Your Data Protection Rights
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
1) The right to access personal data we hold on you
- At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month.
- There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2) The right to correct and update the personal data we hold on you
- If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
3) The right to have your personal data erased
- If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
- When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
4) The right to object to processing of your personal data or to restrict it to certain purposes only
- You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
5) The right to data portability
- You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
- You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
7) The right to lodge a complaint with the Information Commissioner's Office.
- You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Supporting Policies Adopted by Council
2018 04 04 Uppingham TC Subject Access Request Policy (GDPR) (PDF, 297 Kb)
For full information please read our Subject Access Request Policy
2018 05 23 UTC Data Protection Policy (PDF, 317 Kb)
The overarching policy to support data protection and the recent changes under GDPR.
Glossary of Terms
Glossary |
The jargon explained |
Note |
|---|---|---|
Data controller |
This is the person or organisation who determines the how and what of data processing |
Our data controller is Uppingham Town Council |
Data processor |
This is the person or firm that processes the data on behalf of the controller |
The data processor is Neil Wedge |
Data subject |
This is the person about whom personal data is processed |
|
Personal data |
This is information about a living individual which is capable of identifying that individual |
e.g. a name, email address or photo |
Consent |
Consent is a positivee, active, unambiguous confirmation of a data subject’s agreement to have their data processed for a particular purpose. Consent must be easy to withdraw and must be freely given, provided on an optin basis rather than opt-out |
|
Privacy Notice |
This is a notice from a data controller to a data subject describing how personal data will be used and what rights the data subject has |
Our Privacy Notice can be found below |
Processing |
Processing is anything done with/to personal data (obtaining, recording, adapting or holding/storing) personal data |
|
Sensitive personal data |
This is also described in the GDPR as ‘special categories of data’ and is the following types of personal data about a data subject: racial or ethnic origin; political opinions; religious beliefs; trade union membership; physical or mental health or condition; sexual life or orientation; genetic data; and biometric data |
The above privacy notice has been updated and adopted by Council to reflect the changes needed to comply with GDPR in May 2018.