Data protection and privacy
In order to deliver services to citizens and communities in East Ayrshire, it is necessary for the Council to collect, gather and process personal data about residents, employees and other individuals.
In compliance with the Data Protection Act 2018, the Council has registered as a Data Controller with the Information Commissioner’s Office (ICO). Registration number Z6911362
This registration can be viewed on the ICO website.
As a Data Controller, the Council determines the purpose and methods for processing information and ensures safeguards over any personal and/or sensitive information it handles.
Who we are
Contact details for the Council:
Customer Services
East Ayrshire Council
London Road
Kilmarnock
KA3 7BU
Telephone: 01563 554400
Out of Hours: 0345 724 0000
Email: customerservices@east-ayrshire.gov.uk
Data Protection Officer:
The Council’s Data Protection Officer is Robert Gibson and can be contacted by email:
information.governance@east-ayrshire.gov.uk
Back to top
Why we process your data
The Council requires to process personal data lawfully and in accordance with current Data Protection legislation.
We need you to give us your personal information in order to allow us to provide services to you as the local authority for East Ayrshire. We also use your information to verify your identify where required, contact you by post, email or telephone and to maintain our records.
In order to deliver essential services to the citizens and communities of East Ayrshire, we need access to personal information about clients, customers and employees. This information can be sensitive in nature so we put safeguards in place to ensure that:
- We only gather as much information as we need, and no more
- The information is accurate and up-to-date
- The information is only used for the purpose intended
- We keep the information only for as long as we need to
We will not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause unwarranted detriment.
However there are circumstances where the Council is legally required to disclose information :
- For the purpose of performing statutory enforcement duties
- Disclosures required by law
- For the purposes of detecting/preventing fraud
- For the purposes of detecting/preventing crime
- Auditing/administering public funds
Information is processed by the Council in the UK or the EU. However, we will inform you in our individual Service Privacy Notices of any instance where this may not be the case.
If personal data is subject to an Automatic Decision Making process (by a computer) then we will inform you of this in our individual Service Privacy Notices. Any Automatic Decision Making results will be subject to a final decision by a council officer.
Back to top
Data matching
East Ayrshire Council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. Further information on the National Fraud Initiative can be found at National Fraud Initiative.
Back to top
Sharing and protecting your information
To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf. Within the Council we may share your information between our services:
- so that the information held about you is up to date
- to allow us to provide and improve our services to you
- for statistical analysis for performance and management insight to help improve our services
The Council will only share your information where it is required to do so such as where services are delivered jointly with other organisations. We will tell you who these other organisations are when we gather your information. This is detailed further in each of the specific ‘Privacy Notices’ in the section below.
In order to provide services to you, we may need to appoint other organisations to carry out some activities on our behalf. These may include, for example, data processors, IT providers, payment processing organisations, delivery organisations, mailing houses and contractors or consultants providing services to the council (or directly to service users) where we need to provide them with personal information to allow them to provide these services. We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which the council could not do itself.
Where information is shared with other organisations or processed on our behalf, we will ensure adequate protection by ensuring contracts and sharing agreements are in place that define security controls around the sharing of the information.
Information is also analysed internally in order to provide management information, inform service delivery reform and similar purposes.
The Council has a Data Protection Policy. This policy is regularly reviewed by the Data Protection Officer to ensure that the Council complies with the requirements of the data protection law.
All council officers are required to undertake data protection and information security training to ensure that personal data is processed in accordance with data protection principles.
Back to top
How long we keep your information
We will only keep your information for the minimum period necessary. After this time, information is deleted/destroyed in accordance with Council approved retention schedules. Please see our ‘retention schedule ’ which explains how long we keep information for.
Back to top
Service privacy notices
To learn more about how we use information in specific circumstances click the relevant link below:
Back to top
How to make an enquiry or lodge a complaint
Depending on why we need to process your information, you will have rights to how your information is used. These will be detailed in the Privacy Notices in the section above.
The Council has a lawful basis for the gathering and processing of information necessary for the delivery of critical services. You have the right to request that the Council stop processing your personal data in relation to any Council service. However, this may cause delays or prevent us delivering a service to you. Where possible, we will seek to comply with such requests but this may not be possible where the Council is required to do so by law, to safeguard public safety, where there is a risk of harm or in emergency situations.
Where the Council is relying on your consent to process information then you have the right to withdraw this consent at any time. Details of how to withdraw your consent will be given to you at the time you provide your consent.
Please submit an enquiry to us if you would like to:
- View your information
- Verify, correct or update your information
- Understand how we have arrived at a decision about you
- If you have a concern, complaint, objection or request a restriction on how we process your information
- Enquire regarding data portability and whether you can transfer your data to another organisation
We will endeavour to respond to enquiries within 30 days of their submission.
Contact details for enquiries:
Customer Services
East Ayrshire Council
London Road
Kilmarnock
KA3 7BU
Tel : 01563 554400
Email : customerservices@east-ayrshire.gov.uk
For independent advice or to lodge a complaint about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel : 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national number.
Alternatively, visit ico.org.uk or email casework@ico.org.uk
Back to top
Information on how we use cookies
This website privacy statement outlines the Council's practices for our websites.
Back to top