The Hull and East Riding Combined Authority (HEYCA) is a data controller as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). This privacy notice is designed to help you understand how and why we process your personal data. We are registered as a data controller with the ICO, registration number ZB934381.
We are responsible for managing the personal information we hold and recognise that your information is important to you. We take our responsibilities seriously and take care to use personal information fairly, lawfully and safely in line with the UK’s data protection laws.
Hull City Council are acting as Data Protection Officer for HEYCA and can be contacted at -
The Guildhall
Alfred Gelder Street
Hull
HU1 2AA
- 01482 300 300
- information.governance@hullcc.gov.uk
If you wish to enquire or complain about how we have handled your personal information, please contact our Data Protection Officer on the contact details provided above. Should we be unable to resolve matters to your satisfaction, you can contact the Information Commissioner’s Office (ICO) through their website - https://ico.org.uk/make-a-complaint/data-protection-complaints/
Why do we process personal information?
We need to collect and use personal information to deliver our functions. The specific legal conditions we rely upon to process your data are detailed in Annex 1, though in general we collect and use personal information -
- to enable us to communicate with you and to deliver services to you
- to meet legal obligations or comply with court orders
- for the prevention and/or detection of crime
- to meet our hr and legal obligations as an employer
- to process financial transactions including grants, payments and benefits for heyca or on behalf of other government bodies such as department for work and pensions. This can include providing your data to the funding body for monitoring and evaluation
- to monitor our performance in providing services to you, to gather statistical information to allow us to plan future provision of services to and to obtain your opinion about our services. This could include monitoring of special category data to ensure we meet our obligations under equalities legislation
- for marketing purposes, to keep you updated on the latest news and services, where you have opted in
What categories of information do we process?
The types of personal information we process depends on the service being delivered to you but could include but may not be limited to -
- name
- address
- telephone number
- email address
- date of birth
- national insurance number
- biographical information, such as details of skills, qualifications and job history
- your image, including cctv at our offices, or images broadcast from public meetings
Special category data includes more sensitive information that could include -
- health or mental health
- racial or ethnic origin
- sexual orientation
- religious or philosophical beliefs
- political opinions
- trade union membership
Sharing of your personal data
Your personal data will be treated as strictly confidential, and will be shared only under the following circumstances -
- where we have your permission
- where the sharing is required to deliver a service to you
- where we are required by law, court order, law enforcement agencies, juridical bodies, government, tax authorities or other regulatory bodies. we may not have to tell you if we do share with other organisations for these purposes
- with third parties, external partners, and agencies assisting us in delivering our service(s) to you
- for our statutory functions - our internal auditors, external auditors and information governance officers may also have access to your personal data to complete their work
- with external partners to improve, and advance, the service we provide to you
Transfers to third countries and safeguards
In the event we need to transfer your personal information outside of the UK/EEA, we will take all reasonable steps to ensure that appropriate safeguards are in place and that your information is processed securely in accordance with current UK legislation and the regulator's guidance.
How long will we keep your data?
HEYCA will retain your personal information for no longer than reasonably necessary to meet our legitimate business purposes or to comply with statutory obligations. These periods will be outlined in privacy notices made available to you when the data is collected and/or in our privacy policies. When determining the appropriate criteria and timeframe for retention of your data, we will refer to our Retention Policy and Schedule.
Your data protection rights under the law
Right to be Informed
We must tell you what information we need from you, why we need your information, the law that allows us process your information, how we will process your information, if we share your information and with who we share, the rights the law has allowed you to exercise, how long we intend to keep your information, how you can access your information, how to contact our Data Protection Officer, and how to contact the Information Commissioners Office.
Right of Access
You can ask to see your personal information that we hold about you. When you exercise this right, it is called a Subject Access Request or SAR. We must provide you with access to, or a copy of, your information within one month of receiving your request. In some cases, we are allowed extra time to respond but if this applies, we must tell you at the earliest opportunity.
Right to Rectification
If you believe the information, we hold about you is incomplete or wrong, depending on the reason for collecting that information, we will correct the information without delay. Where we are unable to change the information for any reason we will clearly explain why and offer you the opportunity to add your own note or explanation to the record.
Right to Erasure
You can ask us to fully delete your information at any time. This may not always be possible, for example where there is a statutory requirement to retain records or if it is necessary to mee to our legitimate business interests and comply with our records retention standards. Where you provided your information to us based on your consent, we should normally be able to immediately delete your information.
Right to Restriction of Processing
Where you have concerns that the information we hold about you is incorrect, is no longer needed by us, or you question the lawful reason we gave for holding it, you can ask us to limit the use of the information. It might also be that you want us to retain the information for an extended period because you may need it for a legal purpose.
When you make any request, we will investigate whether you are entitled to have your request granted. Even if we find out that you are not entitled to this right in a particular circumstance, we will still let you know before we continue to use your information.
Right to Object
You have a right to ask us to stop processing your personal information. If we are unable to comply with your request, we will clearly explain our reasons.
Right to Reject Automated Decisions
The law allows you to refuse or reject the results of any automated processing of your personal information that will have any legal or other significant effect on you. You also have the right in such a case, to ask that a human processes the information instead.
However, this right will not apply to many of the functions we perform to deliver our public tasks or if the processing involves entering into a contract with you.
Right to Data Portability
If you had to give us permission to use your personal information or we collected your personal information to process an employment contract and this personal information is processed automatically by our computers, you can ask for a copy of this information in digital format. However, this right will not always apply, because we provide most of our services as a public authority and the law allows us to be exempt from this right most of the time.
To find out more about your data protection rights you may visit the Information Commissioner’s Office website - https://ico.org.uk/for-the-public/
Contact
Should you have any comments or questions about this notice email us at information.governance@hullcc.gov.uk.