Subject Access Requests privacy notice

Colchester City Council’s Privacy Policy

This Privacy Notice should be read in conjunction with Colchester City Council’s Privacy Policy.

Information collected

We collect and process personal data that you provide to us which may include:

  • Name
  • Contact details, such as postal address, telephone number and email address
  • Proof of identity, where required
  • Details of your request and the information you are asking us to provide
  • Reference numbers, case numbers or other details that help us identify and locate the relevant information
  • Information about a representative or person acting on your behalf, where applicable
  • Copies of correspondence relating to your request
  • Any additional information you provide to help us respond to your request 

Agencies we may share your data with

Whilst working with you, we may share your information with some of the following third parties:

  • The Information Commissioner’s Office, where required
  • Law enforcement bodies, where we are legally required or permitted to share information
  • A representative, parent, guardian or person acting on your behalf, where you have given authority or where we are otherwise legally permitted to do so 

The purpose and lawful basis for processing

The lawful basis for the processing of your personal data is legal obligation. The Council has a legal obligation to process the above information for the purpose of processing subject access requests. We operate under the, Data Protection Act 2018 and other regulations such as GDPR. We request the minimum amount of information and it is stored securely in our SharePoint libraries. 

How long will we keep your personal data?

Six years after the date of the request. We will only hold your personal data for as long as necessary and in line with our retention schedules. 

How we protect and store your personal data

We take the confidentiality of personal information very seriously and use recognised security and access controls to protect your information from unauthorised access, loss, misuse, alteration or corruption. We have procedures and processes in place to ensure that your personal information is managed appropriately.

Your information may be held outside of the UK.  Where this is the case, we ensure that additional measures are in place to protect your data and to ensure that we continue to comply with data protection requirements.  

We use cloud providers and online application providers to help us run our business.  Therefore the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.

Updates to this privacy notice

We will continually review and update this privacy notice to reflect changes in our processes and procedures, as well as to comply with changes in the law. When such changes occur, we will revise the 'last updated' date on this notice. We encourage you to periodically review this notice and to be informed of how we are protecting your information.