Privacy Notice - Stalbridge Town Council

1. Who We Are

​Stalbridge Town Council (“we”, “us”, “our”) is a local public authority responsible for the administration and delivery of civic and community services within Stalbridge.
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller.

Contact Details:
​Email: [email protected]
Telephone: 01963 364276
Address: The Town Clerk, The Hub@Stalbridge, Station Road, Stalbridge, Dorset DT10 2RG
Website: https://www.stalbridgetowncouncil.gov.uk
ICO Registration Number: Z2113069​

2. Personal Data We Collect

We may collect and process the following categories of personal data where necessary and proportionate:

• Contact details (e.g. name, postal address, email address, telephone number)
• Correspondence and enquiries submitted to the Council
• Consultation responses, surveys, and engagement feedback
• Records of attendance or participation at Council meetings, events, or forums
• Images, audio, or video recordings (e.g. public events or CCTV where applicable)
• Website usage, analytics, and technical data

Where personal data is obtained indirectly (for example from other public authorities, third-party providers, or publicly available sources), we ensure transparency in line with our statutory obligations.

3. How and Why We Use Your Personal Data

​We only process personal data where it is necessary to do so, including to:

• Deliver our statutory functions and public services
• Maintain public records and respond to enquiries or correspondence
• Carry out consultations and democratic engagement
• Comply with legal and regulatory obligations
• Protect public health, safety, or welfare
• Prevent or detect fraud or misuse of public resources
• Communicate Council decisions, notices, and updates
• Administer community facilities, allotments, grant schemes, and local projects
• Manage volunteers, contractors, and community representatives
• Process payments, financial transactions, and supplier records
• Administer planning, licensing, and regulatory consultations (where applicable)

Where appropriate, we may use anonymised or pseudonymised data for reporting, research, or statistical purposes, ensuring individuals cannot be identified.

4. Lawful Bases for Processing

​Under the UK General Data Protection Regulation and the Data Use and Access Act 2025, we rely on the following lawful bases for processing:

• Public task – where processing is necessary to perform our functions as a local authority
• Legal obligation – where processing is required by law
• Consent – where explicitly given for specific, non-essential activities
• Vital interests – where processing is necessary to protect life or safety

In limited circumstances where processing does not fall within our statutory public task, the Council may rely on legitimate interests, provided such processing does not override the rights and freedoms of individuals.
Where the Council processes special category data (for example health or safeguarding information), this is carried out in accordance with Article 9 UK GDPR and Schedule 1 of the Data Protection Act 2018, and only where necessary and proportionate for the performance of our statutory functions.

5. Automated Decision-Making and Profiling

​We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
If this position changes, we will update this Notice and provide appropriate information about your rights.

6. Data Sharing

​We may share personal data where necessary and lawful with:

• Government departments, regulators, and statutory bodies
• Contractors or service providers acting on our behalf
• Other public authorities to support joined-up public services
• Professional advisers (such as auditors, insurers, or legal advisers) where required
• IT and system providers hosting Council systems under contract

All third-party processors are required to meet appropriate data protection and security standards. We do not sell personal data.

7. International Transfers

​Personal data is normally processed within the United Kingdom.
Where data is transferred outside the UK, appropriate safeguards will be in place, such as adequacy regulations or approved contractual mechanisms.

8. Data Security and Accountability

​We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. This includes:

• Access controls and secure systems
• Staff training and confidentiality obligations
• Governance of suppliers and data processors

We are committed to the principles of accountability and transparency in how we handle personal data.

9. Data Retention

​Personal data is retained only for as long as necessary for the purpose for which it was collected, in accordance with statutory requirements and the Council’s approved retention schedule. Where appropriate, specific retention periods are defined by legislation or regulatory guidance. Further details of the Council’s retention framework and retention schedule are set out in the Council’s Data Retention & Deletion Policy, which is available on request

10. Your Rights

You have rights under data protection law, including the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure in certain circumstances
• Object to or restrict processing
• Withdraw consent where processing is based on consent
• Lodge a complaint with the Information Commissioner’s Office

Information Commissioners Office:
​​Website: https://ico.org.uk
Telephone: 0303 123 1113

11. Updates to This Notice

​This Privacy Notice is kept under regular review and may be updated to reflect changes in law, guidance, or Council practices. The most current version will always be published on our website. This Notice should be read alongside other Council notices and policies, including those relating to freedom of information, environmental information, and electronic communications, where applicable.

Approved TCM 11.03.26 published 25.03.26