1 How we look after your personal data
West Sussex County Council: the data controller
West Sussex County Council (WSCC) respects your privacy and is committed to protecting your personal data. We comply with the Data Protection Act 1998, any subsequent replacement legislation and the General Data Protection Regulation (EU) 2016/679) (GDPR).
The County Council is registered as a ‘data controller’ with the Information Commissioner’s Office (ICO - Reg. No. Z6413427), the UK supervisory authority for data protection issues. We ensure that your personal data is processed fairly and kept securely and for no longer than is necessary.
It is important that the personal data we hold about you is accurate and up to date, so please tell us if your personal details change during your relationship with us. If you are under 18, get your parent or guardian's permission before you provide personal information to our website.
It is important you read this privacy notice together with any other privacy notice we may give you when we are collecting or processing personal data about you. In doing so you can be fully aware of how and why we are using your data.
2 What information we collect and how we use it
In order to register and receive or use many of the services, including those on our website, you need to give us some personal information. We will hold this information for as long as it is needed for the service you have requested and remove it when that purpose has been met.
In the case of an online information service, such as email alerts, we will remove your details if you inform us that you no longer wish to continue to receive the service.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances.
- Public task: to perform a task in the public interest or for an official function.
- Legal obligation: to comply with the law (not including contractual obligations).
- Contract: for a contract with you, or because you have asked us to take specific steps before entering into a contract.
- Vital interests: to protect someone’s life.
- Legitimate interests: to protect the interests of the County Council or someone else unless there is a good reason to protect your data which overrides those other interests.
- Consent: you have specifically agreed to our use of your data and we have no other legal basis for processing it.
3 Data security
We have put in place security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed inappropriately.
We also limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know in order for our service to be provided. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have procedures to deal with any suspected breach of the rules about personal data and will notify you and the regulator of a breach where we are required to do so.
The County Council uses CCTV for the detection and prevention of crime.
We reserve the right to monitor and record electronic communications (website, email and phone conversations) for the purposes of keeping records, staff training, detection, investigation and prevention of crime.
- Phone conversations - We will inform you if your call is being recorded or monitored.
- Email - Emails that we send to you or you send to us may be kept as a record of contact and your email address stored for future use in accordance with our record retention policy. If we need to email sensitive or confidential information to you, we will perform checks to verify the correct email address and may take additional security measures. If sending us such information we recommend using our secure online forms where we provide them, or the postal service.
We may use equality data such as ethnic, gender, sexual orientation and age information to compile statistics in order to comply with equality legislation and assist in planning services.
Such data does not identify individuals or affect anyone’s entitlement to services.
The County Council must protect public funds and may use personal information and data matching techniques to detect and prevent fraud and ensure public money is targeted and spent in the most cost-effective way. In order to achieve this, information may be shared with other bodies responsible for auditing or administering public funds, including:
- the Audit Commission
- the Department for Work and Pensions
- other local authorities, HM Revenue and Customs
- fraud investigation services
- the police.
5 National Fraud Initiative
The National Fraud Initiative (NFI) is an exercise that takes place every two years to match electronic data within and between public sector bodies to prevent and detect fraud. It does not require the consent of the individuals concerned.
We have a legal obligation to take part in the exercise, which also includes police authorities, local probation boards, fire and rescue authorities and other local councils.
Details recorded on our payroll system are provided electronically to the Cabinet Office as part of the exercise, using a password-protected website. Strong security measures are in place to protect the information, and access to the data extract file is strictly controlled.
The data extract will not be sent by post or courier. Once the data extract file has been successfully submitted it will be removed from our computer network.
6 Your rights
- To request access to your personal data.
- To request correction of our records.
- To request removal of data or limit our use of it - This right is not absolute and we may not be able to comply with your request. You have a right to have personal data erased and to prevent types of data processing in the following specific circumstances.
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraw consent we have relied upon.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed.
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
- To object to processing - In some cases, we may need to explain that we have good grounds to continue to process your information.
- To data portability - This right allows individuals to obtain and reuse their personal data for their own purposes for different services. This only applies to personal data provided by you, with your consent or for the performance of a contract, and when processing is automated.
- Not to be subject to automated decision-making, including profiling - This right only applies where the decision is based on automated processing and we do not undertake any automated decision-making, including profiling.
- To withdraw consent (when this is the only basis for our use of your data).
To find out more about your legal rights or request a change or deletion to your personal information see Your rights.
To obtain access to the records we hold about you see Accessing your personal data.
7 Contact for data protection issues and complaints
We have appointed a data protection officer (DPO) who is responsible for overseeing issues in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, contact the DPO: