Data Privacy Notice – General Data Protection Regulation (GDPR) Compliance
Your data and privacy are important and we will handle them securely, fairly and in accordance with applicable laws at all times. The Parish of Goring-by-Sea complies fully with the General Data Protection Regulation (GDPR) and this Privacy Notice tells you about the data we collect and how we store and use it.
What information do we collect?
All emails and messages sent to us via the website are kept so we both have a record of the communication.
Information about your use of our site including details of your visit such as pages viewed and the resources that you access.
Security of your data
The security of your personal data is of the highest importance and we have legal obligations to keep it safe and handle it with care.
How we use your information?
The GDPR states that we are allowed to use and share your personal data only where we have a proper reason for doing so. The permitted Legal Bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process your personal data:
- Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, to receive our newsletter).
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
Here is a list of the ways that we may use your personal information, and which of the Legal Bases outlined above we rely on to do so.
- Customer Services
- To answer queries and respond to your communications.
- This is a “Legitimate Interest”.
- Website Analytics
- To obtain statistics on the usage of our website
- This is a “Legitimate Interest”.
Who we share your information with and why
- Website analytics: We use Google Analytics to supply statistics on the usage of our website.
We have a legal obligation to share data in response to properly made requests from:
- Law enforcement agencies – for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
- Regulatory bodies such as the Information Commissioner’s Office (ICO) and Ofcom.
How long do we keep your personal data?
We are legally obliged to retain contact details, account details and payment history for seven years.
When required for legal or regulatory purposes we may need to keep your data for a longer period.
Transfers to third countries
Your data is stored in secure data centres located in the United Kingdom. Your information will not be transferred to a third country (defined under the GDPR as a country outside of the European Economic Area).
What are your rights?
You have the following rights under the GDPR:
- The right to be informed. Individuals have the right to be informed about the collection and use of their personal data. This privacy notice fulfils that requirement.
- The right of access. All of the information we have about you can be provided on request.
- The right to rectification. If you find an error in your data please contact us to rectify it.
- The right to erasure. In certain circumstances, you have the right to request that we delete personal data held on you. This does not apply if we have a legal reason for retaining it.
- The right to restrict processing. In certain circumstances, you have the right to ask us to ‘restrict processing of data’. This means we would need to secure your data but not otherwise use it.
- The right to data portability. You have a right to obtain some of the personal data we hold on you in a ‘structured machine-readable’ format.
- The right to object. You have the right to opt-out of any marketing communications that we may wish to send you.
- Rights related to automated decision-making including profiling. We do not apply any automated decision-making or profiling to any of your personal data.
- If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please us.
- You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk
The GDPR makes a distinction between organisations that process personal data for their own purposes, known as ‘Data Controllers’, and organisations that process personal data on behalf of other organisations, known as ‘Data Processors’.
The Parish of Goring-by-Sea is a Data Controller.
Third Party Website Links
Embedded content from other websites