These pages describe how Glasgow City Council and its associated Arms' Length External Organisations will process personal information under the new data protection laws that came into force on 25 May 2018.
This page was last updated on 23 November 2018.
If you cannot find the Privacy Statement you are looking for please email firstname.lastname@example.org.
Glasgow City Council is a local authority established under the Local Government etc. (Scotland) Act 1994. Our head office is located at City Chambers, George Square, Glasgow G2 1DU, United Kingdom, and you can contact our Data Protection Officer by post at this address or by email at: email@example.com, and by telephone on 0141 287 1055. Glasgow City Council is registered with the Information Commissioner's Office under registration number Z4871657.
We have also established a number of Arms Length External Organisations - called ALEOs. Most of these ALEOs carry out functions on behalf of the council which were previously carried out in-house by our departments. Most ALEOs are wholly-owned by us; a small number are owned jointly with other public bodies, and some of them have charitable status. A number of our ALEOs are comprised of more than one legal entity such as trading subsidiaries. You can find a full list of all our current ALEOs on our website at www.glasgow.gov.uk/aleos. The council and our ALEOs are collectively referred to in this privacy statement as 'the council family'.
The council's Data Protection Officer is also the Data Protection Officer for each of our ALEOs.
We need you to give us your personal information in order to allow us to provide services to you as the local authority for the city of Glasgow, This can be either directly or through the activities of our ALEOs. We also use your information to verify your identity where required, contact you by post, email or telephone and to maintain our records.
For a number of areas of activity, we also receive information from third parties. In the main this is from other public authorities, such as the police and court service, HM Revenues and Customs and the Department for Work and Pensions. However, it could also be from other local authorities and from members of the public. Details of how this information is passed between us all is given in the specific privacy statements relating to functions where we routinely receive personal information from third parties.
Where possible, new IT systems and the development of existing IT systems will make use of system generated or anonymised data in test environments. However, there may be circumstances in which test environments, their users and their developers appointed by Glasgow City Council, such as CGI, may be required to utilise your personal data in a test environment. In such circumstances, Glasgow City Council require that development and test activity comply with data protection legislation, taking reasonable steps to protect your personal data.
We provide these services to you as part of our statutory function as your local authority. You can find more details of our role and the many statutory functions we are responsible for by clicking on www.glasgow.gov.uk/statutoryduties .
The precise legal basis for us using your personal information will vary depending on which service we are providing to you. However, in most cases this will be because it is necessary for us to use your personal information to perform a task carried out in the public interest by us. If we are using your personal information on a different basis to this, this will be explained in the specific privacy statements relating to those functions.
If we are using your information because:
then if you do not provide us with the information we have asked for, we will not be able to provide that service to you.
For some activities, we also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018. It is necessary for us to process this more sensitive information for a number of reasons, these include:
We are legally obliged to safeguard public funds so we are required to verify and check your details internally and across the council family to prevent fraud - and we may share this information with other public bodies for the same purpose.
We are also legally obliged to share certain data with other public bodies, such as HMRC and will do so where the law requires this. In general, we will also comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and appropriate.
www.glasgow.gov.uk/infouseprivacypolicy. It also forms part of our requirements in line with our Records Management Plan approved in terms of the Public Records (Scotland) Act 2011 - which can be viewed at http://www.glasgow.gov.uk/rmp.
We will not sell your personal data to any third parties.
In order to provide services to you, we may need to appoint other organisations to carry out some activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, mailing houses and contractors or consultants providing services to the council family (or directly to service users) where we need to provide them with personal information to allow them to provide these services. We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which the council and our ALEOs could not do themselves.
Information is also shared across the council family.
Almost all council data is held within the UK. Any overseas data transfers require additional internal approvals and we only send data overseas where we have been able to put in place measures to make sure that your personal information is as safe and respected in the overseas country, or countries in question, as it is in the UK. If we need to transfer your personal information overseas in relation to a particular activity, this will be explained in the specific privacy statements relating to that function along with a description of the protective measures we have put in place to keep it secure.
We only keep your personal information for the minimum amount of time necessary. Sometimes this time period is set out in the law, but in most cases it is based on our business need. We maintain a records retention and disposal schedule which sets out how long we hold different types of information for. You can view this on our website at http://www.glasgow.gov.uk/rrds or you can request a hard copy from the contact address stated above.
access to your information - you have the right to request a copy of the personal information that we hold about you.
correcting your information - we want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards.
deleting your information - you have the right to ask us to delete personal information about you where:
Objecting to how we may use your information - you have the right at any time to tell us to stop using your personal information for direct marketing purposes.
Restricting how we may use your information - in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. This right might also apply if we no longer have a basis for using your personal information - but you don't want us to delete the data. Where this right is realistically applied will mean that we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent to use your information - Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us as stated above if you wish to carry out any of these rights.
Most of the personal information we hold relates to people we are providing services to. However, we also hold information about other people as well, where this is necessary for us to carry out particular functions.
In some cases we will contact these other people directly to inform them:
However, in many cases this is impractical.
The details of what we do with this sort of information and why we hold it is provided in the specific privacy statements relating to functions where we routinely hold information about people who are not our service users.
We make some use of automated decision-making processes but very little use of profiling. Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated decision-making.
We aim to directly resolve all complaints about how we handle personal information. If your complaint is about how we have handled your personal information, you can contact the Council's Data Protection Officer by email at firstname.lastname@example.org or by telephone on 0141 287 1055.
However, you also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office, who can be contacted by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. By phone on 0303 123 1113 (local rate) or 01625 545 745. Visit their website for more information at- https://ico.org.uk/concerns.
If your complaint is not about a data protection matter you can find details on how to make a complaint on our website at www.glasgow.gov.uk/complaints.
For more details on how we process your personal information please click on any of the links below.