Privacy policy

The council and your personal information

Folkestone and Hythe District Council (the council) needs to hold and use information about its residents in order to provide services to individuals and the public.

Your privacy is important to the council and we aim for full transparency on how we gather, use, and share your personal information.

In processing your data, the council will remain in full compliance with both the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

If you have any concerns about how the council is handling your personal data, these can be raised with the council's Data Protection Officer at:

Folkestone and Hythe District Council,
Civic Centre,
Castle Hill Ave,
Folkestone,
Kent
CT20 2QY

Email: data.protection@folkestone-hythe.gov.uk

The council keeps its privacy notice under regular review and it will place any updated version on this page. This will help ensure that you are always aware of what information the council collects and how it is used.

Personal information  

Personal information can be anything that directly or indirectly identifies a living person.

This can include information that when put together with other information can then identify a person.

For example, your name and contact details, or an account number that could be used to look up your personal information in a database, all count as personal data.

Special category and criminal offence personal data

Some of your personal data is considered to be "special category information". This information is considered especially sensitive and is subject to additional protections. Special category information is likely to include anything that can reveal your:
  • sexuality and sexual health
  • religious or philosophical beliefs
  • ethnicity
  • physical or mental health
  • trade union membership
  • political opinion
  • genetic/biometric data
  • criminal history

Additionally, criminal offence data relates to any data that would reveal information about criminal allegations, criminal offences or related security measures.

In order to provide additional information about how the council processes and protects special category and criminal offence information, please see our "appropriate policy document"

Why does the council need your personal information?  

The council may need to use some information about you to: 

  • deliver public services either to you or the public generally
  • collect council tax, business rates and pay benefits
  • prevent and detect crime and disorder including fraud and corruption in the use of public funds
  • allow us to undertake statutory functions efficiently and effectively
  • make sure we meet our statutory obligations including those related to diversity and equalities.

We sometimes needs information about people other than the person who has applied for a benefit or service to work out what that person is entitled to. For example, where a person makes a claim for Housing Benefit, we need information about other people who live in the same household to work out how much the person will be entitled to.

More specific privacy information may be provided by departments or services whenever you submit your personal data to them.

How the law allows the council to use your personal information

Data Protection law provides a number of reasons that justify processing your personal data - this is known as the "lawful basis" for processing.

Generally the council collects and uses personal information where: 

  • you, or your legal representative, have given consent for us to do so
  • you have entered into a contract with us
  • you have requested a service from us
  • we need to communicate with you and provide services and benefits appropriate to your needs
  • to ensure that we meet our legal obligations
  • to support law enforcement functions, including for the prevention and detect fraud or crime
  • to process financial transactions including grants, payments and benefits
  • when it is required for employment purposes
  • when it is necessary to protect individuals from harm or injury
  • when there is a requirement to carry out the statistical analysis of data so we can plan the provision of services

When the council needs to process your personal data, it will always document the "lawful basis" it is relying upon to do so.

If the council has asked for your consent to use your personal information, you have the right to remove it at any time.

If you want to remove your consent, please contact the Data Protection Officer and identify which service you are using so the council can deal with your request.

Use of personal data

The council only collects and uses personal information if it needs the information to deliver a service or meet a requirement. If the council does not need personal information or the data is already held, you will not be asked to provide it. 

The council does not sell your personal information to anyone else. Despite this, you should note that the Electoral Registration Officer of the council is legally required to provide copies of the open version of the electoral register on request.  

You can opt out of the open register at any time and choose to be recorded on the private (or "edited") register. If you have opted out of the open version your details will not appear on it.  

More information about this can be found on the Elections privacy notice (PDF, 95KB)

Your rights

The law gives you a number of rights to control what personal information is used by the council.  

1.  You have the right to ask for the information the council has about you

Make a subject access request

2.  You can ask for information to be changed if you think it is inaccurate 

You should let the council know if you disagree with some of the information we hold about you or someone you are legally responsible for (e.g. a child or ward).

The council may noty always be able to change or remove that information, but it will correcty factual inaccuracies when appropriate and may include your comments in the record to show that you disagree with it.
 
If we are unable to comply with your request to amend the data, we will write to you to advise why.

3.  You can ask to for information to be erased 

In some circumstances you can ask for your personal information to be erased, for example:  

  • Where your personal information is no longer needed
  • Where you have removed your consent for the council to use your information (where there is no other legal reason for us to use it)
  • Where deleting the information is a legal requirement

In certain circumstances we may share your information with other agencies. Where your personal information has been shared with others, the council will do what it can to make sure those using your personal information comply with your request for erasure. 

Please note that the council cannot delete your information where:  

  • we're required to have it by law
  • it is used for freedom of expression 
  • it is used for public health purposes
  • it is for, scientific or historical research, or statistical purposes where it would make information unusable
  • it is necessary for legal claims 
  • there is compelling legitimate interest in retaining it

If we are unable to comply with your request to erase the data, we will write to you to advise why.

4.  You can ask the council to limit what it uses your personal data for

You have the right to ask us to restrict what we use your personal information for where

  • you have identified inaccurate information, and have told the council about it
  • where the council has no legal reason to use that information but you want the council to restrict what it uses the information for rather than erase the information altogether 

If the data have been disclosed to others, then the council will notify those recipients about the restrictions (unless this is impossible or involves disproportionate effort).

The council will notify you before lifting a restriction. If we are unable to comply with your request to restrict the data, we will write to you to advise why.

5.  You can ask to have your information moved to another provider (data portability)

You have the right to ask for your personal information to be given back to you (or another service provider of your choice) in a commonly used electronic format. This is called data portability.

This right only applies if the council is using your personal information with consent (not if we're required to by law) and if the processing decisions were made automatically by a computer and not a human officer. 

 It is unlikely that the right to data portability will apply to many or any of the services you receive from the council. 

6.  Right to object

You have right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling)
  • direct marketing (including profiling) and
  • processing for purposes of scientific / historical research and statistics.

The council must stop processing your personal data if you object unless:

  • it can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms of the individual or
  • the processing is for the establishment, exercise or defence of legal claims.

The council must stop processing personal data for direct marketing purposes as soon as it receives an objection.

If the council is conducting research where the processing of personal data is necessary for the performance of a public interest task, it is not required to comply with an objection to the processing.

You can make an objection by emailing: Data Protection Officer

7.  Rights related to automated decision making including profiling.

You can ask to have any computer-made decisions explained to you, and details of how the council may have 'risk profiled' you. 

You have the right to question decisions made about you by a computer, unless it is required for any contract you have entered into, required by law, or you have consented to it.  

You also have the right to object if you are being 'profiled'. Profiling is where decisions are made about you based on certain things in your personal information, for example, your health conditions.  

If and when the council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.  

If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer; who will be able to advise you about the council is using your information.  

Who does the council share your information with? 

We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in in place to make sure that the organisation complies with data protection law.  

If the processing of any personal data presents any degree of risk to your rights or freedoms, the council will complete a Data Protection Impact Assessment (DPIA) before it shares any personal information to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations, for example, for the detection and prevention of fraud and other crime.

The council may also share your personal information when we feel there's a good reason that's more important than protecting your privacy. The council may share your information: 

  • in order to find and stop crime and fraud
  • if there are serious risks to the public, the council's staff or to other professionals
  • to protect a child or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
  • if there is a significant public interest in sharing the information

For all of these reasons the risk must be serious before the council can override your right to privacy.  

'Top level' sharing agreements the council is a party to (those agreements that affect all of the Council's departments and staff) include:

We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary we are required to comply with all aspects of the UK Data Protection framework. For more information, please visit the ICO website. 
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.


Where necessary or required we share information with:

  • courts and tribunals
  • prisons
  • central government
  • credit reference agencies
  • customs and excise
  • data processors
  • debt collection and tracing agencies
  • relatives, guardians, associates or representatives of the person whose personal data we are processing
  • financial organisations
  • healthcare professionals
  • healthcare, social and welfare organisations
  • housing associations and landlords
  • law enforcement and prosecuting authorities
  • licensing authorities
  • local government
  • ombudsman and regulatory authorities
  • partner agencies and approved organisations
  • police complaints authority
  • police forces and non-home office police forces
  • professional advisers and consultants
  • professional bodies
  • regulatory bodies
  • service providers
  • voluntary and charitable organisations

We also have to send data and statistical collections to some Government departments by law. A list of these departments is available on GOV.UK.

If you believe your information may have been shared and a data breach has occurred as a result, you can report this.

Report a possible data breach

National Fraud Initiative (NFI)

We take part in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We must provide certain data to the Minister for the Cabinet Office. The law that says we must do this is Part 6 of the Local Audit and Accountability Act 2014. Further information on the NFI is available on GOV.UK.

Joined-up services within the council

We share your data between services within the council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. For example, if you tell the housing team you have moved, they will pass this information on to other parts of the council such as the council tax team. Staff can only see your data if they need it to do their job.

How does the council protect your information? 

The council has systems and process in place to make sure the records it holds about you (on paper and electronically) are done so in a secure way, and it will only make them available to those who have a right to see them.

Where is your information held?

The personal information held by the council is stored on systems in the UK. There are some occasions where your information may leave the UK, either in order to get to be transmitted to another organisation, or if it is stored in a system (such as a server) outside of the EU. Where this is the case additional safeguards as required by legislation will be put in place. 

How long does the Council keep your personal information?

The council maintains a retention schedule that lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records. Much of the council's work is governed by statutory requirements, and this also frequently governs the length of time data must be held for.

Where can I get advice?

If you have any worries or questions about how your personal information is handled please contact the Data Protection Officer

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) at: 

Information Commissioner's Office

Wycliffe House 
Water Lane 
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. 

Alternatively, visit ico.org.uk or email casework@ico.org.uk