Derry City and Strabane District Council complies with the General Data Protection Regulations (GDPR) to ensure that it properly manages any personal information it collects from you. The council is a registered Data Controller with the Information Commissioner’s Office (Reg. No. ZA119397).
Derry City and Strabane District Council provides a wide range of services. To provide some of these services the Council needs to collect and use appropriate personal information; this may be collected either in person, over the phone, through application forms, through online services or from third parties.
The Council will ensure that it obtains your personal information lawfully and transparently. It will also maintain it securely and accurately.
The Council will also only collect the minimum information necessary to carry out its public duties and, when it no longer needs it, will dispose of it in a secure manner.
If the Council needs to use the information for any additional purposes or uses, it will let you know at the point of collection.
Sometimes the Council has to share or confirm personal information with other organisations; if it needs to do this the Council will make this clear to you at the point of collection, providing details of the third parties.
The Council will only share information when it is fair and lawful to do so and when the third party can clearly demonstrate its data protection compliance.
This document gives you information on:
If you want to find out more you can contact our Data Protection Officer by email:
WHAT TYPE OF PERSONAL INFORMATION DOES THE COUNCIL USE?
Personal information is any type of information that can identify a living person. The Council will use a range of personal information, at different times for different purposes, to enable it to carry out its statutory duties and public interest tasks.
This may include your:
- date of birth
- mobile phone number
- email address
- financial details
There are other types of personal information that may not be so obvious such as:
- CCTV footage (Council uses CCTV cameras in its premises including offices, leisure and community centres, amenity sites and other outdoor venues)
- location data (any data that can identify your geographical location – GPS location for example)
- online identifier (IP address provided by your Internet Service Provider)
There are also certain categories of personal information that are considered to be “special”. These are more sensitive and include:
- ethnic origin
- political viewpoint
- trade union membership
- biometrics (where used for ID purposes)
- sexual orientation
- sexual health
The Council may collect some or all of the above dependant on the circumstances of its interaction with you.
The Council will never use or share your special category information, without your explicit consent, if it doesn’t have a lawful basis for doing so.
WHY DOES COUNCIL USE YOUR PERSONAL INFORMATION?
The Council collects and uses your personal information so that it can provide you with, and inform you of, statutory and other public services.
If the Council does not have your information, or does not have your permission to use that information, there may be certain functions that it can’t carry out for you (e.g. we can’t do a bulky waste collection without your name and address).
Examples of these services include:
- waste collection and disposal
- recycling and waste management
- local planning functions
- grounds maintenance
- street cleaning
- health and safety regulations
- environmental protection and improvement
- building control-inspection and regulation of new buildings
- dog control and licensing
- entertainment licensing
- enforcement byelaws such as those around litter
- sports, leisure services and recreational facilities
- parks, open spaces and playgrounds
- community centres
- arts, heritage and cultural facilities
- registration of births, deaths and marriages
- off-street parking (except park and ride)
- local economic development
- community planning
- community development
- community safety
- sports development
- summer schemes
- health and safety management
Other occasions where the Council may use your personal information include:
- it is required by law to do so
- to establish trends of service usage
- to inform you of services it thinks you may be interested in
- to help verify your identity
- to help investigate any complaints or concerns you have raised
- to ask for performance feedback
- checking accuracy of customer details
- it is necessary to do so for archiving, research or statistical purposes.
HOW DOES THE COUNCIL OBTAIN PERSONAL INFORMATION?
The Council obtains personal information from a wide variety of sources including;
- individuals themselves (written, verbal, visual)
- central government
- other government departments
- health trusts
- education establishments
- CCTV footage
- legal representatives
- business associates
- data processors working for the council
HOW DOES THE COUNCIL MANAGE AND PROTECT YOUR PERSONAL INFORMATION?
The Council must have a legal/valid reason for obtaining your personal information and this must be made known to you.
The Council will only use your personal information for its intended purpose.
The Council will only ever use the minimum amount of personal information required to allow it to carry out its duties.
If consent is required by the Council, to carry out a particular function, it will provide you with sufficient information to make a reasoned decision about whether or not you want it.
The Council will retain your personal information in accordance with its own retention and disposal schedule. This schedule enables Council to dispose of records promptly when they cease to be of any continuing administrative or legal value.
The Council will dispose of any personal information it holds about you if you ask us to do so – as long as the Council has no business or legal requirement to keep it.
Personal information will be disposed of, in a secure manner, as soon as it is no longer required for Council purposes or the law states that it is no longer required.
All personal information will be held securely by the Council in hard copy or electronic form. Internal controls are in place to ensure that people who are not allowed to view your personal information can’t get access to it.
Our IT systems are robustly tested and monitored to ensure they provide maximum security:
- Email filter: All emails are scanned coming in and out by a Mimecast email filter which protects use from virus and spam.
- Firewalls: The Council’s IT network is protected by 3 Fortigate firewalls which also act as web filters protecting users from bad website and again virus, malware and spamming.
- Anti-virus defence: The Council uses Symantec endpoint protection. This is our anti-virus suite which is controlled centrally from a server which downloads and distributes updates to all machines on its network.
- Patches: The Council uses IBM Big Fix all PC’s with the latest windows patches.
- System Back-ups: The Council uses Commvault for backup of all systems.
- Disaster Recovery: The Council uses VMWare for all our servers, and uses VMware SRM for disaster recovery.
All security protocols and procedures are routinely monitored and enhanced to ensure data protection compliance.
Staff are trained in their Data Protection responsibilities on a regular basis.
Council will not engage with any third party data processors if they cannot demonstrate clearly that they are compliant with the General Data Protection Regulations.
WHO IS PERSONAL INFORMATION SHARED WITH?
The Council will sometimes share personal information with other organisations for legal reasons or where it is permitted to do so under data protection legislation.
If the Council shares your personal information it will tell you who it is being shared with and why it is being shared – unless the law prevents us from doing so.
These organisations cannot use your data unless Council has given them explicit authorisation to do so and they cannot share your data with anyone else.
They are also required to adhere to the General Data Protection Regulations and must demonstrate to Council how they do so.
If the information falls under “special category” the Council will never share it without your explicit consent unless the law allows it to do so.
If there is a “non-obvious” reason for sharing your data you will be informed of this.
Examples of organisations we may share personal information with include:
- internal council departments
- other councils
- government departments
- voluntary sector
- Health Service
- Housing Executive
In very exceptional circumstances Council may need to share personal information with bodies outside the European Union. The Council will only do this if there is a legitimate reason for doing so and those bodies can prove that they are compliant with the General Data Protection Regulations.
You have a number of rights under the Data Protection Laws in relation to the way Council processes your personal data. These are set out below:
You have the right to:
- transparency in how the Council collects and uses your data. The Council must be honest and open about:
- how and why it obtains your personal data
- how it processes your personal data.
- easy access to any data the Council holds about you. This is normally free of charge. There may be times when this is not possible due to legal or business reasons but this will be explained to you. When it is possible, the Council will provide this data in a clear and easily understood manner.
- ask the Council to correct any inaccurate data we hold about you.
- be forgotten – ask the Council to delete any data it holds about you which you deem to be unnecessary. The Council may not always be able to do this if it has a legal obligation or business reason to keep your data.
- to ask the Council to restrict the processing of your data to the purpose for which you provided it. If you do, the Council won’t use your data for any other purpose.
- data portability – Ask the Council to store your data in a way that allows you to obtain and reuse your personal data, for your own purposes, across different electronic services.
- to object to your data being used for non-legitimate reasons.
- to object to your data being used in totally automated decision making processes. This means that no decision regarding a planning application, for example, can be made without human input.
- to withdraw your consent at any time without bias (see consent below)
Certain conditions may apply to these rights. If Council are unable to facilitate them it will explain why to you.
If you have any queries or requests regarding your individual rights you can contact us at firstname.lastname@example.org
The Council does not need your consent to carry out our duties it is legally obliged to do so. Sometimes, however, there will be instances where its functions fall outside of the legal requirement. Examples of this would be marketing, tourism, promotional material and newsletters.
Where consent is required the Council will:
- provide you with enough information to make an informed decision.
- always ensure that your consent is freely given.
- ask you to positively “opt-in” (not opting-out will no longer be taken as an assumption that you have opted-in)
- ensure that you can withdraw your consent at any time, without bias, and we will make this easy for you and tell you how to do it.
- name any third parties who rely on your consent to do work for.
If the Council has no legal authority to contact you, collect and process your data, it will not do so without your explicit consent. The decision to allow Council to contact you or use your data will always be yours.
Children have all the same basic rights as adults but merit additional specific protection. The council will abide by all the data protection principles when dealing with children.
If the Council has any reason to deal with children’s personal data it will:
- design our processing with children in mind from the outset
- always use age appropriate language
- make sure that Council processing is fair and complies with the data protection principles.
- as a matter of good practice, use Data Protection Impact Assessments to help us assess and mitigate the risks to children.
- consult with children as appropriate when designing our processing.
- when relying on consent, make sure that the child understands what they are consenting to, and will not exploit any imbalance in power in the relationship between us.
(Only children aged 13 or over are able to provide their own consent. If the Council is dealing with children under this age it will require consent from whoever holds parental responsibility for the child).
- when relying on ‘necessary for the performance of a contract’, consider the child’s competence to understand what they are agreeing to, and to enter into a contract.
The cookies the Council uses are:
Google Analytics collects information such as pages you visit on this site, the browser and operating system you use and time spent viewing pages.
The purpose of this information is to help us improve the site for future visitors.
The site also makes use of a session cookie called PHPSESSID. This cookie is necessary for site functionality and is set even if you do not give your consent. It is held temporarily in memory and is deleted when the web browser is closed. This cookie contains no personally identifiable information.
The following cookies are set by Google Analyitcs:
A persistent cookie – remains on a computer, unless it expires or the cookie cache is cleared. It tracks visitors. Metrics associated with the Google __utma cookie include: first visit (unique visit), last visit (returning visit). This also includes Days and Visits to purchase calculations which afford ecommerce websites with data intelligence around purchasing sales funnels.
__utmb Cookie & __utmc Cookies
These cookies work in tandem to calculate visit length. Google __utmb cookie demarks the exact arrival time, then Google __utmc registers the precise exit time of the user.
Because __utmb counts entrance visits, it is a session cookie, and expires at the end of the session, e.g. when the user leaves the page. A timestamp of 30 minutes must pass before Google cookie __utmc expires. Given__utmc cannot tell if a browser or website session ends. Therefore, if no new page view is recorded in 30 minutes the cookie is expired.
This is a standard ‘grace period’ in web analytics. Ominture and WebTrends among many others follow the same procedure.
Cookie __utmz monitors the HTTP Referrer and notes where a visitor arrived from, with the referrer siloed into type (Search engine (organic or cpc), direct, social and unaccounted). From the HTTP Referrer the __utmz Cookie also registers, what keyword generated the visit plus geolocation data.
This cookie lasts six months. In tracking terms this Cookie is perhaps the most important as it will tell you about your traffic and help with conversion information such as what source / medium / keyword to attribute for a Goal Conversion.
Google __utmv Cookie lasts “forever”. It is a persistent cookie. It is used for segmentation, data experimentation and the __utmv works hand in hand with the __utmz cookie to improve cookie targeting capabilities.
If you email Council it may keep a record of your email address and the email itself as a record of the transaction. For security reasons the Council will not include any confidential information about you, in any email it sends to you, unless you have provided your explicit consent to do so.
Derry City and Strabane District Council uses the following social media platforms for various purposes:
- Trip Advisor
The Council will abide by all the GDPR requirements when posting on social media. It will never release personal data on to social media outlets without legal authority and the explicit consent of the data subject.
All social media posts are checked and cleared by the Council Marketing Team before they are posted to ensure that they are GDPR compliant.
Users should also make themselves aware of each platform’s own terms and conditions.
RE-USE OF PUBLIC SECTOR INFORMATION (RPSI)
What are the RPSI Regulations?
The Re-use of Public Sector Information Regulation 2015 (RPSI) requires Derry City and Strabane District Council to make information, which is accessible and produced as part of our public task, available for re-use unless restricted or excluded. ‘Public task’ means our core responsibilities and functions.
In general, any information that is accessible, either because it has been published or because it has been released under Freedom of Information legislation or other access legislation will be made available for re-use.
Any information we supply to you under the Freedom of Information Act (FOIA) should be for your personal use. We retain copyright to all information we disclose.
You do not need to ask permission to re-use any accessible information for which Derry City and Strabane District Council holds the copyright, but you must agree and comply with the terms of the Open Government Licence (OGL).
If you wish to submit a request to re-use information you should write to us at email@example.com. Please include:-
- your name and address
- what information you would like to re-use
- the purpose you intend to use the information for
When we receive your request, we will deal with it within 20 working days, unless your request is complicated.
Our response will tell you about any conditions for re-use, and if you will be charged a fee to re-use the information. In most cases information will be available to re-use free of charge. If the information is available electronically and you are happy to receive it by email there will be no charge. There may be a charge if you require paper copies of documents.
When the Council receives a complaint from a person it makes up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
The Council will only use the personal information it collects to process the complaint and to check on the level of service it provides. The Council does keep statistics showing information like the number of complaints it receives, but not in a form which identifies anyone.
The Council usually has to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, Council will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
The Council will keep personal information contained in complaint files in line with its retention policy. This means that information relating to a complaint will be retained for six years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to the Council it will only use the information supplied to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
You can let us know your comments/compliments by;
You also have the right to contact the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Tel: 0303 123 1113