Information requests privacy notice
What services are being provided?
Legal and Democratic Services
- requests for information under the Freedom of Information Act 2000 and Environmental Information regulations 2004 and general enquiries
- requests made under the General Data Protection Regulation and Data Protection Act 2018 and general enquiries
- data protection related requests, complaints and investigation of reported actual or potential personal data breaches
What personal data do we need from you?
- email address
- date of birth
- unique identifiers eg social care references
- details of services individual has had contact with
- proof of ID eg passport, driving licence
- proof of parental responsibility eg birth certificate
- information you provide to describe your enquiry or report
Freedom of information:
- email address
Special category data
In order that we may deliver services appropriate to your needs we may also ask for the following ‘special category’ (sensitive) information about you which may include data protection - whether or not you have been in contact with Dorset Council health related services.
Personal information about you from others
To help us provide services appropriate to your needs we may receive personal information about you from others such as:
- family members (acting on your behalf)
- friends (acting on your behalf)
- other local authorities (acting on your behalf)
- solicitors (acting on your behalf)
Who will be using your personal information?
The following organisations or departments may use the information you provide:
- any department within the council that you identify, in order to seek the information that you have requested
- we may also share information with any departments that you are open to / were open to / you advise us to approach for information
Please note that Freedom of Information requests are now managed via a case management system called Infreemation, operated by Digital Interactive. They only store your data and will not use it for any other purpose. They are a data processor.
The Data Controller is Dorset Council.
The Data Protection Officer for Dorset Council may be contacted at email@example.com
Dorset Council may use an additional external information technology provider (if appropriate – eg Servelec for Social Care) which will process your data (a data processor) for these and related activities.
What will your information be used for and what is the lawful basis for requesting and using it?
Your information will be used for proving your identity / processing your request for information / identifying which information you require / investigating and acting on reports of personal data breaches and data protection enquiries.
Please not that if we cannot use your data we may not be able to provide you with these services.
Our Lawful basis for using your information is:
- legal obligation (General Data Protection Regulations, Data Protection Act 2018, Freedom of Information Act 2000 & Environmental Information Regulations 2004)
- we have a statutory duty to provide the public with these services
- depending on the request, data protection related requests may also require consent
For further information about this you can visit the Information Commissioners Office website
If the information you provide to us to describe your request contains special category data, such as health, religious or ethnic information, the legal basis we rely on to use your personal data is Article 9(2)(g) of the GDPR, which relates to our public task and the safeguarding of your fundamental rights and schedule 1, part 2, paragraph 6 of the Data Protection Act 2018 which relates to statutory and government purposes.
With which other organisations may we share your data?
If this is necessary in order for us to provide you with one of the above services, we may share personal data:
- internally with any Dorset Council service area
- externally with any third party data processor that holds personal data on behalf of Dorset Council
On occasion we may share personal information with law enforcement or other authorities if required or allowed by applicable law. Where this occurs we will attempt to ensure that appropriate safeguards are in place.
Will your data be stored in, processed or accessible from countries outside the UK, EU or EEA countries?
No, your data will not be stored in, processed or accessible from countries outside the UK, EU or EEA countries.
How long will we keep your data?
We will hold your information for 3 years as per our retention schedule.
Our use of your data will be subject to your legal rights as described at Information Commissioner's Office. More information about Privacy Law, our obligations and your Rights: can be found at:
If you have concerns over the way we are asking for or using your personal data, please raise the matter with our Data Protection Officer.
If you still have concerns following our response you have the right to raise the matter with the Information Commissioner's Office