Data Protection Statement – Our handling of personal information
Who are we?
We are Clackmannanshire Council and are a Scottish local authority constituted under the Local Government etc. (Scotland) Act 1994. Our main offices are at Kilncraigs, Greenside Street, Alloa FK10 1EB. We are a data controller processing personal information. We are registered with the Information Commissioner and our registration number is Z5777954.
Why do we have a data protection policy?
We want users of our services to feel confident about the privacy and security of their personal information. We are aware that the proper handling of this information is vital.
Our Data Protection Policy is therefore published on our website.
What is “personal information”?
When we talk about “personal information”, we are referring to “personal data” which is any information that identifies someone as a living, private individual or could do so if combined with any other information.
What information do we hold about people?
In order to provide services, we have and use a large amount of personal data about people. This information could be about current, past and prospective employees, suppliers, clients and service users/customers.
We may hold information such as someone’s name, address and date of birth, but we could have sensitive information such as information about his/her health, racial or ethnic origin, or any criminal offences that he/she may have committed. The type of information that we have will depend upon the reason why we need the information i.e. to provide a service to someone.
How do we get personal information?
In most cases, the information that we have will come from the person concerned, for instance when applying for a service from us. However, the information could come from the person’s legal representative, partner, relatives and other agencies such as the police, other Councils, the NHS or the HMRC. We will ensure that the individual concerned will be aware that we have received and are using their personal information unless there is a good reason not to do so as set down in data protection laws.
Why do we need someone’s information?
We will only use personal information where we need to do so in connection with the provision of services or other Council business for instance where necessary to do so in connection with
There may be cases where what we are offering are additional services intended to make a process easier for people but is not necessary for our functions, we will ask you for your consent to use your information in this way. In those cases, you will be entitled to withdraw your consent at any time.
Who could we give your personal information to?
From time to time, we will share someone’s personal information with other bodies. There may be times when we will share someone’s information without consent, for example, with the police, the NHS or other agencies. We will only share your personal information in compliance with data protection laws.
The National Fraud Initiative (NFI) is an exercise that matches electronic data within and between public and private sector bodies throughout the United Kingdom to prevent and detect fraud. Clackmannanshire Council, which participates in the NFI, is required by law to protect the public funds it administers. We may share certain information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. There is more information about the NFI on the Council's website
How do we handle someone’s personal information?
When we refer to “using” personal information this has the same meaning as “processing” in terms of data protection laws. This is where we collect, record, organise, structure, store, adapt or alter, retrieve, consult, use, disclose, disseminate or otherwise make available, restrict, erase or destroy any of your personal information.
Before we start to use your personal information that you have provided to us, generally, we will let you know that we are doing so and provide other information to you that will make things clear to you. If we receive your personal information from someone else, generally, we will let you know that we have received your information, what we are doing with it and the other information within one month of receiving your information. After then, we will let you know of any new uses of your personal information as soon as we can.
We will not inform you about the uses of your personal information and other relevant information if there is a good reason not to do so such as when to do so could result in harm to someone else.
How long will we keep your information?
We are aware that we must not keep personal information longer than is necessary for our purposes. Sometimes, law sets down these time limits. In that case, we must comply with those specified time limits.
We maintain Retention Schedules that set out the periods of time that we apply to keeping particular information. If you wish to get more information about the specific time limit for particular information, you can
What are your rights in relation to our use of your personal information?
In terms of data protection laws, you may have some or all of these following rights. The rights in italics only apply in certain circumstances or are restricted and so may not be fully available to you.
You have the right to ask us to:
When exercising any of the rights, you should try to be as specific as possible about the personal information concerned.
Our data protection promise
We know that if we do not comply with data protection laws, including protecting the information, we will lose the trust and confidence of the public and our partners.
Data protection laws set down rules that we must follow when collecting and using personal information. These rules are called the data protection principles.
To comply with these principles, we must take steps to ensure that all personal information is:
Who is responsible and for what?
The Council as a whole has a responsibility for compliance with data protection laws. However, it places specific responsibilities on:
Who is our Data Protection Officer and what are their responsibilities?
We have a Data Protection Officer (DPO) to
We will give the DPO independence to carry out these tasks and ensure that the DPO is able to carry out these tasks freely and impartially.
If you have any concerns or enquiries about the way that we use your personal information or wish to exercise any of your rights (see above) you can contact the DPO direct. The DPO’s details are as follows
The Data Protection Officer
Resources and Governance
Legal and Democratic Services
By email to: firstname.lastname@example.org
How do we ensure that what we are compliant with data protection laws?
In relation to the holding and use of personal information, we are aware that our responsibilities apply all of the time that we hold and use the personal information. We appreciate that we must have checks in place to make sure that we treat all personal information correctly.
We will keep in mind that your rights and freedoms go further than respect for your privacy. The appropriateness of all decisions or actions taken by us will be dependent upon the reliability (adequacy, accuracy, and relevancy) and accessibility of your personal information.
Before we start to use your personal information for
involving a high risk to your rights and freedoms as an individual, we will carry out a privacy impact assessment (where necessary) at the earliest possible stage in the planning process.
Further, we will carry out regular reviews of the ways that we collect and use personal information to make sure that we are still complying with data protection laws. We will do this by carrying out an assessment at regular periods determined by the sensitivity of the personal information involved.
When carrying out these assessments or dealing with any data protection matters, we will ensure that we involve the DPO, fully, at the earliest opportunity.
We will ensure that any contractors, who are providing services on our behalf, treat any personal information in the same way that we do.
How do people find out about changes to our data protection policy?
We may change our data protection policy from time to time. We will publish any new or amended policy on our website.
What if I want to complain about how the Council is handling my data?
In the first instance contact the Council’s DPO, details above. If you are still not satisfied, you can contact the Information Commissioner at
Resources & Governance
Kilncraigs, Greenside Street, Alloa, FK10 1EB
Tel: 01259 450000