Privacy Policy

This privacy statement covers Babergh and Mid Suffolk District Councils’ official websites, which can be accessed by either of the following links:

This statement also covers any other websites processed by or on behalf of Babergh Mid Suffolk District Councils.

When you use these websites you are agreeing to this statement and any additional statements on individual pages within the websites.

Your privacy is important. We regard the lawful and correct treatment of personal data as vital to maintaining the confidence of the many people we deal with. We will treat personal data lawfully and correctly, any personal information you give us will only be used in accordance with principles found in the General Data Protection Regulation.

Read more about the General Data Protection Regulation

If you provide any personal information in order to use a service on this website, it will only be used for the reasons given on the web page or application form. It may also be shared with partner organisations that we use to help deliver that service.

Depending on the purpose for which we originally obtained your personal information, we may share this with other departments within the council to deliver services or share information with other local authorities or organisations such as suppliers or contractors, voluntary organisations or not for profit organisations for the purposes of carrying out joint ventures or referring you to support services.

On occasions we use companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection law. Arrangements involving sensitive personal data will have been formally assessed in more detail for their compliance with the law.

In most other cases we will not disclose personal data without consent. However, there are situations where consent would not be required such as when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:

  • For the detection and prevention of crime/fraudulent activity
  • If there are serious risks to the public, our staff or to other professionals
  • To protect a child
  • To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
  • Where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality

On occasions the Council will undertake research into various topics. When using personal data for research purposes, the data will usually be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.

Personal data will not otherwise be shared with any third party without your consent, unless required by law.

When we use your personal data, Babergh and Mid Suffolk District Councils are the data controller. As the data controllers, we must:

  • only keep your data that we need to provide services and do what the law says we must
  • keep your records safe and accurate
  • only keep your data as long as we have to
  • collect, store and use your data in a way that does not break any data protection laws

Things you can do to help us include:

  • telling us when any of your details change
  • telling us if any of the information we hold on you is incorrect

What is personal data?

Personal data is information about a living person for example; name, address, telephone number, date of birth, bank details etc. This can include written letters, emails, photographs, audio recordings and video recordings.

There are also other types of personal data which are called special category data which require additional safeguards, this includes details of ethnic origin, religious beliefs, sexual orientation, trade union membership, health data, and biometric (e.g. fingerprints, facial recognition) and genetic (e.g. DNA) data.

Why we collect and store personal data

For some of our services, we need to use your personal data so we can get in touch, or provide the service.

We can use your personal data under many different laws. The main ones for the Council are the Local Government Acts and the Localism Act 2011, but there are also many more. In 2011, the Government put together a list of statutory duties of all local authorities. Some of these laws may have been updated since then, and new ones added. In many cases there is a law that says we must or we can process your data and we can do so without your consent or permission.

For some services we process your data under a contract. Where we do not directly provide the service, we may need to pass your personal data onto the organisations that do. These providers are under contract and have to keep your details safe and secure, and use them only to provide the service.

View the contracts database via our transparency agenda

Using your personal data

We will use your data to:

  • provide council services and anything we must do by law
  • carry out our regulatory, licensing and enforcement roles which we have to do by law
  • collect and make payments, grants and benefits and spot fraud
  • listen to your ideas about council services
  • tell you about council services

Joined-up services within the council

We share your data between services within the council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. Staff can only see your data if they need it to do their job.

Read more about how we use your information.

 

Fair processing

Babergh and Mid Suffolk District Councils are required by law to protect the public funds they administer. They may share information with other bodies, responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Cabinet Office appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation.

No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office to match each exercise, and these are set out in the Cabinet Office’s guidance.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 2018.

Data matching by the Cabinet Office is subject to a Code of Practice.

For further information on data matching within Babergh and Mid Suffolk District Councils, email John Snell – Corporate Manager, Internal Audit.

Other legal requirements

We aim to have a secure website, and use security technology to protect any sensitive personal data we process about you. But your use of the internet, and this website, is entirely at your own risk. We have no responsibility or liability for the security of personal information transmitted over the internet. Please be aware that emails sent through the internet may not be secure so please consider this before you send personal or sensitive data.