How the Council uses your information
Boston Borough Council takes the privacy and security of its clients, staff and citizens seriously. We try our best to manage all personal data in a safe and responsible manner.
Your privacy is important to us. We have a data protection policy in place in which we commit to taking care of personal information.
To deliver our services, we need to collect, use, store, share and dispose of personal information. This is known as data processing.
When we collect personal information from you, we must tell you why we need it, what we will do with it and how long we will keep it. This is called a privacy notice.
The information on this page is our privacy notice to explain how we process your personal information. We are currently working on more privacy notices in each of our service areas, which will be published as soon as possible.
Who controls my personal information?
Boston Borough Council is the data controller. We determine how your personal information will be processed and have to comply with data protection law. We are registered with the Information Commissioner as a data controller. In some cases we are data controllers in common with other organisations such as Lincolnshire County Council. Our Electoral Services has a different data controller - the Returning Officer.
What personal information do you collect and how do you collect it?
We collect personal information about you in many ways. In most cases, we will collect it directly from you. That may be in person, by telephone, on a paper or online form, by email or letter, or on CCTV. There will be cases when we receive information about you from someone else, or from one of our partners.
We collect different categories of personal information, depending on the service we provide to you. In most cases, we will need your name and contact details. Our service-specific privacy notices give further detail on what kind of information is collected about you.
When we collect information from you, we will ensure we comply with the data protection principles:
- We will only collect information that we need.
- We won't keep your information for longer than we need it.
- We will tell you why we need your information and what we will do with it.
- We will keep your personal information secure.
- We will keep your information up-to-date.
- We will not use the information for a different purpose than the one we told you about (unless we have to do so by law).
Why do you process information about me?
We need to process personal information about you to enable us provide services and meet our legal obligations, such as collecting Council Tax, paying benefits and grants, and dealing with planning and licensing applications.
It will sometimes be necessary to process personal information to protect individuals from harm or injury, to prevent and detect crime, to comply with legal orders and duties, and to provide information in accordance with a person's rights.
We may need to keep your personal information within the Council's records for evidential and historical reasons, or use it for research and statistical purposes.
We will only process your personal information when there is a lawful reason to do so:
- It is required by law.
- It is necessary to provide a Council service.
- It is necessary as part of a contract.
- It is necessary to protect someone's life.
- We have a legitimate interest to do so.
- You have given us permission to do so.
Who do you share my information with?
To provide you with efficient services, we will sometimes share your personal information between teams within the Council, and with external partners and agencies involved in delivering services on our behalf, or alongside us. We may also provide personal information to third parties, but only where it is necessary to comply with the law or where it is allowed by data protection law.
We have a duty to protect public funds. We may check your information within the Council for verification purposes and/or for the prevention of fraud. We may share your information with other organisations where we are required to do so for the purposes of the prevention or detection of crime.
By way of example, we may share your information with:
- NHS Lincolnshire
- Lincolnshire Police
- Department for Work and Pensions
- Voluntary organisations and care providers
Our service-specific privacy notices give further information about the organisations with whom we may share personal information.
We will only share information with partners or contractors who agree to protect your information. Their duties will be set out in contracts or information sharing agreements.
Do you transfer my information outside the UK?
Your information will normally be stored and processed in premises in the Council area or on servers based in the UK. While it may sometimes be necessary to transfer personal information overseas, any transfers will be in compliance with data protection law. Infromation available on our website, such as media or publciations which may have your personal information in may be accessible from outside the UK.
How long do you keep hold of my information?
We will not keep your information for any longer than it is needed, and will dispose of paper and electronic information in a secure way. The length of time we need to keep information will depend on the purpose for which it is collected. Our service-specific privacy notices give further information on how long we keep your information.
What are my rights in relation to my information?
You have the following rights:
- To know how your information is used, in a clear and easy to understand way.
- To see any information held about you by making a subject access request.
- To withdraw consent at any time, in the limited situations where the legal basis for processing is consent.
- To data portability, in certain cases where the legal basis for processing is (i) consent or (ii) performance of a contract.
- To request rectification or erasure of your information, where data protection law allows this.
- To object to the processing of your information, where we do not have a lawful reason to process.
In some cases the Council is using information to meet a lawful obligation placed upon the Council by a series of Laws. In this case the Council may need to withhold some of the 'subject's rights'
How do I contact the Council's data protection officer?
The Council has appointed a data protection officer to make sure it is complying with data protection law. You can contact the data protection officer at:
Data Protection Officer
Do I have a right to complain about the way information has been used?
If you have a concern about the way we are collecting or using your personal data, please let us know and we will try to resolve this. If you are still concerned, you can contact the Information Commissioner:
Information Commissioner's Office
0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number