GDPR - purpose and legal basis

2. Why and how your personal information is used 

For each of our processing activities, we will tell you why we need to process your personal information. 

We will also identify a legal basis for processing your information. 

We will only ever ask you for information about yourself that is appropriate for the purposes of processing.

If we have obtained your consent to process your information, you have the right to withdraw your consent at any time and we will explain to you, clearly, how to do this.    

As a public authority, some of the services we deliver are either statutory (official authority), or there is a high expectation of us to deliver a service (public duty or task). 

Occasionally, we will ask you to sign a contract to enable us to deliver a service.

Where this is the case, we will ask you for personal information to enable us to deliver the service. 

If you choose not to provide the information, we will explain to you the consequences of not providing the information.

Sometimes we process special category data which is afforded more protection under the Data Protection Act 2018 because special category data is deemed to be more sensitive.

If we are processing your special category data then we need to establish a further lawful basis for processing and we will tell you what that lawful basis is

Special category data is deemed to be data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data for the purposes of identification, health data and sexual orientation.

Sometimes we use computers or technology to help us make decisions about the service we offer you. 

If we have used this technology we will detail what decision making or profiling system we have used and how the decision is made.

How long will we keep your information?

We will retain your information in line with our Information Retention and Disposal Policy and will keep your information only for as long as it is needed, after which it will be deleted or destroyed.

Information security

We will protect the integrity and confidentiality of your personal data by using the appropriate technical or organisational measures to ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

1. GDPR summary

3. Your rights