Let's hear your thoughts about nike adidas soccer cleats in shopcleats.com,Shop online,Nike Phantom Vision Elite Black,ypsoccer.com

Privacy notice - parking

Privacy notice - parking


Identity and contact details of the data controller

Epping Forest District Council is a data controller pursuant to the General Data Protection Regulation. This means that the Council decides how your personal data is processed and for what purposes. The contact details for the Council’s Data Protection Officer are:

Data Protection Officer
Epping Forest District Council
Civic Offices
High Street
Epping
Essex CM16 4BZ

Telephone 01992 564180
Email dataprotection@eppingforestdc.gov.uk

What personal information do we collect about you?

Personal data means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The personal data that we use is name, address, telephone numbers, email address, vehicle registration mark and for payment information (penalty charge notices and cashless parking accounts).

Why do we collect this information & how will it be used?

The Parking Enforcement function of Epping Forest District Council processes your personal data it collects (including the vehicle registration) to obtain the name and address of the registered keeper if the penalty charge notice remains unpaid.

The Traffic Management Act 2004 (Part 6) requires us to do this and such processing therefore will be carried out in accordance with prevailing statutory obligations.

The personal information will be used by the Council’s back office staff and enforcement teams and may be shared with its parking enforcement contractors (Companies working on behalf of the Council). Appropriate measures will be made to ensure the records we hold on you (paper and electronically) are kept in a secure way and only those who have a right to see them and in compliance with data protection legislation will be able to see them.

This personal information will be held for seven years following the completion of the processing. This information may be disclosed to other enforcement agencies and third parties where it is necessary and lawful to do so e.g. for the prevention and detection of crime. 

What is the legal basis for processing your personal data?

This section of the Privacy Notice should identify a lawful basis for the processing. The processing of personal data must satisfy a condition under Article 6 of the GDPR and, for special category data, must also satisfy a condition under Article 6 and Article 9. The lawful basis for each type of personal data will have been identified as part of the exercise to record personal data processing activities. Special category data includes information about race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation.

 

Article 6 - Personal Data

Article 9 - Special Categories

Consent: the data subject has given clear consent for the processing of their personal data for a specific purpose

The data subject has given explicit consent to the processing

Contract: the processing is necessary for a contract with the data subject, or because they have asked the data controller to take specific steps before entering into a contract

Processing is necessary for the purposes of carrying out the obligations of the controller or of the data subject in the field of employment

Legal obligation: the processing is necessary for the data controller to comply with the law (not including contractual obligations)

Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Vital interests: the processing is necessary to protect someone’s life

Processing is carried out in the course of its legitimate activities by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim

Public task: the processing is necessary for the data controller to perform a task in the public interest or for official functions and the task or function has a clear basis in law

Processing relates to personal data which are made public by the data subject

Legitimate interests: the processing is necessary for the data controller’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the data subject’s personal data which overrides those legitimate interests. (This cannot apply to a public authority processing data to perform official tasks)

Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity

 

Processing is necessary for reasons of substantial public interest

 

Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems

 

Processing is necessary for reasons of public interest in the area of public health

 

Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

It should be noted that the rules around consent are much stricter under the GDPR. Consent means that data subjects must be offered genuine choice and control and requires a positive ‘opt-in’. The use of pre-ticked boxes other methods of consent by default are not lawful. The GDPR gives data subjects a specific right to withdraw consent and the Privacy Notice must provide details of the right to withdraw consent and offer easy ways to withdraw consent at any time.

The Public Task provision is likely to be the most appropriate lawful basis for the processing of personal data by the Council, particularly in relation to its ‘statutory’ services. This applies where processing is necessary to perform a task in the public interest or for official functions, where the task or function has a clear basis in law. For the Council’s ‘discretionary’ services, it is likely that a different lawful basis will need to be identified, such as the ‘Legitimate Interests basis. Public authorities can only rely on legitimate interests if they are processing for a legitimate reason other than performing their tasks as a public authority.

The following is provided as an example from the Privacy Notice prepared in relation to the processing of personal data in relation to elected councillors:

The processing of your personal data is necessary for compliance with a legal obligation and the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, in accordance with Article 6 of the General Data Protection Regulation. The provision of a postal or email address for the service of notice of meetings is a requirement of the Local Government Act 1972 and the Local Government (Electronic Communication) (England) Order 2015, which allows a meeting summons to be deemed served to a nominated electronic address.

Who we share your information with

The personal information will be used by the Council’s back office staff and enforcement teams and may be shared with its parking enforcement contractors (Companies working on behalf of the Council). Appropriate measures will be made to ensure the records we hold on you (paper and electronically) are kept in a secure way and only those who have a right to see them and in compliance with data protection legislation will be able to see them.

This information may be disclosed to other enforcement agencies and third parties where it is necessary and lawful to do so e.g. for the prevention and detection of crime.

How long do we keep your information?

This section of the Privacy Notice should specify the retention period for which the personal data will be kept or, if that is not possible, the criteria used to determine that period. It is important to be aware that the GDPR states that personal data must be kept ‘no longer than is necessary for the purposes’. The retention period for each type of personal data will have been identified as part of the exercise to record personal data processing activities.

The following is provided as an example from the Privacy Notice prepared in relation to the processing of personal data in relation to elected councillors:

Your rights

Under the General Data Protection Regulation, you have various rights as an individual that you can exercise in relation to the information that the Council holds about you. Information about these rights is available on the data protection page of the Council’s website:

How to make a complaint

If you are unhappy with the way in which your personal data is processed by Epping Forest District Council you should contact the Data Protection Officer in the first instance:

If you remain dissatisfied with the Council’s processing of your personal data, you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

https://ico.org.uk/


Report it...Report it


 Read it


Pay itPay it


Apply for itApply for it