Emergency Planning Services - Privacy Notice
Who the Council is and what the Council does
West Oxfordshire District Council is a data controller under the Data Protection Legislation as the Council collects and processes personal information about you in order to provide services and meet their statutory and regulatory obligations.
The Emergency Planning Team are responsible for ensuring that the Council can fulfil its duties as a Category 1 responder under the Civil Contingencies Act (2004). The Team take a leading role in preparing for, responding to, and recovering from a wide range of emergencies such as flooding and other severe weather events, major fires and public health incidents. We produce contingency plans, organise, and deliver training and exercises for those with a role to play in preventing or responding to these types of incidents. In addition to the roles required under the Civil Contingencies Act above, the team are also responsible for the protect duty, invacuation and lockdown.
Any questions regarding our privacy practices should be sent to:
Data Protection Officer (DPO)
West Oxfordshire District Council
Council Offices, Witney, OX28 1NB
Tel: 01993 861194
Why the Council needs your information and how the Council uses it
We use your personal data to:
- Plan for, respond to and recover from emergencies and business disruptions
- Ensure that appropriate staff and partners can be contacted to support the single agency and multi-agency response to an emergency or business disruption. Personal data collected for this reason is reviewed annually to ensure it remains accurate
- Maintain a record of staff and partners skills, training, and involvement in incident response
- Enable the Council to meet its legislative duties under the Civil Contingencies Act (2004)
- Reduce the risk of harm to Council staff
We collect this information by:
- telephone, email, social media, writing or in person
What is the legal process for collecting and processing this data
Under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:
- GDPR Article 6 (1) (c) Legal Obligation – we collect and lawfully process your personal data under legislation which includes, but is not limited to:
- Civil Contingencies Act (2004)
- Health and Safety at Work Act (1974)
- Control of Major Accident Hazards (COMAH) Regulations (2015)
- GDPR Article 6 (1) (d) Vital Interest – we collect and lawfully process your personal data as it is necessary in order to protect the vital interests of the data subject or of another natural person.
- GDPR Article 6 (1) (e) Public Task – we collect and lawfully process your personal data as it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
We process special category personal data under:
- GDPR Article 9 (2) (c) Vital Interest – we collect and lawfully process your personal data to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent.
- GDPR Article 9 (2) (g) Public Interest – we collect and lawfully process your personal data for reasons of substantial public interest.
What type of information is collected from you
Personal details, which may include:
- Other contact details that you provide to us e.g. email address, telephone number
- Date of birth
- Any other information legally required in the discharge of the specific statutory obligation
Special categories of personal data
We may collect any special category data with your explicit consent, examples would be race or ethnic origin, sexual orientation, health or religious beliefs.
The amount and type of data that we request will differ depending on the reason for why we are collecting the data. We may collect data routinely to inform the content of our Emergency and/or Business Continuity Plans or we may collect information at the time of an emergency and/or business disruption to assist us to deliver a timely and effective response and recovery.
Who your information may be shared with (internally and externally)
Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.
We may share your information with government departments and agencies and third party contractors such as:-
- Emergency Services
- Public Health England
- National Government Departments as required
We will not normally share your information with organisations without your consent, however, there may be certain circumstances where we would share without consent such as where we are required to do so by law, to safeguard public safety and in risk of harm or emergency situations.
How long the Council keeps your information (retention period)
We will only retain your personal information for as long as we are required to do so by law and the purpose we collected it for.
Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.
How the Council protects your Information
Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the council’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our council sites require a personal electronic pass to access staff only areas. The Council has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.
The Council will not transfer your personal data outside the EU without your consent.
The Council have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
The Council will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
You have the following rights under the Data Protection Legislations:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances
- To object to or restrict how your personal data is processed
- To have your personal data transferred to yourself or to another business in certain circumstances
- To be told if the Council have made a mistake whilst processing your data and the Council will self-report breaches to the Commissioner.
How you can access, update or correct your information
The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.
If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
The accuracy of your information is important to us to be able to provide relevant services more quickly. The Council is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information the Council holds is inaccurate or out of date, please email us or write to us at:
Emergency Planning Team
West Oxfordshire District Council
Council Offices, Witney, OX28 1NB
If you would like to know more about how the Council uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at email@example.com.
You can also complain to the Information Commissioner: https://ico.org.uk
The Council reserve the right to update this privacy notice from time to time by publishing a new version on our the website.