In order to conduct its business, services and duties, Barry Town Council processes a wide range of data, relating to its own operations and some which it handles on behalf of partners. In broad terms, this data can be classified as:
Barry Town Council will adopt procedures and manage responsibly, all data which it handles and will respect the confidentiality of both its own data and that belonging to partner organisations it works with and members of the public. In some cases, it will have contractual obligations towards confidential data, but in addition will have specific legal responsibilities for personal and sensitive information under data protection legislation.
This Policy is linked to our ICT Policy which will ensure information considerations are central to the ethos of the organisation.
The Town Council will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioners Office.
The Council will be as transparent as possible about its operations and will work closely with public, community and voluntary organisations. Therefore, in the case of all information which is not personal or confidential, it will be prepared to make it available to partners and members of the Town’s communities. Details of information which is routinely available is contained in the Council’s Publication Scheme which is based on the statutory model publication scheme for local councils.
Barry Town Council recognises it must at times, keep and process sensitive and personal information about both employees and the public, it has therefore adopted this policy not only to meet its legal obligations but to ensure high standards.
The General Data Protection Regulation (GDPR) which become law on 25th May 2018 and will like the the Data Protection Act 1998 before them, seek to strike a balance between the rights of individuals and the sometimes, competing interests of those such as the Town Council with legitimate reasons for using personal information.
The policy is based on the premise that Personal Data must be:
Data Protection Terminology
Data subject – means the person whose personal data is being processed. That may be an employee, prospective employee, associate or prospective associate of BTC or someone transacting with it in some way, or an employee, Member or volunteer with one of our clients, or persons transacting or contracting with one of our clients when we process data for them.
Personal data – means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person. It can be anything from a name, a photo, and an address, date of birth, an email address, bank details, and posts on social networking sites or a computer IP address.
Sensitive personal data – includes information about racial or ethnic origin, political opinions, and religious or other beliefs, trade union membership, medical information, sexual orientation, genetic and biometric data or information related to offences or alleged offences where it is used to uniquely identify an individual.
Data controller – means a person who (either alone or jointly or in common with other persons) (e.g. Town Council, employer, council) determines the purposes for which and the manner in which any personal data is to be processed.
Data processor – in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Processing information or data – means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
Where appropriate and governed by necessary safeguards we will carry out the above processing jointly with other appropriate bodies from time to time.
The Town Council as a corporate body has ultimate responsibility for ensuring compliance with the Data Protection legislation. The Council has delegated this responsibility day to day to the Responsible Finance Officer
Phone: 01446 738663
Correspondence: The Data Protection Officer, Barry Town Council, Town Hall, King Square, Barry, CF63 4RW
Barry Town Council monitors the diversity of its employees, and Councillors, in order to ensure that there is no inappropriate or unlawful discrimination in the way it conducts its activities. It undertakes similar data handling in respect of prospective employees. This data will always be treated as confidential. It will only be accessed by authorised individuals within the Council and will not be disclosed to any other bodies or individuals. Diversity information will never be used as selection criteria and will not be made available to others involved in the recruitment process. Anonymised data derived from diversity monitoring will be used for monitoring purposes and may be published and passed to other bodies.
The Council will always give guidance on personnel data to employees, councillors, partners and volunteers through a Privacy Notice and ensure that individuals on whom personal information is kept are aware of their rights and have easy access to that information on request.
Appropriate technical and organisational measures will be taken against Unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Areas unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The information provided (personal information such as name, address, email address, phone number) will be processed and stored so that it is possible for us to contact, respond to or conduct the transaction requested by the individual. By transacting with Barry Town Council individuals are deemed to be giving consent for their personal data provided to be used and transferred in accordance with this policy, however where ever possible specific written consent will be sought. It is the responsibility of those individuals to ensure that the Town Council is able to keep their personal data accurate and up-to-date. The personal information will be not shared or provided to any other third party or be used for any purpose other than that for which it was provided.
General Data Protection Regulations (and Data Protection Act) Article 6 (1) (a) (b) and (e)
The Town Council cares to ensure the security of personal data. We make sure that your information is protected from unauthorised access, loss, manipulation, falsification, destruction or unauthorised disclosure. This is done through appropriate technical measures and appropriate policies.
We will only keep your data for the purpose it was collected for and only for as long as is necessary, after which it will be deleted.
We will not process any data relating to a child (under 13) without the express parental/ guardian consent of the child concerned.
Access to Information: an individual has the right to request access to the information we have on them. They can do this by contacting our Town Clerk or Data Protection Officer:
Information Correction: If they believe that the information we have about them is incorrect, they may contact us so that we can update it and keep their data accurate. Please contact: Town Clerk.
Information Deletion: If the individual wishes the Town Council to delete the information about them, they can do so by contacting the Town Clerk.
Right to Object: If an individual believes their data is not being processed for the purpose it has been collected for, they may object by contacting the Town Clerk or Data Protection Officer.
The Town Council does not use automated decision making or profiling of individual personal data.
Complaints: If an individual has a complaint regarding the way their personal data has been processed, they may make a complaint to the Town Clerk, Data Protection Officer or the Information Commissioners Office firstname.lastname@example.org Tel: 0303 123 1113.
The Council will always give guidance on personnel data to employees through the Employee handbook.
The Council will ensure that individuals on whom personal information is kept are aware of their rights and have easy access to that information on request.
The Publication Scheme is a means by which the Council can make a significant amount of information available routinely, without waiting for someone to specifically request it. The scheme is intended to encourage local people to take an interest in the work of the Council and its role within the community.
In accordance with the provisions of the Freedom of Information Act 2000, this Scheme specifies the classes of information which the Council publishes or intends to publish. It is supplemented with an Information Guide which will give greater detail of what the Council will make available and hopefully make it easier for people to access it.
All formal meetings of Council and its committees are subject to statutory notice being given on notice boards, the Website and sent to the local media. The Council publishes an annual schedule in May each year. All formal meetings are open to the public and press and reports to those meetings and relevant background papers are available for the public to see. The Council welcomes public participation and has a public participation session on each Council and committee meeting. Details can be seen in the Council’s Standing Orders, which are available on its Website or at its Offices.
Occasionally, Council or committees may need to consider matters in private. Examples of this are matters involving personal details of staff, or a particular member of the public, or where details of commercial/contractual sensitivity are to be discussed. This will only happen after a formal resolution has been passed to exclude the press and public and reasons for the decision are stated. Minutes from all formal meetings, including the confidential parts are public documents. The Council will be pleased to make special arrangements on request for persons who do not have English as their first language or those with hearing or sight difficulties.
The Council will as necessary undertake checks on both staff and Members with the the Disclosure and Barring Service and will comply with their Code of Conduct relating to the secure storage, handling, use, retention and disposal of Disclosures and Disclosure Information. It will include an appropriate operating procedure in its integrated quality management system.
The Local Government (Democracy) (Wales) Act 2013, gained Royal Assent on 30 July 2013. Its primary purpose was to reform the constitution and functions of what is now known as the Local Democracy and Boundary Commission for Wales. The Act, however, introduced various other provisions connected with local government. Sections 55 to 58 of the Act are concerned with access to information, and most particularly, access to information about Community Councils (section 58 applies also to County / County Borough Councils, Fire and Rescue Authorities and National Park Authorities in Wales).
Community and Town Councils must be open about their proceedings and publish information they hold. In summary, the Act requires Community Councils to have websites; to publish notices and papers electronically; and to publish their register of members’ interests electronically (those maintained under section 81 of the Local Government Act
Barry Town Council commits to meeting this high standard of openness and transparency
Adopted by Council: Barry Town Council
Review Date: 11 June 2018