Ashfield District Council is registered as a data controller with the Information Commissioner's Office (ICO) (registration number: Z5623481).
Discover Ashfield is committed to protecting your privacy when you use our services. This privacy notice tells you what to expect when the organisation collects personal information. It also explains when and why we collect this information, how we use it, the conditions under which we may disclose it to others, how we keep it secure and what rights you have in relation to the data we hold about you.
If you have enquiries about this privacy statement or about use of your personal data, you can contact us at:
Data Protection Officer
Ashfield District Council
Urban Road
Kirkby in Ashfield
Nottingham
NG17 8DA
Email: DPO@ashfield.gov.uk
What is the purpose of this privacy statement?
This privacy statement tells you what to expect when Discover Ashfield collects personal data. It applies to information we collect about:
- visitors to our mobile application
- people who register for an online account
- people who register for and use our services
- people who are referred to us by other persons, agencies, organisations
- people who contact us with an enquiry or complaint
- our current and former employees or people who volunteer for Discover Ashfield
- people who participate in publicity for Discover Ashfield
What is personal data?
Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual).
The following types of personal data may be used:
- personal contact details such as name, address, phone number, etc.
- personal identifiers such as an NHS number
- visual images, personal appearance and behaviour
- personal or professional opinions about an individual
- family details
- employment
- housing needs
- lifestyle and social circumstances
- pension or financial activity records
- offences (including alleged offences).
There are 2 classes of personal data — 'normal' personal data, as shown above and 'special categories' of personal data. Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you.
This is likely to include anything that can reveal your:
- racial or ethnic origin
- religious or philosophical beliefs
- Trade Union membership
- physical or mental health
- genetic or biometric data for the purpose of uniquely identifying a natural person
- sexual life or orientation
- political opinions.
Where 'normal' personal data is involved, the basis for processing under the UK GDPR would normally be Public Task. However, there are other bases available as necessary.
Where 'special categories' of personal data are involved, then more rigorous procedures are necessary and:
- explicit consent of the person concerned must be obtained; or
- one of the conditions in schedule 1 of the Data Protection Act 2018 (external link). For example, conditions relating to employment or the substantial public interest conditions, must be satisfied.
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer by:
- email: DPO@ashfield.gov.uk
- telephone: 01623 450000.
Notification of change of Privacy Notice
We may modify this privacy notice at any time, but if we do so, we will notify you by publishing the changes on this mobile application and at the website (www.discoverashfield.co.uk).
If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email. If, after being informed of these changes, you do not end your association with Discover Ashfield you will be considered as having expressly consented to the changes in our privacy notice.
If you disagree with the terms of this notice, or any updated version of this notice, you may exercise your rights to end your association with Discover Ashfield, at any time. This notice was last updated in January 2025.
How do we collect and use your personal information?
Why do we collect your information?
We obtain information about you when you are registered within the district, for example, when you register to pay Council Tax, when you register for council services or when you apply for services for example, applying for a council property or to receive benefits etc.
Why do we need your personal information?
We may need to use some information about you to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- to undertake public tasks
- to uphold legal rights and obligations
- check the quality of services
- to help with research and planning of new services.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to perform public tasks
- it is necessary to perform our Legal Obligations
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes.
If we have consent to use your personal information, you have the right to withdraw it at any time. If you want to withdraw your consent, please contact us by email at DPO@ashfield.gov.uk and tell us which service you’re using so we can deal with your request.
If you would like more information about the basis on which personal data is processed, please visit the Information Commissioners Office (ICO) website.
We only use what we need!
Where we can, we only collect and use personal information to meet the obligations set out above.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We don’t sell your personal information to anyone else.
You can ask to have your information moved to another provider (data portability)
It’s likely that data portability won’t apply to most of the services you receive from Discover Ashfield.
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.
You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when Discover Ashfield uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we are using your information.
Who do we share your information with?
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.
We’ll complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but when we need to share your information, it will be because one of the exemptions in the Data Protection Act 2018 applies. For example:
- for the purpose of prevention and detection of crime,
- apprehension or prosecution of offenders
- assessment and collection of tax etc
- information required to be disclosed by law. For example, if the court orders that we provide the information
- functions designed to protect the public
- for the purpose of assisting in the prevention and detection of fraud.
Personal data will be disclosed to the National Fraud Initiative (NFI) for the purpose of assisting in the prevention and detection of fraud. The National Fraud Initiative (NFI) matches electronic data within and between public and private sector bodies to prevent and detect fraud.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so.
How we record what personal data we hold
Please see our Information Asset Register in the related document section of this web page for details of what information we hold, the basis for processing the information, how long we keep your data and who we may share it with and why. The register is divided into service areas enabling you to search it more easily.
How do we protect your information?
We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
- pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of Discover Ashfield could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Where in the world is your information?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.
If we need to send your information to an ‘unsafe’ location we’ll always seek advice from the Information Commissioner first.
How long do we keep your personal information?
There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.
For each service the schedule lists how long your information may be kept for.
How you use this mobile application (something called Google Analytics)
We use Google Analytics to collect information about how people use this mobile application. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the mobile application work better.
Google Analytics stores information about what pages on the mobile application you visit, how long you are on the mobile application, how you got here and what you click on while you are here.
We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are.
We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the mobile application and identify gaps in the content and see if it is something we should add to the mobile application.
Unless the law allows us to, we do not:
- share any of the data we collect about you with others, or
- use this data to identify individuals.
Cookies (not the edible ones) and how you use this mobile application
To make this mobile application easier to use, we sometimes place small text files on your device (for example your iPad or laptop) called cookies. Most big mobile applications do this too. They improve things by:
- remembering the things you’ve chosen while on our mobile application, so you don’t have to keep re-entering them whenever you visit a new page
- remembering data you’ve given (for example, your address) so you don’t need to keep entering it
- measuring how you use the mobile application so we can make sure it meets your needs.
By using our mobile application, you agree that we can place these types of cookies on your device.
We don’t use cookies on this mobile application that collect information about what other mobile applications you visit (often referred to as privacy intrusive cookies).
Our cookies aren’t used to identify you personally. They’re just here to make the mobile application work better for you. You can manage and/or delete these files as you wish.
To learn more about cookies and how to manage them, visit AboutCookies.org or watch a video about cookies.
Other people’s cookies
We use videos from YouTube and feeds from other mobile applications such as Facebook and Twitter. These mobile applications place cookies on your device when watching or viewing these pages
Turning off cookies
You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of this mobile application.
There is more information about how to delete or stop using cookies on AboutCookies.org. You can also opt out of being tracked by Google Analytics.
Your Credit or Debit Card information
If you use your credit or debit card to make payments, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard, and don’t store the details on our mobile application or databases.
We have various methods and payment providers. Our corporate Payment Card Industry payments solution(s) are provided by Capita. Capita are a validated PCI payments system supplier.
Where can I get advice and more information?
If you have any worries or questions about how your personal information is handled please contact our Data Protection Officer at DPO@ashfield.gov.uk or by calling 01623 450000.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Or email casework@ico.org.uk.
Further guidance on the use of personal information can be found at ico.org.uk.
Documents
Information Asset Register