Dalgety Bay and Hillend Community Council

General Data Protection Regulation (GDPR) Policy


This policy defines how the Dalgety Bay and Hillend Community Council (DB&HCC) will comply with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018.


GPDR requires that DB&HCC are only allowed to use and share personal information if DB&HCC has proper reason to do so.

DB&HCC will only do this if one of the more following criteria is met:

·       To fulfil a legal contract

·       DB&HCC have a legal obligation to do so

·       When it is in DB&HCC’s legitimate interest

·       When it is in the vital interest of the person to share the information

·       When the person consents to it

Data Controller

The Data Controller for DB&HCC shall be the DB&HCC Secretary

Collection of Personal Information

DB&HCC may collect the following personal information

Type of Personal Information

Example Descriptions


Address, Phone Number, e-mail address


Details of payments made to/received from the person


Details regarding any contract that has been made with the person


Information provided by the person in letters, emails and conversations between the person and DB&HCC


Any permissions provide by the person to DB&HCC to use their personal information


DB&HCC may collect data from the following sources:

·       Correspondence in e-mail and letters

·       Conversations either in person or on the phone between elected members of DB&HCC and the person

·       Information provided by the person at DB&HCC meetings

Data Sharing

DB&HCC shall not share data without the consent of the person.

DB&HCC shall not send data outside the European Economic Area (EEA).

Electronic Media

DB&HCC shall not share any personal data on the DB&HCC website, https://www.dalgetybayandhillend.org/ , or any Social Media outlet controlled by DB&HCC without the consent of the person.

Data Retention

DB&HCC will normally only retain personal data for a maximum of 3 years. After 3 years, if DB&HCC wish to retain the personal data, DB&HCC will seek the persons consent to retain the personal information for a further 3 years.

Data Security

DB&HCC shall store data on a password protected secure network. Only the security controller and data processors authorised by the data controller shall have access to the network.

Where hard copy personal data is held, DB&HCC shall keep the data in a lockable storage facility. Access to this storage facility will be limited to the data controller and any data processors authorised by the data controller.

Requests for a copy of Personal Information

A person may request a copy of the personal information that DB&HCC hold about them by contacting the secretary of DB&HCC at the following e-mail address:


DB&HCC shall respond to any requests for information within 4 calendar weeks.

Withdrawal of Consent

A person may withdraw their consent from DB&HCC to hold their personal data at any time. Requests to remove personal data from the DB&HCC records shall be sent to the following e-mail address:



Complaints regarding DB&HCC’s holding of personal data should be made to the following e-mail address:


Complaints may also be reported to the Information Commissioner’s Office (IOC). Details on how to report a concern can be found on their website.