Privacy Notices - Digital employee communication Privacy Notice
- Introduction
-
You need to be aware of this Privacy Notice if you are signing up to receive digital employee communications from the Council and its service areas to an email address other than a Swindon.gov.uk address.
Please note that this will not affect where your payslip is sent. Any changes to this must be made through ESS.
- What is a Privacy Notice?
-
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
-
Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
To find out more about Swindon Borough Council’s data protection policies please contact our Data Protection Officer. dataprotection@swindon.gov.uk or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire, SN1 2JH.
- Your personal data – what is it?
-
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
- What personal data do we collect?
-
Swindon Borough Council collects data about you and when you sign up to receive digital employee communications this includes:
- your email address
- your explicit consent to receive digital employee communications
- your name
- your job title
Your name and job title are collected for verification processes only.
Data reports are automatically generated by our mailing provider Mailerlite and information such as your location, browser data, device type and link clicks are also stored for reporting and evaluation purposes.
- How do we process your personal data?
-
Swindon Borough Council complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Your name and job title will only be used to verify that you are an employee of Swindon Borough Council.
- Why do we need your personal information?
-
We may need to use some information about you:
- To deliver digital employee communications
- To verify that you’re an employee of Swindon Borough Council
- To register you for employee events
- To help with research and development of employee communication channels
- How the law allows us to use your information?
-
The law requires that we collect and record your explicit consent before providing you with our email communications, but you have the right to remove your consent at any time.
If you want to remove your consent, either use the unsubscribe option provided on any emailed newsletter from us, or contact communications@swindon.gov.uk and tell us which service you are using and wish to unsubscribe from, so we can deal with your request promptly.
- Who do we share your information with?
-
Our newsletter service provider is ‘Mailerlite’, who provide email marketing and automation software as a service. They process your Personal Data as a Processor on behalf of Swindon Borough Council.
- How do we protect your information?
-
We will do what we can to make sure we hold records about you (electronically) in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password)
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Mailerlite’s secure data storage centre is situated within the European Economic Area (EEA) and has information storage security certification to ISO 27001 as well as a certificate of IT service management to ISO 20000
- How long do we keep your personal information?
-
Mailerlite will keep a record of your personal data for six months after last use. If you unsubscribe and remove your consent, your data will be deleted.
- What you can do with your information?
-
Under the Data Protection Act 2018 and the EU General Data Protection Regulations you have the following rights:
- The right of access to you own personal data
- The right to request rectification or deletion of your personal data
- The right to object to the processing of your personal data
- The right to request a copy of the information you provide us in machine-readable format
- The right to withdraw your consent to any processing that is solely reliant upon your consent
Should you wish to exercise any of your rights, you should contact our Data Protection Officer at DataProtection@swindon.gov.uk
- Your right to complain
-
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office at www.ICO.org.uk. You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AFEmail: casework@ico.org.uk
This website also contains information on data protection and your rights and remedies.
- What if you do not provide personal data?
-
You are under no statutory obligation to provide personal data to Swindon Borough Council during the employee communication sign-up process; however, your email address is mandatory to receive the service. If you decline to provide it, we will not be able to provide this service to you.
- How will we ensure compliance?
-
A six-monthly audit will take place on personal data to ensure that we remain legally compliant in accordance with current data protection legislation.
- Main privacy notice
-
You are viewing the Privacy Notice for Digital employee communication.
Read the main Privacy Notice