Privacy Policy for Tewkesbury Borough Council Online Services
1. Introduction
At Tewkesbury Borough Council, accessible at tewkesburybc.com, we are steadfast in our commitment to safeguarding your personal data and ensuring your privacy is respected in accordance with applicable data protection legislation including the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA), where applicable. This Privacy Policy outlines how we collect, use, disclose, and manage your data, as well as your rights and choices regarding your personal information.
2. Scope of This Policy and Data Controller Role
This policy applies to all users and visitors who interact with our website and online services available via tewkesburybc.com. For the purposes of data protection legislation, Tewkesbury Borough Council serves as the Data Controller. Our role as Data Controller means we are responsible for determining the purposes and means of processing the personal data you provide to us or that we collect about you in the course of operating our online services.
3. Categories of Data We Process
We collect and process various categories of personal data depending on your use of our website and services:
– Usage Data:
Includes information about your browser type, IP address, geolocation, time zone, referral URLs, and interactions with our website, such as visit duration and navigation paths.
– Account Data:
Includes data you provide when creating an account or signing up for services on tewkesburybc.com, such as your full name, mailing address, email address, and telephone number.
– Profile Data:
Includes your preferences, service usage history, feedback, responses to surveys, and engagement behavior with our content and services.
– Communication Data:
Includes any communication you send to us, including email correspondence, customer support queries, call records, or contact form submissions.
– Technical Data:
Includes device identifiers, system configurations, screen resolution, browsing settings, and operating system details used to access our services.
– Transaction Data:
Includes information related to payments made to or from you in connection with council services, service subscriptions, invoice details, billing addresses, and delivery or fulfilment instructions.
– Preference Data:
Includes your indicated consent for marketing, notification preferences, and stated interests in services or products provided by the council.
4. Legal Bases for Processing
We rely on one or more of the following lawful bases for processing your personal data, as applicable:
– Consent: Where you have expressly given us permission to process your data for a specific purpose.
– Contractual Necessity: To enter into or perform a contract with you, such as providing services you have requested.
– Legal Obligation: To comply with legal or regulatory obligations.
– Legitimate Interests: Where necessary for our legitimate business interests provided such interests are not overridden by your data protection rights.
5. Your Rights
Under relevant data protection laws, you have the following rights:
– Right of Access: You have the right to request a copy of the data we hold about you.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
– Right to Erasure: You have the right to request the deletion of your data, subject to applicable legal exceptions.
– Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
– Right to Data Portability: You have the right to request that your data be transferred to you or another data controller in a commonly used, machine-readable format.
– Right to Object: You may object to our use of your personal data where we rely on legitimate interest or for direct marketing purposes.
To exercise any of these rights, contact us at: [email protected]
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:
– Data encryption during transmission and at rest
– Role-based access controls and authentication protocols
– Regular system updates and vulnerability scanning
– Data integrity checks and secure backup policies
– Staff training on privacy compliance and data handling best practices
7. International Data Transfers
Where your personal data is transferred outside the UK or European Economic Area (EEA), we ensure that such transfers are subject to appropriate safeguards. This may include the use of standard contractual clauses approved by the European Commission or the UK ICO, binding corporate rules, or other lawful transfer mechanisms.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory obligations, or to resolve disputes. Specific retention periods are as follows:
– Usage and Technical Data: Up to 12 months for analytics and monitoring.
– Account and Profile Data: Retained for the duration of the user relationship and up to 6 years thereafter, depending on service engagement.
– Transaction Data: Retained for a period required by financial and audit regulations (typically up to 7 years).
– Communication and Preference Data: Retained for up to 2 years unless user requests earlier deletion.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience and collect analytics data. The types of cookies used include:
– Essential Cookies: Necessary for core functionality such as session management and authentication.
– Functional Cookies: Enable enhanced features such as user preferences or localized content.
– Analytics Cookies: Collect aggregate data on user interactions, helping us improve website performance and usability.
– Performance Cookies: Track technical performance, page loading times, and responsiveness.
10. Cookie Management and Compliance
When you first visit tewkesburybc.com, you are presented with cookie consent options compliant with GDPR and CCPA. You may manage or withdraw consent through our cookie settings page at any time. Browser-level controls also allow you to block or delete cookies. Disabling some types of cookies may impact website functionality.
11. Children’s Privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect personal data from individuals in this age group. If we become aware that data has been collected from a child under 13 without verified parental consent, we will take appropriate steps to delete such information.
12. Policy Updates
We reserve the right to update this Privacy Policy at any time to reflect legal or operational changes. Where substantive changes are made, users will be notified through a banner notification on our website or by email when appropriate. Continued use of the site after changes come into effect constitutes acceptance of the updated policy.
13. Contact
If you have any questions, comments, or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer at:
Email: [email protected]
We are committed to maintaining adherence to all relevant privacy regulations and to fostering transparency in how we manage and process your data. Please reach out to us at the above address for any privacy-related inquiries, complaints, or requests.