Community engagement privacy notice
Community engagement privacy notice
PRD undertakes community engagement activities and events to support and inform wider projects and ensure local people have a voice in the future of the places they live and work.
This notice, in conjunction with PRD’s overarching privacy statement, explains how our community engagement team collects personal information, what they use your data for, who has access, who we share it with, and what your rights are.
What is the lawful basis for processing the information?
The lawful basis for processing your information is by the consent you have given to use information to facilitate participation in community engagement. Examples include registering for an event, completing a survey or joining a mailing list.
How do we collect information from you?
Information is collected from you, as the service user, via a range of platforms including questionnaires, registration forms and mailing lists. You will always be asked if you consent to provide your information. Providing personal information is not a prerequisite for participating in engagement activities.
This information will be collected from you directly as the data subject.
What type of information is collected from you?
To support community engagement, we collect and process a range of information about you. Examples of the data we will ask you for include surname, forename, title, age, address, postcode, e-mail, and phone number. This enables us to:
- Invite you to participate in community engagement events and activities
- Thank you for your participation
- Feedback to you on the outcomes of projects you have participated in
- Understand who is participating in engagement.
Whenever we ask for personal data about you, we will ask for your consent to store and use that data.
How do we use the information you have provided?
All information provided is used by PRD in the context of designing and delivering community engagement for the purposes of enabling your participation. This includes:
- Inviting you to participate in engagement events and activities
- Statistical analysis and service planning
- Responding to enquiries and other matters
- Providing you with updates about projects, where you have requested to be kept informed
Who has access to the information about you?
Your information is managed by staff employed in PRD’s Community Engagement Team. With your consent, your information may also be shared with our client, for the example the local authority we are working with.
All personal data is stored securely; we have in place security which is intended to ensure, as far as possible, the security and integrity of all personally identifiable information.
Your data is stored securely on our systems and accessed only by authorised staff using their own username and password all created in-line with pre-defined user credentials. Personal data is also held in electronic files on the PRD network drives. These are only accessible through personal logon credentials and access privileges to specific folders.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, and any exchanges of information carried out once we are in receipt of your data will be done securely.
In the event of breach, or suspected breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.
Any personal data provided in paper format, for example hard copy questionnaires, is stored securely in a locked cabinet. Once it has been transferred to a digital format the paper copy is shredded. The digital format version is secured stored as outlined above.
Who may we share your information with?
With your consent your data may be shared with our client – for example the local authority responsible for the project. Examples of when this may happen include handing over mailing lists at the conclusion of our work on a project to enable them to continue to update you.
Your rights to access your personal data
You have the right to ensure that your personal data is being processed lawfully (“Subject Access Right”). Your subject access right can be exercised in accordance with data protection laws and regulations. Any subject access request must be made in writing to email@example.com.
We will provide your personal data to you within the statutory time frames. To enable us to trace any of your personal data that we may be holding, we may need to request further information from you.
If you have a complaint about how we have used your information, you have the right to complain to the Information Commissioner’s Office (ICO).
Removal of personal information
Under Article 17 of the UK GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. You can request the removal of your personal data from our systems by writing to firstname.lastname@example.org. To enable us to trace any of your personal data that we may be holding, we may need to request further information from you.
Any correspondence to you, for example contact via a mailing list, will include a reminder that you can remove your data should you so wish.
How long do we store your information?
The duration that PRD will hold information will be dependent on the length of the project. All personal data will be deleted within two months of a project being completed.