Electoral Services - privacy notice

Who we are?

Derby City Council is the local government unitary authority for Derby City. Our address is The Council House, Corporation Street, Derby, DE1 2FS. You can contact our Data Protection Officer on 01332 640763 or by email at data.protection@derby.gov.uk.

How do we collect information from you?

We collect information from you when you visit www.derby.gov.uk, when you fill in any forms using our customer portals or on our website, including myAccount; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.

You need to be registered to be able to vote in any election or referendum. We have a duty to maintain a complete and accurate register throughout the year. We will only collect the personal information we need from you in order to do this and use in the circumstances that are set out in law.

What types of information do we collect from you?

Personal data which can include your:

• name
• address
• date of birth
• Nationality
• NI Number
• signature
• contact details

This is to enable us to maintain the electoral register or provide you with a postal or proxy vote.

We may keep scanned copies of application forms and other correspondence that you supply to us to ensure that we can meet our legal duty to maintain an accurate electoral register.

We keep records about:

• potential or actual electors
• other occupants of your home
• voters
• citizens
• candidates and their agents
• staff employed at an election or during the annual canvass
• the people we need to pay.

The information we collect will depend on the service you want from us and/or the reason why we need to request and process information relating to you.

Details of information obtained from third parties?

We upload and download new registration applications to and from the IER Digital Service in order to verify the identity of potential electors.

What is the lawful basis?

The legal basis for data processing we are relying on comes from Article 6 of the UK General Data Protection Regulations (UK GDPR). The following sections apply;

• Article 6(1)(c) Legal Obligation -Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Article 6(1)(e) Public task -the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

We rely on the following conditions as per Article 9 (2) of the UK GDPR:

• (a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes,
• (g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject
• (f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity

We process all information in accordance with our legal obligations and public tasks arising from the following provisions:

• The Coronavirus Act 2020
• The Health Protection (Notification) Regulations 2010
• The Public Health (Control of Disease) Act 1984 and associated Regulations
• The Fraud Act 2006
• The Political Parties, Elections and Referendums Act 2000
• The Local Government Act 1972
• The Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012
• The Local Authorities and Police and Crime Panels (Coronavirus)(Flexibility of Local Authority and Police and Crime Panel Meetings)(England and Wales) Regulations 2020
• The Representation of the People Act (1983)
• The Representation of the People Regulations (2001)
• The Localism Act 2011

How is your information used?

We may use your information to:

• Process your application to register to vote including Overseas, Service or Anonymous registrations
• Process changes to your registration which, for example, may include opt in in or out of the Open Register, applying for a postal or proxy vote or changing your name or address Compile and update the Register of Electors for the purposes of voting and other legitimate reasons
• Notify you of changes to our service
• Encourage you or occupants of your household to register to vote
• Fulfil our legal obligations to maintain a complete and accurate register of electors
• Manage employment, training and payroll for temporary election and canvassing staff

COVID-19/Coronavirus

Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. Under the Public Health (Control of Disease) Act 1984 and associated Regulations;  and the Coronavirus Act 2020 and associated Regulations  the Council has a legal duty to store, process and share personal information. The information will  be stored, processed and shared as part of the national, and local Coronavirus Test and Trace operations where necessary for investigations, as well as the testing and  tracing of individuals, groups or businesses; and to assist in the investigation into cases of Coronavirus; Coronavirus outbreaks and issues of non-compliance with the Acts and associated Regulations. The information will also be used; interrogated and mapped to inform the Councils actions and decision making processes. Any such storage, processing or sharing of information will be done in the public interest in order to promote health and wellbeing.

During the investigation of cases and/or outbreaks of Coronavirus, information which is gathered may be shared between departments within Derby City Council; with other Councils associated with an outbreak; other health services or with other government bodies associated with the control of the Coronavirus.  The Council has a duty to notify national Government bodies, such as Public Health England, and the relevant local authority where an individual resides (if different), where there are suspected Coronavirus cases. The Council will disclose the information under Article 9(2)(j) of the UK GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential information may be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the individual’s and the public interest in maintaining the confidentiality of such data.

The Council may contact staff, service users, residents, patients, businesses and premises with messages relating to Coronavirus by text, phone, letter or e-mail. This contact is not direct marketing; therefore we do not need your Consent before contacting you. There is more information available on the Information Commissioners Office's website.

We may use contact details held in Council systems to ensure that we are able to contact you, and to ensure that we are working from accurate and up to date information. Such information will be accessed and processed where it is necessary to comply with our legal obligations and public tasks arising from the Coronavirus Act 2020, the Health Protection (Notification) Regulations 2010 and the Public Health (Control of Disease) Act 1984, the Care Act 2014 and associated Regulations.

Research and statistics

Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.

Who has access to your information?

We may share your information with the following third parties for the reasons detailed;

• The Government Digital Service to verify your details prior to us accepting a registration application, and to contact you regarding your registration.
• Contracted print companies to print Registration forms, Poll Cards and Postal Packs
• Civica UK Ltd and Civica Election Services Ltd who provide software and services to us
• Registered political parties, elected representatives, candidates and agents and other permitted participants who can use the information for Electoral purposes only
• Details of whether you have voted (but not how you have voted) to those who are entitled to it by law after an election
• Internally with other departments and, Derby Homes
• Credit Reference Agencies, the British Library, UK Statistics authority, The Electoral Commission and other statutory recipients of the Electoral Register
• Statutory agencies, such as the Police or the National Fraud Authority for the purposes of crime prevention. We may share your information with statutory agencies in line with our legal obligations and/or in completion of our public tasks.
• Those requesting to view the electoral register by appointment for a particular property or location in the city
• The lawful basis for collecting or sharing the information outlined above is that it is necessary for the performance of a task carried out in the public interest and exercise of official authority as vested in the Electoral Registration Officer and Returning Officer as set out in the Representation of the People Act (1983) and associated regulations.
• Where you have opted out of the Open Register, we will not sell or rent your information to third parties. We will not share information contained in the Closed Register with third parties for marketing purposes.

What are your rights in relation the personal data we process?

• Access – you can request copies of any of your personal information that is held by the Council.
• Rectification – you can ask us to correct any incorrect information.
• Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
• Portability – you can ask us to transfer your personal data to different services or to you.
• Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
• Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.

How long will we keep your information for?

We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.

What security precautions are in place to protect the loss, misuse or alteration of your information?

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.

Keeping your data up to date

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.

Under 13

If you are accessing online services and are under the age of 13‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.

Cookies

Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.

IP addresses

Internet Protocol (IP) addresses are collected when our site is used:

• for statistical/analytical purposes
• to identify any malicious activity

Complaints

If you would like to make a complaint regarding the use of your personal data you can contact our Data Protection Officer;

• By post: Information Governance, The Council House, Corporation Street, Derby, DE1 2FS
• By phone: 01332 640763
• By email: data.protection@derby.gov.uk

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

• By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email casework@ico.org.uk.