How long we keep your information
We will only keep your information for the minimum period necessary. After this time, information is deleted/destroyed in accordance with Council approved retention schedules. Please see our retention schedule (PDF 814 KB) which explains how long we keep information for.
Back to top
Service privacy notices
To learn more about how we use information in specific circumstances click the relevant link below:
Back to top
How to make an enquiry or lodge a complaint
Depending on why we need to process your information, you will have rights to how your information is used. These will be detailed in the Privacy Notices in the section above.
We have a lawful basis for the gathering and processing of information necessary for the delivery of critical services. You have the right to request that the Council stop processing your personal data in relation to any Council service. However, this may cause delays or prevent us delivering a service to you. Where possible, we will seek to comply with such requests but this may not be possible where we are required to do so by law, to safeguard public safety, where there is a risk of harm or in emergency situations.
Where we are relying on your consent to process information then you have the right to withdraw this consent at any time. Details of how to withdraw your consent will be given to you at the time you provide your consent.
Please submit an enquiry to us if you would like to:
- view your information
- verify, correct or update your information
- understand how we have arrived at a decision about you
- if you have a concern, complaint, objection or request a restriction on how we process your information
- enquire regarding data portability and whether you can transfer your data to another organisation
We will endeavour to respond to enquiries within 30 days of their submission.
Contact details for enquiries
Contact details for enquiries can be found on our Contact us webpage.
For independent advice or to lodge a complaint about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO). Contact details can be found at the bottom of this page, under 'Contact Information'.
Back to top
Information on how we use cookies
Our website privacy statement outlines the practices for our websites.
Back to top