What this policy covers
Our collection, use and disclosure of your personal information is regulated by the United Kingdom’s General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018.
What personal information we collect:
We collect information from you when you register to use this site. This includes:
- Login name and password (required).
- Postcode (required).
- Email (required).
- Additional demographic information as provided by you on the registration form (optional).
Please note that you are able to browse any publicly accessible sections of this website completely anonymously without signing up.
Special Categories of Data
If you are providing us with optional special category personal information (such as details about your health), we will be processing this under Article. 9(2) and Article 10:
- Equalities Information including gender, age, disability and ethnic monitoring
Processing of Special Category Data is carried out specifically under the following:
Article 9(2) (a) – the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.
The content you create as part of your interactions with this website. These can include responses to surveys, comments on discussion forums, or any of the other engagement opportunities available here.
How we use the information we collect
We collect this information in order to:
- Analyse and interpret it to help meet our objectives and obligations;
- Communicate information to you about engagement opportunities (both statutory and non statutory);
- Conduct surveys and gather evidence to inform policy and outcomes;
- Inform preparation of the Joint Strategic Plan and any associated supplementary guidance; and
- Help inform the districts and borough councils with SW Herts to prepare their related Local Plans and associated supplementary guidance.
Who we share your information with
The South West Herts Joint Strategic Plan will share information with;
- Partner authorities;
- Other local authorities;
- Planning Inspectorate; and
- Service providers (e.g. NHS) – anonymously
- Elected Members and MP’s (as your representative)
- Herts LEP, Herts County Council
- Herts Growth Board
How long will we keep this information?
To determine how long we should keep information, we consider what the legislation states and what is good practice. This means we will securely destroy the information once we no longer need it. This would normally be up to 2 years after adoption of the Joint Strategic Plan. If you would like to know the specific period of time that relates to your personal information, please contact SWHJSP@dacorum.gov.uk
Security and Location of Data
We will ensure that all personal information is kept securely on servers hosted in the United Kingdom.
Access to all our user information is restricted. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible or liable for the privacy practices of linked websites and we suggest you review the privacy policies of those websites before using them.
While no online service is completely secure, we strive to ensure we protect your Personal Information against unauthorised access, use, alteration, or destruction, and take all reasonable measures to do so.
- Maintenance of ISO 27001 compliance since 2018 – a global standard for information security management.
- Applications are continually monitored and tested for security weaknesses, using both automated and manual processes.
- Operating systems and database are continually monitored and patched with the latest security fixes.
- Independent Vulnerability Assessment and Penetration Testing (VAPT) carried out once a quarter.
- Network secured through Amazon Web Services (AWS), which provides significant protection against security attacks.
Subject to applicable local laws and regulations, you may have some or all of the following rights with respect to your personal data:
- to access your personal data (submit a ‘Subject Access Request’);
- to rectify any inaccuracies within that personal data;
- to request for the erasure of your personal data residing with us;
- to request your personal data in portable, machine-readable format; and
- to withdraw your consent to our processing of their personal data.
If you wish to contact us to with a request relating to personal information we hold about you, please contact us at SWHJSP@dacorum.gov.uk including your name and contact details. We may need to verify your identity before providing you with your personal information.
In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a calendar month.
Management of policy
Notification of changes
Data Protection Officer
Our Data Protection Officer for the purposes of Articles 37 to 39 of the General Data Protection Regulation is the Information Security Team Leader (Legal Governance). You can contact them via firstname.lastname@example.org
Version 1 - This Policy was last updated on 1st August 2022