Privacy statement

We are required to process personal data lawfully and in accordance with current data protection legislation.

We need you to give us your personal information in order to allow us to provide services to you as the local authority for East Ayrshire. We also use your information to verify your identify where required, contact you by post, email or telephone and to maintain our records.

In order to deliver essential services to the citizens and communities of East Ayrshire, we need access to personal information about clients, customers and employees.  This information can be sensitive in nature so we put safeguards in place to ensure that:

• we only gather as much information as we need, and no more
• the information is accurate and up-to-date
• the information is only used for the purpose intended
• we keep the information only for as long as we need to

We will not disclose personal information to third parties for marketing purposes without your consent or use your personal data in a way that may cause unwarranted detriment.

However there are circumstances where we are legally required to disclose information:

• for the purpose of performing statutory enforcement duties
• disclosures required by law
• for the purposes of detecting/preventing fraud
• for the purposes of detecting/preventing crime
• auditing/administering public funds

Information is processed by the Council in the UK or the EU. However, we will inform you in our individual service privacy notices of any instance where this may not be the case.

If personal data is subject to an Automatic Decision Making process (by a computer) then we will inform you of this in our individual Service Privacy Notices.  Any Automatic Decision Making results will be subject to a final decision by a council officer.

We are required by law to protect the public funds we administer.

We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Find out more about National Fraud Initiative.

To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf.

Within the Council we may share your information between our services:

• so that the information held about you is up-to-date
• to allow us to provide and improve our services to you
• for statistical analysis for performance and management insight to help improve our services
• for fraud prevention

We will only share your information where it is required such as where services are delivered jointly with other organisations. We will tell you who these other organisations are when we gather your information. This is detailed further in each of the 'service privacy notices' below.

In order to provide services to you, we may need to appoint other organisations to carry out some activities on our behalf.

These may include, for example:

• data processors
• IT providers
• payment processing organisations
• delivery organisations
• mailing houses
• contractors or consultants providing services to the Council, or directly to service users, where we need to provide them with personal information to allow them to provide these services

We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which the Council could not do itself.

Where information is shared with other organisations or processed on our behalf, we will ensure adequate protection by ensuring contracts and sharing agreements are in place that define security controls around the sharing of the information.

Information is also analysed internally in order to provide management information, inform service delivery reform and similar purposes.

Data protection policy

We have a Data Protection Policy (PDF 304 KB). This policy is regularly reviewed by the Data Protection Officer to ensure that the Council complies with the requirements of the data protection law.

All council officers are required to undertake data protection and information security training to ensure that personal data is processed in accordance with data protection principles.

We will only keep your information for the minimum period necessary.

After this time, information is deleted/destroyed in accordance with our Council approved Retention Schedule (PDF 814 KB) which explains how long we keep information for.

Learn more about how we use information in specific circumstances in the service privacy notices below:

1. Ayrshire Roads Alliance Privacy Notice
2. Ayrshire Roads Alliance: Parking – Body Worn Cameras Privacy Notice
3. Business Rates Privacy Notice
4. Cashless Catering Privacy Notice
5. Cleaner Communities Privacy Notice
6. Community Safety CCTV Privacy Notice
7. Customer Services Privacy Notice
8. Debt Recovery Privacy Notice
9. Education Privacy Notice
10. Employability Services Privacy Notice
11. Greener Communities Privacy Notice
12. Housing Benefit, Council Tax and Scottish Welfare Fund - Privacy Notice
13. Housing Services and Housing Asset Services Privacy Notice
14. Human Resources Privacy Notice
15. Planning and Building Standards Privacy Notice
16. Registration Services Privacy Notice
17. Regulatory Services Privacy Notice
18. Regulatory Services Body Worn CCTV Privacy Notice
19. Social Work Services Privacy Notice

Depending on why we need to process your information, you will have rights to how your information is used. These will be detailed in the service privacy notices section above.

We have a lawful basis for the gathering and processing of information necessary for the delivery of critical services.

You have the right to request that the Council stop processing your personal data in relation to any Council service. However, this may cause delays or prevent us delivering a service to you. Where possible, we will seek to comply with such requests but this may not be possible where we are required to do so by law, to safeguard public safety, where there is a risk of harm or in emergency situations.

Where we are relying on your consent to process information then you have the right to withdraw this consent at any time. Details of how to withdraw your consent will be given to you at the time you provide your consent.

Please submit an enquiry to us if you would like to:

• view your information
• verify, correct or update your information
• understand how we have arrived at a decision about you
• if you have a concern, complaint, objection or request a restriction on how we process your information
• enquire regarding data portability and whether you can transfer your data to another organisation

We will aim to respond to enquiries within 30 days of the submission.

Contact details for enquiries

Contact details for enquiries can be found on our Contact us webpage.

For independent advice or to lodge a complaint about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO).

Our website privacy policy details information gathering and communication practices for our websites.