PN097 - SRS Privacy Notice
Torfaen County Borough Council is committed to protecting your privacy when you use our services. This Privacy Notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards in place to protect it.
TCBC Service Area: PSSU
Work area: Shared Resource Service (SRS)
Contact Details: firstname.lastname@example.org
Privacy Notice Name: SRS
Data Controller: Torfaen County Borough Council, c/o Civic Centre, Pontypool, NP4 6YB
If you wish to raise a concern about the handling of your personal data, please contact the Data Protection Officer on 01495 762200 or email email@example.com
The SRS provides services for their partners who ultimately support the local communities and the people who live in them. Undertaking this work means that we must collect and use information about the people we provide services for and keep a record of those services.
Who provides your data to the Council?
Personal information is collected directly from employees of our partners when they access SRS services or from visitors to our sites.
SRS receive personal information indirectly from partners supported by SRS ICT Services
How does the Council collect this information?
SRS collects this information via the Service Desk and contact with staff, including at our service hatch, via the following means:
- Video conference
- In person
- Self-service portal
What information does the Council collect about you?
SRS collects the following from staff in our partners:
- telephone number
- job title
- email addresses
- Payroll number
- Asset number
Personal information of service users may be accessed in the process of providing services to our partners.
Why does the Council process your personal data?
Under Article 6 of the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(b) We have a contractual obligation
(e) We need it to perform a public task
Special categories of personal data
Although SRS do not purposely collect any special category or criminal data about service users or staff, these may be included in the information accessed during the process of providing services to our partners.
Who has access to your data?
Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.
Your data may also be shared externally with organisations to fulfil the services we provide. These may include , but not be limited to:
- Monmouthshire County Council
- Blaenau-Gwent County Borough Council
- Newport City Council
- Gwent Police
Apart from where previously stated, we do not pass your details to third parties unless we are lawfully required do so.
Is the Data transferred out of the UK?
How does the Council keep your data secure?
The Council has internal policies in place to ensure the data it processes is not lost, accidentally destroyed, misused or disclosed. Access to this data is restricted in accordance with the Council’s internal policies and in compliance with the UK GDPR.
Data will be stored securely in:
- a range of different places on a secure network and IT systems including, but not limited to:
- the SRS Service Desk system
- Collaborative systems
Where the Council engages third parties to process personal data on its behalf, they do so on the basis of written instructions. These third parties are also under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data.
How long does the Council keep your data?
The Council will hold your personal data only for the period that is necessary and will follow organisational and Local Authority standards in this area. At the end of the retention period the Council will securely destroy or dispose of the data in line with retention schedules.
Are we making automated decisions/profiling with your data?
You have a number of Rights you can exercise:
- Access - to obtain a copy of your data on request
- Rectification – to require the Council to change incorrect or incomplete data
- Object, Restrict or Delete - under certain circumstances you can require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Data portability – to receive and/or transmit data provided to the Council to other organisations (this applies in limited circumstances)
- Withdraw your consent at any time (where consent has been given)
- To know the consequences of failing to provide data to the Council
- To know the existence of any Automated Decision-making, including profiling, and the consequences of this for you.
- To lodge a complaint with a supervisory authority (Information Commissioners Office)
If you would like to exercise any of these rights, please contact Matt Lewis, Chief Operating Officer, firstname.lastname@example.org
The Information Commissioner can be contacted at: The Information Commissioner’s Office (Wales), 2nd Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH. Telephone 0330 414 6421 or e-mail Wales@ico.org.uk
Last Modified: 10/05/2023
Back to top