Data Protection Rights
Every individual has a number of rights in relation to their own Personal Data and their privacy.
This page has been designed to inform you about those rights and how you can exercise them at Selby District Council.
Right of Access (Subject Access Request)
Data Subjects (that is the individual who the data is about) have a very strong right of access to their own personal data held by an organisation. This could be information held in electronic form (i.e emails or database entries) or it could be paper files that we hold (i.e paper records or archived files).
What am I entitled to?
When I am the Data Subject
Data Subjects are only entitled to their own personal data. If data about other individuals are included within your files then it is likely that this information will be withheld.
When I am acting on behalf of the Data Subject
If you are acting on behalf of a Data Subject (i.e parent, legal guardian, or solicitor) then you may still have a right of access to information about the data subject. The council would require the following to be able to disclose records to you:
- Child Under 12 (or child lacking mental capacity) Demonstrable evidence that you have Parental responsibility for that child.
- Child Over 12. Your child may be asked to consent to disclose data to you in certain circumstances.
- Adult (who lacks mental capacity). Official paperwork listing you as legal guardian of the data subject.
- Solicitor or Agent (acting on behalf of an individual). A form of authority addressed specifically to the Council and signed by the data subject or their legal representative. In some circumstances we may also request explicit consent from the data subject.
Accessing the Records of Deceased Persons
A common law of confidentiality restricts the Council from disclosing a deceased person’s records to any individual other than the personal representative of the deceased’s estate. That is an individual who has a grant of probate (if the deceased left a will) or letter of administration (if the deceased did not leave a will – otherwise known as intestate).
If you are the personal representative for the deceased’s estate and affairs the Council will request the legal documentation, from you, which validates this and will therefore be able to consider disclosing the requested records.
Are you allowed to withhold information?
Yes – In some circumstances the Council is allowed to withhold information. This could be, but not limited to, if disclosure could prejudice a criminal investigation, if disclosure could cause mental or physical harm to any individual, or if information originates from the Court. These are known as exemptions.
Exemptions are not applied to information very often but when they are the Council may not need to inform you of such an application.
Right to Erasure, Right to Rectification, and Right to Restriction
All individuals have a right to request that an organisation deletes, corrects or limits part or all of the personal information that it holds about them.
Where the Council is processing your personal data based on a legal power or an official authority it will only comply with one of these requests if:
- It is certain that the personal data it holds about you is incorrect or,
- It no longer requires your personal data for the purpose that it was collected.
In most cases we will upload your complaint to any information we hold about you so that we have a record of your request.
Please be aware that decisions in regards to these requests are made on a case-by-case basis and take in to account any relevant information required to decide if complying with such a request is suitable.
Right to Objection (Right to object to Automated Decision Making)
When the Council has used any ‘Automated Decision Making’ software (that is if a computer has made a decision about you without human involvement) then you have a right to ask for a human being to review the decision instead.
We will always tell you when we do use automated decision making and provide you with details about how you are able to appeal.
How do I make a Data Protection Request?
The easiest and most straight forward way to make a Data Protection request is through the application form below.
Alternatively you may wish to contact us via. email or post.
You will also need to validate your identity (so that we can be certain that only you have access to your personal data). You can do this either by attending Council offices in person or by providing us with copies of your ID. Please see the ‘Accepted Documents List’ below which will assist you in deciding what ID is accepted by the Council.
All Data Protection Requests should be directed to firstname.lastname@example.org
What Happens Next?
Once the Council has validated your identify and is certain of your request then it will acknowledge this with you as soon as possible.
The Council then has up to 30 Calendar Days to respond to your request.
Please be aware that in some circumstances the Council may apply a discretionary extension of a further 60 Calendar Days if it believes your request is complex or very large. The Council will write to you and let you know if this is the case.
Right to Complain
If you are unhappy with the way in which your data has been handled or the way in which a data protection request has been answered then you may complain to the Council’s Data Protection Officer.
You can contact the Data Protection Officer during usual office hours at the following:
Information Governance Office
01609 532 526
If you remain dissatisfied with the response from the Council’s Data Protection Officer, or if you would rather complain straight to a regulator, then you may make a complaint to the Information Commissioner’s Office (ICO) who regulate Data Protection and Information Governance matters in the UK.
You can contact the ICO by contacting:
First Contact Team
Information Commissioner’s Office
To find out more information about your Data Protection Rights then please visit the website of the ICO.