Privacy Notice
This Privacy Statement explains how Elham Parish Council (council) collects, uses, and protects personal data. We are committed to handling personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The Council is the Data Controller for the personal data we process.
What Personal Data We Collect
We may collect and process the following types of personal data:
- Names, addresses, telephone numbers, and email addresses
- Correspondence and enquiries
- Financial information (e.g., invoices, payments, grants)
- Employment and HR information (for staff and applicants)
- Burial and other service-related information
- Information required for statutory functions (e.g., planning comments, public consultations)
We only collect the minimum amount of data necessary for each purpose.
How We Use Your Personal Data
We process personal data to:
- Deliver council services
- Respond to enquiries and correspondence
- Manage finances, contracts, and procurement
- Administer burials and community facilities
- Meet statutory obligations (e.g., transparency, audit, public rights)
- Manage staff employment and recruitment
- Maintain governance records such as minutes, policies, and registers
We do not use your data for marketing.
Why We Collect Your Personal Data (Purposes of Processing)
We use your personal data to:
- Deliver Council services
- Respond to enquiries and correspondence
- Manage finances, contracts, and procurement
- Administer burials and community facilities
- Meet statutory obligations (e.g., transparency, audit, public rights)
- Manage staff employment and recruitment
- Maintain governance records such as minutes, policies, and registers
Lawful Basis for Processing
Under Article 6 UK GDPR, we rely on:
- Legal obligation – where processing is required by law
- Public task – where processing is necessary for our official functions
- Contract – where processing is required to deliver a service you request
- Consent – only where no other lawful basis applies
- Vital interests – where processing is necessary to protect life
Where we process special category data (e.g., health information), we rely on Article 9 conditions such as:
- Employment and social protection obligations
- Substantial public interest
Sharing Your Information
We may share personal data with:
- Government bodies and regulators (e.g., HMRC, ICO)
- Internal and external auditors
- Contractors and service providers working on our behalf
- Other authorities where legally required
We do not sell personal data to third parties.
How Long We Keep Your Data
We retain personal data only for as long as necessary. Retention periods are set out in our Document Retention and Disposal Schedule and follow statutory requirements (e.g., 6 years for financial records, permanent retention for burial registers).
How We Protect Your Data
We use appropriate technical and organisational measures, including:
- Secure digital storage and encrypted devices where required
- Restricted access to personal data
- Secure disposal of paper and electronic records
- Staff and Member training in data protection
Your Rights
You have the following rights under UK GDPR:
- To access your personal data
- To request correction of inaccurate data
- To request deletion (in certain circumstances)
- To restrict or object to processing
- To request data portability (where applicable)
- To withdraw consent (where consent is used)
To exercise your rights, please contact the Clerk.
Contact Details
Data Controller: The Parish Council Contact: Clerk / Responsible Financial Officer Email: clerk@elhampc.co.uk
If you are unhappy with how we handle your data, please contact the Clerk in the first instance. You also have the right to complain to the Information Commissioner’s Office (ICO).
Updates to This Privacy Statement
We may update this Privacy Statement from time to time. The latest version will always be available on our website.