Buy Doncaster Privacy Notice

How we will use your information when you signup to the Buy Doncaster service

 

What information about you do we collect?

For the processing to which this notice relates to be carried out we use the following information:

• personal information (such as: your name, address, telephone number)
• sensitive personal information i.e. ethnicity (however this is not mandatory)

How do we collect information about you?

We collect your information from you directly (e.g. by asking you to complete an online form to register for an account, or when you telephone the Buy Doncaster team and ask for an account to be set up)/ traded services teams who are currently in contracts with you, who deem you being able to access Buy Doncaster Online as an essential part of service delivery.

How will your information be used?

Your information might be used to:
• Maintain and manage a record of transactions for traded/ non-traded services and training.
• Maintain a comprehensive training record for each individual delegate.
• Make recommendations for purchases based on your information (e.g. job title, organisation type etc.)
• (Management access rights being able to view records)
• Internal management of the service

The Legal Basis for using your information

The table below sets out the legal basis for each of the activities that this Privacy Notice covers

Activity

Legal Basis

Collecting personal information such as name, address and telephone number.

Because to do so is necessary to take steps at your request to enter into a contract with our Traded Services.




Information by contract (or information required to enter into a contract)

You are required to provide us with your information to receive this service. The consequences of not providing the information requested are that you will not be able to have a Buy Doncaster Online account and therefore cannot purchase traded services or book on training.

Who will your information be shared with?

We sometimes need to share your information within the Council or with other organisations. We will only share your information when necessary and when the law allows us to, and we will only share the minimum information we need to. For reporting matters we may need to share your information with:
• Directors
• Trading / non-trading services and training providers
• Finance and Corporate Service

We generally only share your information where doing so is necessary for reporting purposes; however, in special cases we may also share your information with other individuals and organisations. For example, if you make a complaint to your Councillor, or if the sharing would help with a safeguarding issue, or help prevent a crime. Sometimes, we might share your information without your knowledge.

The Council will never sell your information to anyone else.

How long will we keep your information?

We will keep your information for only so long as is necessary – the table below sets out typical timescales for each activity:

Activity

Time information kept for

Personal information created during account set up.

This information is erased from our records after 2 years of account inactivity.

Sensitive personal information i.e. ethnicity created during account set up.

This information is erased from our records after 2 years of account inactivity.

Financial records

6 years after the last account activity




Your rights

The law gives you specific rights over your information. These rights are:
• to be informed of our use of information about you;
• of access to information about you;
• rectify information about you that is inaccurate;
• to have your information erased (the ‘right to be forgotten’);
• to restrict how we use information about you;
• to move your information to a new service provider;
• to object to how we use information about you;
• not to have decisions made about you on the basis of automated decision making;
• to object to direct marketing; and,
• to complain about anything the Council does with your information (please see the ‘Complaints’ section below).

Some of the rights listed above apply only in certain situations, and some have a limited effect.  Your rights are explained further in the Subject Rights Procedure on our website, as is how to make a request under one or more of them.


You can access information about yourself by making a subject access request at the following page of the Council’s website: http://www.doncaster.gov.uk/services/the-council-democracy/data-protection-policy

Data Protection Officer (DPO)

The Council is required by law to have a DPO.  The DPO has a number of duties, including:
• Monitoring the Council's compliance with data protection law
• providing expert advice and guidance on data protection 
• acting as the point of contact for data subjects; and,
• co-operating and consulting with the Information Commissioner's Office (see 'Complaints' below).

The Council's Data Protection Officer can be contacted by email as information.governance@doncaster.gov.uk

 Complaints

If you are unhappy with the way in which your information has been handled you should contact the Council’s Data Protection Officer so that we can try and put things right. Alternatively, and if we have been unable to resolve your complaint, you can also refer the matter to the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold information rights, and they can investigate and adjudicate on any data protection related concerns you raise with them. They can be contacted via the methods below:

Website:     www.ico.org.uk
Telephone:  0303 123 1113
Post:           Information Commissioner’s Office
                  Wycliffe House
                  Water Lane
                  Wilmslow
                  Cheshire
                  SK9 5AF

 

 

 

 

Last updated: 02 January 2019 09:15:23