How the council uses personal data and how you can exercise your rights under data protection law in respect of any personal data the council may hold about you.

Personal data

Personal data is information that can be used to identify a living individual. That information can be in a variety of formats. For example, electronic on a computer, paper in a filing system or in more unusual formats such as CCTV footage.

How we use your personal data

We collect and use personal data to provide public services, such as those connected to:

  • social care
  • administering social welfare payments
  • grants
  • housing
  • education
  • licensing
  • the environment
  • highways
  • planning

Privacy notices

See the privacy notices for Dorset Council and our individual services. These explain in more detail what we do with personal data.

Rights regarding held personal information

You have information rights over personal data the council is processing about you. Your information rights include the right to:
  • be informed about how your personal data is being used, who it is/will be shared with, for what purpose and for how long it will be retained
  • access a copy of the personal data we hold about you
  • rectification of personal data we hold about you if the information is inaccurate
  • erasure of personal data that we hold about you
  • restrict how we use your personal data, such as the range of purposes it may be used for
  • on request, be provided with your personal data in a structured, commonly used and machine readable format that you can transfer to another service provider
  • object to how we are using your personal data
  • not be subject to a decision based solely on automated processing, including profiling, which significantly affects you
These rights are not available in every case. For example, the right to receive a copy of your personal information could be restricted if the effect of complying with the request would be to prejudice the prevention or detection of crime. Similarly, the right of erasure is not always available, and depends on the council’s reasons for holding your personal data.

Request a copy of your personal data

You can fill out a Subject Access Request (SAR) form to request a copy of your personal data. You will need an electronic version of two types of proof of identity in order to complete this form such as a birth certificate, driving licence or passport.

Individual rights form

You will need an electronic version of proof of identity in order to complete this form such as a birth certificate, driving licence or passport.
You can also print the SAR Form or Individual Rights Form and post it to to us, marked for the attention of the Data Protection Officer, at: Dorset Council (Assurance Service), Colliton Park, Dorchester, DT1 1XJ.

Timeframe for processing a request

We must tell you what we have done within one month. This can be extended by two months where the request is complex. If an extension of time is necessary, we will tell you.

Concerns about the outcomes of a request

Whilst we try to resolve any concerns with you directly, ultimately this will not always be possible. If you do not agree with how we have responded to your request, you have the right to complain to the Information Commissioner’s Office (ICO).

Concerns about a possible data breach

If you have any concerns about the way that your personal data has been used or if you wish to make us aware of a potential data breach, please inform our data protection team.

Claiming compensation if you think that we may have breached your personal data

Most of the council’s processing of personal data falls under the UK GDPR. This law gives any person who has suffered damage as a result of an infringement of the UK GDPR the right to receive compensation for the damage suffered. If you think you have a right to compensation, you should consider seeking your own independent legal advice. You may also contact our Insurance Team for further information.

Contact us