What personal information do we hold?
Most community councils hold personal data (electronic or manual), and have the responsibility of complying with data protection law.
Personal information includes details such as your name and address, email address and any information relating to your query with us.
If you give anyone else's details as part of your communication with us, please make sure that you've told them you have given this information to us.
Why do we process personal information?
“Processing” means acquiring data, storing it, amending or augmenting it, disclosing it to third parties, deleting it. The legal basis for us processing personal information is as part of the function as community council to perform a public task as set out in the Local Government (Scotland) Act 1973.
We are the controller of the personal data collected and it is the Community Council that decides how and why personal data is processed.
How we receive this personal information?
Most of the personal information the Community Council processes is provided to us directly by you, through your communication with us – for example on social media or by email. In certain cases, we may share this information with Fife Council, elected representatives (such as your Councillor, MP or MSP) and other public authorities in Scotland. If we do this, we will seek your consent.
We may also carry out public information surveys or consultations where we collect information about you and your views on issues pertaining to the work of the Community Council and the St Andrews community. As much as possible, we will minimise personal information collected and anonymise where possible.
How long do we store your information for?
We keep your personal data for no longer than reasonably necessary before it is destroyed securely. We commit to respecting the data protection principles:
data must be processed fairly and lawfully;
data must be obtained for one or more specified and lawful purposes, and must not be processed in any manner incompatible with those purposes;
data must be adequate, relevant and not excessive;
data must be accurate and kept up to date;
data must not be kept longer than necessary;
data must be processed in accordance with the data subject’s rights;
appropriate technical and organisational measures must be taken against the data’s unauthorised or unlawful use and their accidental loss, damage or destruction.
Your data protection rights
Under data protection law, you have rights including:
Access - You have the right to ask us for copies of your personal information.
Rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Erasure - You have the right to ask us to erase your personal information in certain circumstances.
Restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Processing - You have the right to object to the processing of your personal information in certain circumstances.
Data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. You are able to remove your consent at any time.
If you have any concerns about our use of your personal information, please contact us at email@example.com.
The Community Council has registered with the Information Commissioner's Office. You can also complain to the ICO if you are unhappy with how we have used your data - www.ico.org.uk