Emergency Planning Privacy Statement

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

We process personal data to ensure we can carry out our responsibilities in relation to Emergency Planning.

This includes when we have been given advanced notice of an emerging emergency planning incident or for system testing. The reasons why Emergency Planning would process your personal data are listed below:

• Community Resilience Plans
• Rest Centre Key holder Information
• Incident Response Team Contact Details
• Resilience Partnership Contact Details
• Vulnerable Persons at Risk Data in the geographical area of the emergency.

The personal data is about:

• Community Resilience Teams
• Incident Response Team
• Multi-Agency Resilience Partners
• Rest Centre Premises Key holders
• Vulnerable persons at risk in the community

Personal Data Date

• Names
• Addresses
• Data of Birth
• Email
• Phone Numbers
• Social Work/CHI reference number

Special Category Data

• Health (both physical & mental)

Under the Civil Contingencies Act 2004 there is an expectation that Category 1 Responders (including Local Authorities and NHS Boards) should share information to aid response to emergencies. This information needs to be accessible in a timely and efficient manner in an emergency.

GDPR Articles:
6(1)(e) - processing is necessary for the performance of a task carried out in the public interest

6(1)(d) - processing is necessary in order to protect the vital interests of the data subject or of another natural person (will only be used when there is no other legal basis)

9(2)(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;

9(2)(c) – processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally capable of giving consent
9(2)(i) – processing is necessary for reasons of public health, such as protecting against serious cross-border threats to health.

Community Resilience Teams give data as part of their resilience plans.

Incident Response Team give data as part of their role in IRT.

Local Resilience Partners provide contact details of all registered members.

Rest Centre key holders give data as part of their role

Vulnerable persons at risk data may be obtained by any of our resilience partners, in particular the NHS and Police to assist with the protection of life. The Civil Contingencies Act 2004 places a duty on Category 1
organisations such as the Council to share information.

Council network drive, secure mapping systems, encrypted memory sticks and hard copies.

Personal data for community resilience plans, rest centre key holder information, resilience partnership contact details and incident response team contact details is retained until it is no longer current.

Vulnerable persons at risk data from the Council or shared by another Category 1 Responder is only retained during the period of time when the emergency is ongoing and persons require to be protected.

Personal data is not shared with anyone outside the Council, unless using the powers under the Civil Contingencies Act 2004 during an emergency planning incident to protect life.

Third party provider Improvement Service (Data Hub) & Helping Hands as part of COVID-19 support.

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

• The right of access – You have the right to request information we hold about you. This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex.
  
  
• The right to rectification - You are entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner
  
  
• The right to erasure - You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example, if we have a legal obligation to keep the information. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.
  
  
• The right to restrict processing - You have the right to restrict how your data is processed in certain circumstances, for example, if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. We must tell you if we decide to lift a restriction on processing.
  
  
• The right to data portability – You have the right to object to processing, if we are processing your personal data with your consent, and it is held in a structured, commonly used, machine-readable form, you have a right to ask us to transmit it to another data controller so they can use it. This right does not apply if we process your personal data as part of our public task.
  
  
• The right to object - You can object to your information being used for profiling, direct marketing or research purposes.
  
  
• You have rights in relation to automated decision making and profiling - to reduce the risk that a potentially damaging decision is taken without human intervention.

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.