This Privacy Notice from Armagh City, Banbridge and Craigavon Borough Council tells our customers and service users how we process your personal data in accordance with our legal obligations under the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
In it, we will explain why and how we collect and use your personal information; your rights regarding this information; and how we comply with data protection law.
Armagh City, Banbridge and Craigavon Borough Council
Craigavon Civic and Conference Centre,
66 Lakeview Road,
Data Protection Officer
Senior Records Manager
Armagh City, Banbridge and Craigavon Borough Council
Old Armagh City Hospital,
39 Abbey Street,
Our main offices and facilities:
- The Palace Demesne, Armagh BT60 4EL
- Civic Building, Downshire Road, Banbridge BT32 3JY
- Craigavon Civic and Conference Centre, 66 Lakeview Road, Craigavon BT64 1AL
Who we are:
Armagh City, Banbridge and Craigavon Borough Council is responsible for delivering local services such as bins, recycling, planning, building control, environmental health, community planning, community development, city and town centres, sports and leisure, legal registrations etc.
The law and why we process your information:
The following is a broad description of the way Council, as a data controller, processes personal information in accordance with our legal obligations under the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any specific privacy notices we have provided, or contact the relevant area of Council to ask about your personal circumstances.
In order for us to process your personal information, we must have a lawful basis for doing so and at least one of the following conditions must apply:
- Consent – based on a clear indication from you that you are agreeable to us processing your information for a specified and clearly defined reason.
- Contract – processing your information is necessary if we have a contract to fulfil with you or if we have to take steps at your request before entering into a contract.
- Legal Obligation – in order for us to comply with common law (not including contractual obligations) or statutory obligation, it is necessary for us to process your information.
- Vital Interests – processing your information is vital in protecting someone’s life.
- Public task – processing your information is necessary for Council to perform a task in the public interest or for our official functions, and the task has a clear basis in law.
The processing that Council carries out is most likely to fall under conditions 2, 3 and 5 above.
The list of relevant legislation from which Council derives the power to process personal data is too long and varied to detail here but should you require further or more specific information, please contact us.
There may be occasions when consent is the only legal basis we have to process your personal data, for example, if we want to send you marketing messages.
When this occurs, we will endeavour to seek your consent at the time we gather your personal data. Normally, we will do so by asking you to provide a signature or indicate consent by ticking a box, after providing a full explanation in order to clarify what you are consenting to.
Why we process your information:
- to provide you with a public service in compliance with its legal responsibilities
- contact you by post, email or telephone
- update your records
- establish your needs and subsequently provide you with the assistance that you require to make payments and grants
- prevent and/or detect fraud or corruption in the use of public money
We serve a population of over 200,000 and are the second largest council area in Northern Ireland covering an area of 554 square miles. Following Local Government Reform in Northern Ireland, our Council formally assumed its full powers and statutory responsibilities on 1 April 2015. Our new Council combines the former council areas of Armagh, Banbridge and Craigavon.
- obtain your opinion about our services
- inform you of other relevant council services
- ensure we meet our legal obligations including those related to diversity and equality
- to protect citizens from harm or injury
- for law enforcement functions, for example, licensing, planning enforcement, trading standards and food safety where we are legally obliged to undertake such processing
- where the processing is necessary to comply with legal obligations, for example, the prevention and/or detection of crime
- to assist us in responding to emergencies or major accidents. This allows us, in conjunction with the emergency services, to identify individuals who may need additional help and support.
We also process sensitive classes of information that may include:
There will be some circumstances where we need to process ‘sensitive’ information about you. We will avoid doing this where we can, however where we are required to do so, this information may include your;
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Offences and alleged offences
- Trade union membership
- Genetic data
- Biometric data
- Health details
- Sexual life and sexual orientation
Where we may collect your information from:
- When you apply for a job with us
- Information supplied by you, or someone appointed by you, in writing, face to face, by telephone or online. This includes information put into the public domain by you.
- Someone who is acting on your behalf in a statutory capacity (e.g. someone appointed by a court)
- Through the submission of questionnaires online or via mail
- Submitting planning and building control applications
- Registering births and marriages
- Submitting complaints
- Working in partnership with us
- Emergency planning
- CCTV covering our property and land
- Via enforcement action
- Organisations with whom we have data sharing agreements
- Contractors appointed by us (contractors are also bound by GDPR).
- Other NI Councils and/or Arm’s Length Bodies and/or other local public authorities
- UK Government bodies (e.g. Her Majesty’s Revenue and Customs)
- Public bodies or courts from other jurisdictions
- Data matches from the Comptroller and Auditor General as a result of the National Fraud Initiative
How we use your personal data:
We hold all personal data we process within the UK or on computer servers within the European Economic Area. An outside organisation cannot gain access to your personal data unless the law permits this to happen.
We will use the personal data we collect to ensure you receive a proper service and to improve your interaction with us on a wide range of matters.
We use the data to manage your specific needs and inform you about changes to services, initiatives and events, dealing with complaints, employing contractors and dealing with enforcement action.
We will endeavour to inform you at the time we gather your personal data, why we require it and for what purpose. We will ensure that there are effective safeguards and systems in place to make sure we keep your personal information safely and securely, and provide awareness training to staff who handle personal information.
Disclosure of personal data:
We will not disclose your personal data to any external organisation or person unless we are satisfied that we have a legal basis to do so and proper measures are in place to protect the data from unlawful and unauthorised access.
However, we may be required to share your personal data with other internal council departments to ensure we can manage your issues or requirements appropriately.
We also work closely with Central and Local Government departments throughout Northern Ireland and Great Britain and may share personal data with these departments, including statutory and non-statutory organisations for various projects and initiatives.
We may also share information with the Police Service of Northern Ireland, Her Majesty’s Revenue and Customs and other law enforcement agencies for lawful purposes including the prevention and detection of crime and animal welfare etc. We may need to share information with these organisations for more than one reason and we may not need to share all your personal information each time. In line with the Data Protection Act, we aim to minimise the amount of personal information shared and the number of instances of sharing to only the required data for that specific purpose.
We may also use external organisations to carry out services on our behalf, which may require providing them with access to your personal data. These organisations will act as Data Processors for us. They are legally obliged to keep your personal data secure and only process it under the specific direct instructions issued by us and in line with the GDPR. We will not supply your information to any other organisation for marketing purposes without your prior consent.
We use CCTV on our assets to maintain the security of property, premises and staff, and for the prevention and investigation of crime. For these reasons, the information processed may include visual images, personal appearance and behaviours.
If you choose not to give personal information:
We only process personal information where it is necessary to do so. If you choose not to disclose personal information, this may affect our ability to provide you with some of our services. Where you chose not to provide information to us, we will outline to you what this means in terms of the service you receive.
Sending personal information outside of the European Economic Area (EEA)
GDPR applies across the EEA. If we transfer your information outside of the EEA, we will only do so in order to follow your instructions, manage council services or comply with a legal obligation. We will ensure that the receiving jurisdictions commits to protecting your information to GDPR standards.
How long we keep your personal information:
We retain and dispose of your personal data in compliance with the Council’s Retention and Disposal Schedule. Records are disposed of securely.
Council’s Retention and Disposal Schedule complies with current legislative requirements. We may amend the schedule as required. A copy is available from the Council’s Senior Records Manager.
Personal data, which PRONI has received under the Public Records Act (NI) 1923, has been archived in the public interest, in line with the DPA and GDPR.
What rights do I have?
The GDPR provides you with a specific set of legal rights over your personal and sensitive data.
You are entitled to ask us to:
- Provide you with a copy of your personal information. Commonly known as a Subject Access Request, and must be replied to within one month, it allows you to see how and why we are using your information and that we are doing so lawfully.
- Correct your personal information if you think it is wrong or incomplete. We will take reasonable steps to check and correct your information.
- To erase your personal information and prevent processing in specific circumstances, often referred to as the ‘right to be forgotten’.
- To ‘block’ or suppress the processing of personal data in specific circumstances.
- To provide you with your personal data in a useable format applicable across different IT environments in specific circumstances.
- To accept your objection to your personal data being processed. This applies in certain circumstances.
Further information is available on the ICO website: https://ico.org.uk/your-data-matters/
You also have the ‘right to be informed’ – this means that when we collect personal information from you, we will explain our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with (which we do in these pages).
Not all of these rights apply where the processing of your information is for government purposes. For example, you do not have the right to have your National Insurance number deleted – we are required by law and for tax and benefit purposes to keep this.
Please contact the Council’s Data Protection Officer using the details above, if you wish to exercise any of the rights listed above. Please be aware we may need to verify your identity before answering your request.
How to complain if you are not happy with how we process your personal information:
If you are unhappy with any aspect of this privacy notice, or how we process your personal information, please contact the Council’s Data Protection Officer at the address above in the first instance.
If you are still not happy, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO):
ICO Northern Ireland contact details:
The Information Commissioner’s Office – Northern Ireland
14 Cromac Place
Telephone: 028 9027 8757 / 0303 123 1114
Changes to this Privacy Notice:
We keep our privacy notice under regular review. If we make changes, we will update this notice. Check this notice to make sure you are aware of what information we collect, how we use it and the circumstances we may share it with other organisations.
This privacy notice was last updated in May 2019.
Supplementary Privacy Notices of Council Functional Areas:
Individual functions within the Council will shortly be providing privacy information to explain how and why they collect personal data and how they use it.