The Data Protection Act gives you the right to know what information is held about you, and sets out rules to make sure that this information is handled properly.
Subject access requests
The Act gives data subjects a right of access to their personal data. This right is exercised by the data subject making a subject access request. A data subject is entitled to ask the council for a copy of his or her personal data.
People may ask for information in several different ways: in writing, by telephone or face to face. However, we are not obliged to comply with a request unless all of the following conditions are met:
- The request is made in writing
- Sufficient information is provided to identify the person making the request and the information that is being sought
- The correct fee, currently £10, has been paid in advance
You can pay the fee:
- By cheque, made payable to Lancaster City Council
- By credit or debit card, by calling 01524 582034
If all these conditions are satisfied, we must comply with the request within 40 days. The data subject is entitled to receive a copy of the information in permanent form.
Lancaster City Council privacy statement
Lancaster City Council is committed to protecting your privacy. We need to collect and use information about people (“personal data”) in order to provide public services and carry out our duties as a Local Authority. This privacy statement is made in light of the requirements of the Data Protection Act 1998 to inform you how we use and protect this data.
The information on this page relates to the council as a whole. More detailed information in respect of specific services, departments and functions is available below. This list will be updated over the coming months to include information about the full range of council services.
Why do we use personal information?
The main reason we collect and use personal data is to support us in carrying out our duties as a local authority. These duties include collecting council tax, administering planning applications, protecting public health, providing housing and keeping the district clean, amongst many other things.
We will usually need at least basic information (such as your name and address) in order to administer these functions and contact you about them, and will sometimes need more detailed information to provide tailored services or investigate issues further. We also use the data we hold to monitor how we are doing, and to help plan future services.
We also use personal data for a range of other purposes, including providing other services to you, meeting our legal obligations, and contacting you with information about the council (if you have requested this).
We will always explain in more detail why we need your data when we collect it from you.
When do we collect personal information?
We collect data about you whenever you:
- provide it to us by filling in a form
- contact us by any method, including letter, email, social media or visiting one of our offices
- use some of our services
We also have a number of CCTV cameras in the district, both in our offices and in public spaces.
We might also collect data about you from other organisations or people. This includes information we receive from government departments and other public services (such as the NHS or the police), and also sometimes from other sources such as local businesses or residents – for example, if your neighbour complains or reports a concern about you.
When we collect or receive data about you from third parties, we will usually tell you that we have done so (unless you already know about it).
How do we use personal information?
How we use your data will depend greatly on why we collected it in the first place. We will not usually use your data for any other purpose unless there is a strong reason to do so – such as a legal obligation or a criminal investigation. However, we do from time to time share basic information (such as name and contact details) between departments in order to ensure that our records remain up-to-date.
We sometimes need to share your information with other organisations in order to provide you with the most appropriate, efficient and effective services possible. This includes other public services (such as the NHS or DWP) and organisations who provide services on our behalf. We will usually tell you who your information will be shared with, unless there is some reason not to such as a legal obligation.
How do we protect your information?
We have a number of policies in place to ensure that your information is kept safe and secure, and can only be accessed by people who need to access it. Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password)
- controlling access to systems and networks, to ensure that only people who need to access information can do so
- training our staff in how to handle confidential information appropriately
- procedures for handling information that is kept on paper, such as ensuring it is locked away when not in use
- regularly testing and updating our technology to ensure that all our security measures are effective and up-to-date
- procedures to follow in the event that any breach of security occurs, to ensure that any damage from this is minimised
Under the Data Protection Act 1998, you have the following rights:
- the right to request a copy of any of your personal data held by us (“subject access request”);
- the right to object to any processing which may cause damage or distress
- the right to prevent direct marketing
- the right to object to decisions being taken by automated means
- the right to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to claim compensation for damages caused by a breach of the Act
If you would like to exercise any of these rights, please email us at email@example.com.
It will usually be necessary for you to put your request in writing in order for it to be considered under the Act. We may also request proof of your identity, and additional information from you, before we can process your request. Once you have provided everything we need, we are required to respond to any request in full within 40 calendar days.
Please note the rights listed above are not absolute, and depending on the circumstances we may not always be able to fulfil your request. If this is the case, we will inform you as soon as possible.
Queries and revisions
If you have any queries about this privacy statement, or about how we use your personal data, please email us at firstname.lastname@example.org or call 01524 582205.
We reserve the right to amend this privacy notice at any time. However, we take your privacy very seriously and will never change our policies or practices to make them less protective of your personal information. In May 2018 we will become subject to the new General Data Protection Regulation (GDPR), which strengthens your rights and places extra obligations on us, and we will update this notice accordingly.
If we do make any changes to this policy, we will post the current version to our website at this address.
This Version: v1, March 2018
Last updated: 26 March 2018