Dalgety Bay and Hillend Community Council
General Data Protection Regulation (GDPR) Policy
This policy defines how the Dalgety Bay and Hillend Community Council (DB&HCC) will comply with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018.
GPDR requires that DB&HCC are only allowed to use and share personal information if DB&HCC has proper reason to do so.
DB&HCC will only do this if one of the more following criteria is met:
· To fulfil a legal contract
· DB&HCC have a legal obligation to do so
· When it is in DB&HCC’s legitimate interest
· When it is in the vital interest of the person to share the information
· When the person consents to it
The Data Controller for DB&HCC shall be the DB&HCC Secretary
Collection of Personal Information
DB&HCC may collect the following personal information
Type of Personal Information
Address, Phone Number, e-mail address
Details of payments made to/received from the person
Details regarding any contract that has been made with the person
Information provided by the person in letters, emails and conversations between the person and DB&HCC
Any permissions provide by the person to DB&HCC to use their personal information
DB&HCC may collect data from the following sources:
· Correspondence in e-mail and letters
· Conversations either in person or on the phone between elected members of DB&HCC and the person
· Information provided by the person at DB&HCC meetings
DB&HCC shall not share data without the consent of the person.
DB&HCC shall not send data outside the European Economic Area (EEA).
DB&HCC shall not share any personal data on the DB&HCC website, https://www.dalgetybayandhillend.org/ , or any Social Media outlet controlled by DB&HCC without the consent of the person.
DB&HCC will normally only retain personal data for a maximum of 3 years. After 3 years, if DB&HCC wish to retain the personal data, DB&HCC will seek the persons consent to retain the personal information for a further 3 years.
DB&HCC shall store data on a password protected secure network. Only the security controller and data processors authorised by the data controller shall have access to the network.
Where hard copy personal data is held, DB&HCC shall keep the data in a lockable storage facility. Access to this storage facility will be limited to the data controller and any data processors authorised by the data controller.
Requests for a copy of Personal Information
A person may request a copy of the personal information that DB&HCC hold about them by contacting the secretary of DB&HCC at the following e-mail address:
DB&HCC shall respond to any requests for information within 4 calendar weeks.
Withdrawal of Consent
A person may withdraw their consent from DB&HCC to hold their personal data at any time. Requests to remove personal data from the DB&HCC records shall be sent to the following e-mail address:
Complaints regarding DB&HCC’s holding of personal data should be made to the following e-mail address:
Complaints may also be reported to the Information Commissioner’s Office (IOC). Details on how to report a concern can be found on their website.