Data Protection Policy

Information & Data Protection Policy

Data Protection Policy

KNOWSLEY TOWN COUNCIL

INFORMATION & DATA PROTECTION POLICY

 

1. Introduction

Knowsley Town Council is committed to protecting the personal data it processes and to handling all information in accordance with the law and best practice.

In carrying out its duties and functions, the Council processes a wide range of information relating to:

  • Councillors

  • Employees and former employees

  • Volunteers

  • Contractors and partners

  • Residents and members of the public

  • Service users and complainants

The Council recognises its responsibilities under:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Freedom of Information Act 2000

  • Environmental Information Regulations 2004

  • Accounts and Audit Regulations 2015

2. Principles of Data Protection

The Council will ensure personal data is:

  1. Processed lawfully, fairly and transparently

  2. Collected for specified, explicit and legitimate purposes

  3. Adequate, relevant and limited to what is necessary

  4. Accurate and kept up to date

  5. Kept only for as long as necessary

  6. Processed securely using appropriate technical and organisational measures

The Council is responsible for demonstrating compliance with these principles.

3. Lawful Basis for Processing

The Council processes personal data under one or more of the lawful bases set out in Article 6 UK GDPR, including:

  • Public Task – where processing is necessary for the performance of a task carried out in the public interest

  • Legal Obligation – where processing is required by law

  • Contract – where processing is necessary to fulfil a contract

  • Consent – where the individual has given clear consent

  • Legitimate Interests – where appropriate and balanced against individual rights

Special category data (e.g. health, ethnicity, political opinions) is processed only where an additional lawful condition under Article 9 UK GDPR applies.

4. What Information We Process

The Council may process:

  • Contact details (name, address, email, telephone)

  • Employment and payroll information

  • Councillor register of interests

  • Complaints and correspondence

  • CCTV images (if applicable)

  • Event participation details

  • Grant and funding applications

  • Equality and diversity monitoring data

Information is only collected where necessary and relevant to Council functions.

5. Data Controller and Data Protection Officer

Knowsley Town Council is the Data Controller.

The Council has appointed a Data Protection Officer (DPO):

Jane Thomas
Email: jane.thomas@knowsley.gov.uk
Phone: 0151 548 4545
Address: Bob Whiley Community Centre, Shop Road, L34 0HD

The DPO oversees compliance with data protection legislation.

6. How We Protect Information

The Council implements appropriate technical and organisational measures to ensure data security, including:

  • Secure IT systems and password protection

  • Access controls and restricted permissions

  • Staff and Member training

  • Secure document storage

  • Data retention schedules

  • Secure disposal procedures

Data breaches are managed in accordance with ICO guidance and reported where required.

7. Data Sharing

Personal data will only be shared:

  • Where required by law

  • With authorised contractors acting as Data Processors

  • With other public bodies where lawful and necessary

  • With consent of the individual

The Council ensures appropriate data sharing agreements are in place where required.

8. Data Retention

The Council retains information in accordance with its Data Retention Schedule. Personal data is not kept longer than necessary and is securely disposed of when no longer required.

9. International Transfers

The Council does not routinely transfer personal data outside the UK. Where this becomes necessary, appropriate safeguards will be implemented in accordance with UK GDPR.

10. Individual Rights

Under data protection law, individuals have the right to:

  • Access their personal data (Subject Access Request)

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability (where applicable)

  • Withdraw consent (where consent is relied upon)

Requests should be made to the Data Protection Officer.

11. Children’s Data

The Council will only process children’s personal data where necessary and with appropriate safeguards. Where consent is required, parental or guardian consent will be obtained.

12. Transparency & Publication

The Council operates a Publication Scheme in accordance with the Freedom of Information Act 2000 and complies with the Transparency Code for Smaller Authorities.

Information routinely published includes:

  • Agendas and minutes

  • Annual accounts and AGAR

  • Internal audit reports

  • Councillor responsibilities

  • Asset registers

  • Payments over required thresholds

13. Complaints

If you are unhappy with how your data has been handled, you should contact the Data Protection Officer in the first instance.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Tel: 0303 123 1113

14. Policy Review

This policy will be reviewed annually or sooner if legislation or operational practices change.