Privacy statement

Data protection and privacy

In order to deliver services to citizens and communities in East Ayrshire, it is necessary for us to collect, gather and process personal data about residents, employees and other individuals.

In compliance with the Data Protection Act 2018, the Council has registered as a Data Controller with the Information Commissioner’s Office (ICO). Registration number Z6911362

This registration can be viewed at ICO: Register of fee payers.

As a Data Controller, we determine the purpose and methods for processing information and ensures safeguards over any personal and/or sensitive information it handles.

• Why we process your data
• Data matching
• Sharing and protecting your information
• How long we keep your information
• Service privacy notices
• How to make an enquiry or lodge a complaint
• Information on how we use Cookies

Why we process your data

We are required to process personal data lawfully and in accordance with current Data Protection legislation.

We need you to give us your personal information in order to allow us to provide services to you as the local authority for East Ayrshire. We also use your information to verify your identify where required, contact you by post, email or telephone and to maintain our records.

In order to deliver essential services to the citizens and communities of East Ayrshire, we need access to personal information about clients, customers and employees.  This information can be sensitive in nature so we put safeguards in place to ensure that:

• we only gather as much information as we need, and no more
• the information is accurate and up-to-date
• the information is only used for the purpose intended
• we keep the information only for as long as we need to

We will not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause unwarranted detriment.

However there are circumstances where we are legally required to disclose information:

• for the purpose of performing statutory enforcement duties
• disclosures required by law
• for the purposes of detecting/preventing fraud
• for the purposes of detecting/preventing crime
• auditing/administering public funds

Information is processed by the Council in the UK or the EU. However, we will inform you in our individual Service Privacy Notices of any instance where this may not be the case.

If personal data is subject to an Automatic Decision Making process (by a computer) then we will inform you of this in our individual Service Privacy Notices.  Any Automatic Decision Making results will be subject to a final decision by a council officer.

Back to top

Data matching

We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. Further information can be found on our National Fraud Initiative page.

Back to top

Sharing and protecting your information

To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf. Within the Council we may share your information between our services:

• so that the information held about you is up to date
• to allow us to provide and improve our services to you
• for statistical analysis for performance and management insight to help improve our services
• for fraud prevention

We will only share your information where it is required to do so such as where services are delivered jointly with other organisations. We will tell you who these other organisations are when we gather your information. This is detailed further in each of the specific ‘Privacy Notices’ in the section below.

In order to provide services to you, we may need to appoint other organisations to carry out some activities on our behalf.  These may include, for example:

• data processors
• IT providers
• payment processing organisations
• delivery organisations
• mailing houses
• contractors or consultants providing services to the council (or directly to service users) where we need to provide them with personal information to allow them to provide these services

We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which the council could not do itself.

Where information is shared with other organisations or processed on our behalf, we will ensure adequate protection by ensuring contracts and sharing agreements are in place that define security controls around the sharing of the information.

Information is also analysed internally in order to provide management information, inform service delivery reform and similar purposes.

We have a Data Protection Policy (PDF 304 KB). This policy is regularly reviewed by the Data Protection Officer to ensure that the Council complies with the requirements of the data protection law.

All council officers are required to undertake data protection and information security training to ensure that personal data is processed in accordance with data protection principles.

Back to top

How long we keep your information

We will only keep your information for the minimum period necessary. After this time, information is deleted/destroyed in accordance with Council approved retention schedules. Please see our retention schedule (PDF 814 KB) which explains how long we keep information for.

Back to top

Service privacy notices

To learn more about how we use information in specific circumstances click the relevant link below:

• Ayrshire Roads Alliance - Parking - Body Worn Cameras - Privacy Notice (PDF 245 KB)
• Ayrshire Roads Alliance – Privacy Notice (PDF 353 KB)
• Business Rates Privacy Notice
• Cashless Catering - Privacy Notice (PDF 403 KB)
• Community Safety - CCTV Privacy Notice (PDF 244 KB)
• Covid-19 Privacy Notice (PDF 169 KB)
• Customer Services (PDF 212 KB)
• Debt Recovery - Privacy Notice (PDF 211 KB)
• Education  - Privacy Notice (PDF 413 KB)
• Employability Services - Privacy Notice (PDF 419 KB)
• Housing Benefit, Council Tax and Scottish Welfare Fund – Privacy Notice (PDF 109 KB)
• Housing Services and Housing Asset Services - Privacy Notice (PDF 138 KB)
• Human Resources - Privacy Notice (PDF 141 KB)
• Outdoor Services - Privacy Notice (PDF 375 KB)
• Planning and Building Standards - Privacy Notice
• Registrars - Privacy Notice (PDF 375 KB)
• Regulatory Services - Privacy Notice (PDF 112 KB)
• Regulatory Services Body Worn CCTV - Privacy Notice (PDF 246 KB)
• Social Work Services (PDF 414 KB)
• Waste Management Services - Privacy Notice (PDF 361 KB)

Back to top

How to make an enquiry or lodge a complaint

Depending on why we need to process your information, you will have rights to how your information is used. These will be detailed in the Privacy Notices in the section above.

We have a lawful basis for the gathering and processing of information necessary for the delivery of critical services. You have the right to request that the Council stop processing your personal data in relation to any Council service. However, this may cause delays or prevent us delivering a service to you. Where possible, we will seek to comply with such requests but this may not be possible where we are required to do so by law, to safeguard public safety, where there is a risk of harm or in emergency situations.

Where we are relying on your consent to process information then you have the right to withdraw this consent at any time. Details of how to withdraw your consent will be given to you at the time you provide your consent.

Please submit an enquiry to us if you would like to:

• view your information
• verify, correct or update your information
• understand how we have arrived at a decision about you
• if you have a concern, complaint, objection or request a restriction on how we process your information
• enquire regarding data portability and whether you can transfer your data to another organisation

We will endeavour to respond to enquiries within 30 days of their submission.

Contact details for enquiries

Contact details for enquiries can be found on our Contact us webpage. 

For independent advice or to lodge a complaint about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO). Contact details can be found at the bottom of this page, under 'Contact Information'.

Back to top

Information on how we use cookies

Our website privacy statement outlines the practices for our websites.

Back to top