Community Services Privacy Notice
Gloucestershire County Council is the Data Controller for the personal information we collect from you. We will always ensure that we only collect the information necessary for the services we are providing you. Any information we do collect and use will be covered by our corporate policies which can be found on our Information Management and Security policies page.
However there are some specific policies covering how we use the 3 main types of information we can collect these are our Data Protection Policy, Special Category data policy and our criminal conviction data policy.
- Who do we collect personal data about?
- What personal data do we use?
- Why do we need your personal information?
- What gives us the right to use your personal information?
- What gives us the right to use your sensitive information?
- Where do we get your data from and who will we share it with?
- Transfers out of the EEA
- Your rights and how to use them
- Making a complaint to the Information Commissioner
In the majority of cases your information will remain in the UK and it will not be necessary for us to transfer your personal data outside the European Economic Area (EEA). But there are some occasions where your information may leave the EEA for example
- Where we use a cloud-based IT system to hold your data, and the data in the cloud is stored on servers located outside the EEA. In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the EEA
- Where you are based outside the EEA and we need to send you emails or other communications which are necessary for the performance of our contract with you or to deliver the services we provide
If we do need to share your personal data outside of the EEA, we will endeavour to:
- Take all practical steps to make sure your personal information is not sent to a country that is not deemed to provide an adequate level of protection for personal data either by the UK government or the European Commission.
- Use specific contractual clauses approved by the European Commission which give personal data the same protection it has in the UK and Europe.
- Use only appropriate safeguards as set out in Chapter V of UK GDPR.