Data Protection
General Information
Data Protection legislation, including the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR), provides a framework to ensure Personal Data is handled properly and gives individuals rights to know how personal information can be collected, used and stored.
Personal data is any information that can be used to identify you as a Data Subject, such as your name and address. It’s information that relates to you, and from which you can be identified directly; or which could be used in combination with other information to identify you. Further information on Personal Data is available on the Information Commissioner’s Office (ICO) website.
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
In order to operate efficiently Moray Council must collect and use information about people with whom it works, and, we may be required to process information to comply with legal obligations and our statutory duties. This personal information collected may be of members of the public; current, past and prospective employees; service users, and, suppliers.
Moray Council will strive for a positive and proactive approach to the collection and management of Personal Data. The Council will ensure we protect the information we collect, use and share information appropriately; actively managing it so it is relevant and up-to-date, and, remain fully compliant with legislation and best practice guidance from the ICO. Personal information in all formats are covered by Data Protection, including but not limited to: paper files, databases, emails, telephone recordings, CCTV and all information repositories.
If you need help understanding this page please inform the Data Protection Officer (DPO), dataprotection@moray.gov.uk, and we will provide someone to explain the contents of the information. A translation service is also available and you can ask for an advocate to assist you.
Privacy Notices
Whenever the Council collects personal information a Privacy Notice should be made available to explain how your personal information may be collected, used, stored, shared and securely disposed of, our legal basis for doing so and what your Data Subject Rights are. Please see the Privacy Notices webpage for further information.
How long are records about you held?
Records will be kept for the minimum length of time required, some of these timespans are dictated by law. If there is no legal requirement to keep the records after the service to you has ceased they will be securely destroyed as soon as is practicable.
The Council’s Retention Schedules are available here and state how long a record’s retention should be and their ultimate fate. Some records are worthy of permanent preservation, to capture the history and heritage of Moray for future generations, these records are transferred to the Council’s Archives. Records that have a fate of destruction are securely destroyed.
Who we share your information with
Your personal data may be shared internally with authorised officers of the Council if having access to that data is a necessary part of their roles, such as to ensure records are accurate and up to date. It may also be shared with other relevant Council departments when applicable.
To provide effective services, your data may also be shared with agencies and external partners who deliver services on the Council’s behalf so they can provide these services (for example contractors). When we share your personal information with third parties we only do so when legally required, or when permissible under Data Protection legislation. In these instances, we ensure that these recipients are able to meet their obligations under Data Protection legislation and have measures in place to ensure your information is protected. These prerequisites will be set out in information sharing agreements or contracts.
We may also share your personal data with other relevant Council departments and third parties, where we are under a legal obligation to do so. For example this may be with Police, Social Security Scotland, UK Border Agency or other Registered Professional Bodies.
The Council is required by law to protect public funds against fraud. We may share personal data with other relevant Council departments and third parties responsible for auditing and administering public funds, or who otherwise have responsibility for preventing and detecting fraud.
Your information may also be shared with other organisations to provide services to you in the event of an emergency or civil incident.
Whenever personal information is shared with third parties we will only provide the minimum information required. The Council will not sell your personal information to any third parties.
Information you give us about other people
Occasionally you may be asked to provide someone else’s personal information for a specific purpose, for example to contact them in the event of an emergency, or to assess your entitlement to a service, or for us to contact them regarding a reference on your job application, or, suchlike. Please make sure that you let them know that you have given their information.
If they would like further information on how the Council uses personal information, our Service specific Privacy Notices are available here: http://www.moray.gov.uk/moray_standard/page_142831.html
Are records confidential?
The Council’s employees have a duty of care when providing services. This includes respecting the right to confidentiality and ensuring that information about you is only processed for the purposes of the service being provided.
How do I request my information?
You are entitled to request a copy of personal information that the Council holds on you. This is called a Subject Access Request (SAR).
You are only entitled to your own personal information. Requestors with parental rights may request information that identifies and relates to their child(ren) under the age of 12years.
To make a request please complete a Subject Access Request form and send it to: info@moray.gov.uk, or, Information Co-ordinator, Elgin Library, Cooper Park, Elgin, IV30 1HS.
Please note that proof of identity will be required before releasing personal information, and, that personal information of third parties will be redacted from any copies provided.
If you need help understanding the information you receive please inform the Council and we will provide someone to help explain the contents of the information. A translation service is also available and you can ask for an advocate to assist you.
Concerns or complaints:
If you have any Data Protection concerns or complaints regarding how we handle personal information please contact the Council’s DPO dataprotection@moray.gov.uk.
However, you also have the right to lodge a complaint about Data Protection matters with the Information Commissioner's Office, https://ico.org.uk/. The ICO can be contacted by post at:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF.
By telephone at 0303 123 1113, or via their website: https://ico.org.uk/make-a-complaint/.
Further information
For further information on your Data Subject Rights, please see: Data Protection: Your Data Subject Rights and, Element 9 on the Council’s Records Management Plan (RMP): http://www.moray.gov.uk/moray_standard/page_92824.html