Privacy Policy

Winsham Parish Council Privacy Policy

Last Updated: [Insert Date, e.g., December 2025]

1. Introduction

Winsham Parish Council is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. As a Local Authority and Data Controller, we collect, hold, and process information, including personal data, about residents, staff, and people we provide services to.

This policy explains how we collect, use, and protect your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

  • Data Controller: Winsham Parish Council
  • Contact Address: Jubilee Hall, Church Street, Winsham, Chard, TA20 4HU
  • Email: winshampc@hotmail.com

3. The Data We Collect

We may collect the following personal data:

  • Contact Information: Names, addresses, telephone numbers, and email addresses (e.g., when you email the Clerk or use the “Contact Us” form).
  • Correspondence: Records of your enquiries and our responses.
  • Employment Data: Information regarding current, former, and prospective staff or councillors.
  • Website Data: Technical data such as IP addresses and browser types collected via cookies (see “Cookies” section below).

4. Why We Collect Your Data

We process your personal data for specific purposes under the following lawful bases:

  1. Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Council (e.g., responding to parish queries, managing cemetery records, or planning applications).
  2. Legal Obligation: We are required by law to process certain data (e.g., for employment/HMRC purposes or retaining minutes of meetings).
  3. Contract: Processing is necessary for a contract we have with you (e.g., hall hire agreements or employment contracts).
  4. Consent: In specific circumstances, we may ask for your explicit consent to process data (e.g., to send you a newsletter). You have the right to withdraw this consent at any time.

5. How We Store and Share Your Data

  • Security: We have implemented technical and organisational measures to protect your data from loss, misuse, or unauthorised access.
  • Sharing: We do not sell your personal data. We may share your data with third parties only where necessary, such as:
    • Somerset Council: For planning or highways issues where you have requested us to intervene.
    • Contractors: To carry out specific tasks (e.g., cemetery maintenance), provided they comply with GDPR.
    • Legal Bodies: If required by law (e.g., HMRC or the Police).
  • Retention: We will keep your data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law (e.g., financial records are typically kept for 6 years).

6. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • The right to access: You can request a copy of the personal data we hold about you.
  • The right to rectification: You can ask us to correct data if it is inaccurate or incomplete.
  • The right to erasure: You can ask us to delete your data in certain circumstances (the “right to be forgotten”).
  • The right to restrict processing: You can ask us to limit how we use your data.
  • The right to object: You can object to the processing of your data in certain circumstances.

To exercise any of these rights, please contact the Parish Clerk using the details provided in Section 2.

7. Legal Framework and Compliance

This privacy policy is governed by the laws of England and Wales. It has been drafted to ensure Winsham Parish Council complies with the following key legislation:

  • The Data Protection Act 2018 (DPA 2018): This is the UK’s implementation of the General Data Protection Regulation (GDPR). It controls how your personal information is used by organisations, businesses and the government.
  • The UK General Data Protection Regulation (UK GDPR): This is the retained EU law version of the GDPR which sits alongside the DPA 2018.
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR): This legislation sits alongside the Data Protection Act and gives people specific privacy rights in relation to electronic communications, specifically regarding cookies and marketing emails.
  • The Freedom of Information Act 2000: While distinct from personal data privacy, this Act provides public access to information held by public authorities.

As a public authority, Winsham Parish Council is registered as a Data Controller with the Information Commissioner’s Office (ICO).

8. Cookies

Our website (www.winshamparishcouncil.org.uk) uses “cookies” to ensure the site functions correctly and to help us understand how it is used.

  • Essential Cookies: Necessary for the site to work (e.g., for security).
  • Analytics Cookies: Help us see which pages are popular (anonymised data).
  • Control: You can choose to accept or decline cookies via your browser settings or the cookie banner on our site.

9. Complaints

If you are unhappy with how we have handled your personal data, please contact the Parish Clerk in the first instance.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.