South Lakeland District Council is committed to protecting people’s privacy and complying with the General Data Protection Regulation (GDPR), (Regulation EU 2016/679).
We will provide you with accessible information about how we will manage and process your personal data.
We are a a data controller and if you have any concerns about the way we or our contractors are handling your personal data you can raise these with our Data Protection Officer:
- Paul Mountford
- 01539 733 333
- South Lakeland House, Lowther Street, Kendal, Cumbria LA9 4DQ
Collecting your data
As a local authority the Council delivers a number of services. To do this we need to collect and process your personal data that we receive from you for example:
- if you apply for a Council service
- if you report something
- if you make a complaint
- if you want to pay for something
- if you apply for a job at the Council
We will aim to collect the minimum amount of personal data that we need you to provide to process your request.
We will process all personal data lawfully, fairly and transparently.
Sometimes we may receive information from other sources such as credit reference agencies, the police or other government agencies if they are undertaking investigations.
We may be required to collect your information by law for example for Council Tax purposes or to register you on the Electoral Role.
We may also collect your information to obtain feedback or provide you with information about forthcoming events. In this case we will ask for your consent to allow us to process this information. We will explain why we need it and you have the right to withdraw your consent at any time.
We also collect sensitive data so we can monitor the Council’s performance with regard to equality and diversity. If we do this your data will be anonymised and combined with other anonymised data to create statistics. If you provided this information you are giving your consent to allow us to process it but you have the right to withdraw your consent at any time.
Sharing your data
To perform some functions we will need to share your personal data with other departments or with our contractors. We will only share your information if we are satisfied that the other departments or contractors will protect your information to our standards. We will develop data sharing agreements which clearly state what data we will share and how it will be used.
By law we are required to share your information for the prevention, detection and investigation of criminal offences. There is also a duty for us to share your information for anti-fraud and fraud detection purposes.
We will endeavour to ensure that the personal data we hold about you is accurate and up to date and we will only keep it for as long as it is needed for the purpose it was collected for. We can hold your data for a longer period to help you access services more easily but we will not do this without your implicit consent.
We will store and process your data securely using physical barriers such as locked doors and cupboards and technology such as usernames and passwords to prevent unlawful access to your data. If we need to share your data we will ensure it is transferred securely. We will not transfer your data outside the European Union.
We will use our privacy notice to inform you of your rights under the General Data Protection Regulation (GDPR).
We will comply with your rights under GDPR, these include informing you of:
- the name of organisations that are processing your data
- the types of data we are processing
- the purpose and lawful basis for processing the data
You have a right to your own personal data and you can request this under a Subject Access Request.
You have the right to rectify your data if it is incorrect.
You have the right to restrict processing unless we have lawful and legitimate grounds to continue processing.
You have a right to have your data erased in certain circumstances, these are detailed below:
- the personal data is no longer necessary in relation to the purpose for which it was originally collected and/or processed
- you have a right to withdraw your consent
- you may object to the processing of your data and we will stop processing it if there is no overriding legitimate interest for us to continue
- you have the right to erasure; this applies if there is no overriding legitimate interest for continuing the processing.
You have the right to data portability which allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
A summary of when you can exercise your rights based on lawful processing is detailed in the following table.
|Lawful reason for processing||Right to object||Right to erasure||Right to portability|
|We have positive consent from the subject||No but can withdraw consent||Yes||Yes|
|Processing is necessary for the performance of a contract with the data subject||No||Yes||Yes|
|Processing is necessary for compliance with a legal obligation||No||No||No|
|Processing is necessary to protect the vital interests of a data subject or another person||No||Yes||No|
|Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller||Yes||No||No|
|Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party||Yes||Yes||No|
If you have provided your email address to us, you may receive occasional email messages from us on matters that may be of interest to you.
If you sign up for any service update email alerts, such as service area consultations, you will receive the alerts as and when they are created. You can unsubscribe, or change which service update email alerts you receive, at any time.
The use of our email system may be monitored and communications read to secure effective operation of the system and for other lawful purposes, such as prevention of crime.
We are under a duty to share data within the council services for effective service provision. Your information will be shared with relevant services as stipulated in our Data Protection Notification with the ICO under the Digital Economy Act 2017.
We will endeavour to ensure your personal data will be processed in accordance with the Principles and Rights of Data Protection legislation. Any disclosure(s) made will be in accordance with our Notification, which can be viewed at www.ico.org.uk.
A copy of the Notification is also available on request from the council.
For more information please contact the Data Protection Officer.
How cookies are used by South Lakeland District Council
When we provide services, we want to make them easy, useful and reliable.
Where services are delivered on the internet, this sometimes involves placing small amounts of information on your computer or mobile phone. These include small files known as cookies. These cookies allow us to distinguish you from other users and helps us provide you with a good experience and improve our website.
This information is used to improve services. For example:
- recognising your computer so you don't have to give the same information several times
- recognising that you may already have given a username and password so you don't need to do it for every web page requested
- measuring how people use our website, which allows us to make changes so it is easier to use
You can manage these small files yourself. Learn more about cookies
If you unhappy with the way in which your personal data has been handled by us you may in the first instance contact our Data Protection Officer.
If you remain dissatisfied then you have the right to complain directly to the Information Commissioner. The Information Commissioner can be contacted at:
- 0303 123 1113
- Information Commissioner’s Office, Wycliffe House, Water lane, Wilmslow, Cheshire, SK9 5AF
Some of our teams have privacy policies that cover the specific services that they deliver.