The Spotlight is committed to keeping your personal data secure and we respect your right to privacy.
This privacy notice explains what personal data we collect from you, the purpose for which it is used, with whom it is shared and how long it is kept.
Personal data relates to a living individual who can be identified from that data. This can include information that can identify a person when it is put together with other information.
Some of your personal data fits into what are called ‘special categories of personal data’ because it is information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your racial/ethnic origin, political opinion, religious/philosophical beliefs, sexual orientation and information regarding your physical or mental health.
The type of personal data we collect depends on the Spotlight service(s) you are using, but it may include your:
We may need your personal data in order to:
Our legal basis for holding and using your personal data will depend on the service we are providing to you. Generally, we collect and use personal data where:
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be necessary to share it with other organisations. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
Sometimes we are bound by law to share data with other organisations, such as Government departments. We may also share your personal data when we feel there is a good reason, such as in relation to the prevention of fraud or detection of a crime.
We take measures to make sure the personal data is secure, whether it’s held on paper or electronically.
Examples of our security include:
We only keep your personal data for as long as is necessary for the purpose for which it was taken, unless we have a legitimate reason for keeping it (e.g. adhering to a legal requirement to keep the data for a set time period). However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
Data protection legislation gives you the right to request a copy of the information we hold about you. This is called a Subject Access Request (SAR).
To submit a subject Access Request please email firstname.lastname@example.org. This request must be in writing and clearly specify what information you require.
If you believe the data we hold about you is incorrect, you have the right to request that it is corrected.
If your data is no longer needed for the purpose it was collected, in certain circumstances you have the right to request that this information is deleted (the right to erasure). However, there will be occasions when the Council has a legal duty to retain your data despite your request. We will advise you if this is the case.
You have the right to ask for your personal data to be given back to you or another provider of your choice in a commonly used format. This is called data portability. However, this only applies if we’re using your personal data with consent (i.e. not if we are required by law to use it) and if the decision was made by a computer (automated). It’s likely that data portability won’t apply to most of the services you receive from the Council.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information (e.g. health conditions).
You can request for a restriction to be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data.
You have the right to object to or ask us to stop the processing of your personal data in certain circumstances. However, if this request is approved this may cause delays or prevent us delivering services to you. Where possible, we’ll seek to comply with your request, but we may need to hold or use information because we are required to do so by law.
If you have any concerns, questions, comments or would like further information about data protection, please email the Council’s Data Protection Officer at email@example.com or write to:
Data Protection Officer
For more information on data protection or to lodge a complaint about the way we’ve used your personal data, contact the Information Commissioner’s Office via its website at http://www.ico.org.uk or write to:
Information Commissioner’s Office