Civic Licensing Applications Privacy Statement

First published

23 Mar 2023

Last updated

06 Aug 2024

Civic Licensing Applications Privacy Notice

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

Who do I contact about my personal information?

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

Why does the Council process personal information?

For all civic licence applications, data is processed for the purpose of the Council assessing the application (or renewal) and determining whether the licence should be
granted or refused.

Many different services which involve different forms of trading or certain commercial activities must by law be licenced by local authority. Licences are obtained from
Stirling Council by means of submitting an application, which then follows a procedure of inputting onto relevant software and then consulting with relevant officers and bodies. Applications are then granted or refused by officers under the Council’s Scheme of
Delegation, or on in certain circumstances, the
Council’s Planning and Regulation Panel. Finally, the licences are issued to the applicant.

The following civic licences are applied by submitting an application to the Council’s licensing department:

  • Taxi Driver’s Licence (Part 2 of the Civic
    Government (Scotland) Act 1982 (the 1982 Act))
  • Taxi Vehicle Licence (Part 2 of the 1982 Act)
  • Private Hire Driver’s Licence (Part 2 of the 1982 Act)
  • Private Hire Vehicle Licence (Part 2 of the 1982 Act)
  • Taxi Booking Office Licence
  • Second Hand Dealer’s Licence
  • Skin Piercing and Tattooing Licence
  • Window Cleaner’s Licence
  • Public Charitable Collection
  • Public Entertainment Licence
  • Temporary Public Entertainment Licence
  • Street Trader Licence
  • Market Operator’s Licence
  • Metal Dealer’s Licence
  • Venison Dealer’s Licence
  • Cinema Licence
  • Knife Dealer’s Licence

(Please note that other types of applications may be submitted, such as sex shops (Part 3 of 1982 Act) and indoor sports entertainment. However, in practice these applications are not submitted to the Council).

The type of personal information we collect

All civic licence applications request general personal details such as name and contact details but beyond that, the personal information sought may vary from application to application.

Most personal data processed in civic licensing relates to the person applying for a licence.
The personal data that is processed varies depending on the data subject and the type of application.

Personal Data

  • Name (all data subjects, all applications)
  • Address (all data subjects, all applications)
  • D.O.B (all data subjects, all applications)
  • Place of birth (some data subjects, some
    applications)
  • National Insurance Number (some data subjects, some applications)
  • Phone Numbers (most data subjects, all
    applications)
  • Email Address (most data subjects, all applications)
  • Criminal Convictions (licence holders and potential licence holders, all applications)
  • Training Details (licence holders only, most applications)
  • Passport-style Photos (personal licence applicants only, personal licence applications only)
  • Insurance details (most data subjects, most applications)
  • Medical records (drivers only, driver applications only)

Circumstances in which personal data for someone other than the applicant themselves might be received by the licensing team would include

  • Existing licence holders (whose information is already held by the licensing authority)
  • Directors of companies/Partners in businesses if the licence applicant is not a natural person
  • Employees of businesses (e.g. the ‘Day to Day Manager’ named on a taxi vehicle licence who is not himself the licence holder and as such would not make the application)
  • People making objections/representations for any
    given application
  • Legal representatives
  • For public events, an applicant will provide data on subjects operating at the event (e.g. operator, traders, performers)
  • In some circumstances members of the public may contact the team to request information on a licence of the licence application process

“Special Category” Data

  • Health (physical or mental) - only for taxi and private hire drivers if there is some medical development, not obtained as standard in every application
  • Racial or ethnic origin - Race Equality Form at the back of application forms for some applications. We are not clear as to why exactly these are here and they are not always completed

Data relating to criminal convictions and offences is also
processed.

What makes it lawful for the Council to process this personal information?

We are processing personal data to comply with a legal obligation.

All licensing applications and the subsequent processes are governed by specific statute. The information required to be submitted by data subjects/data subject controllers is necessary to fulfil statutory obligations.

Specifically, Stirling Council is acting as licensing authority under the Civic Government (Scotland) Act 1982 in determining civic licensing applications. (It may also on occasion act under the Cinemas Act 1985)

Where does the Council obtain personal information from?

The large majority of personal data is submitted by the data subject themselves.

Exceptions to this may be:

  • For some applications, information on other data subjects comes from the applicant (e.g. the individual filling out the application form may provide
    information on a day to day manager, directors, employees associated to the licence)
  • Police Scotland may be source of an individual’s criminal convictions
  • Doctors may in some situations provide medical information on a data subject in relation to taxi/private hire drivers.
    For most civic applications, data is passed to at least one of the following internal departments:
  • Environmental Health
  • Roads
  • Planning
  • Cleansing and Waste
  • Trading Standards
  • Building Standards

Licensing regularly receives personal data from Police Scotland under statutory obligations (Section 2 of the 1982 Act: “A Licensing Authority shall, as soon as an application for the grant or renewal of a licence is made to them, send a copy of the application to the chief constable…”)

Where does the Council keep personal information?

Electronically, both on specialist software (Northgate GLAMIS) as well as a shared folders on the Council network.

Email records of licensing team members.

Paper copies of all applications and granted licences are kept in archive

Some data also may form part of formal Planning & Regulation Panel papers (although if sensitive personal data would typically be an exempt item).

How long does the Council keep personal information?

3 years (from registration lapsing) with Records Centre asking the team after that period whether specified records can be destroyed.

Who does the Council share personal information with?

Police Scotland as part of a wider statutory checks that the licensing authority is require to carry out prior to determination of a licence.

Fire Services on specific applications
Occasionally be requested of, or shared with, other local authorities to assist in specific situations if for example they have licences with both authorities.

The National Fraud Initiative (NFI) is an exercise that matches electronic data within and between public and private sector bodies throughout the United Kingdom to prevent and detect fraud. Stirling Council, which
participates in the NFI, is required by law to protect the public funds it administers. We may share certain information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Your rights

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

  • The right of access You have the right to request information we hold about you. This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex.

  • The right to rectification - You are entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner

  • The right to erasure - You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example, if we have a legal obligation to keep the information. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.

  • The right to restrict processing - You have the right to restrict how your data is processed in certain circumstances, for example, if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. We must tell you if we decide to lift a restriction on processing.

  • The right to data portability – You have the right to object to processing, if we are processing your personal data with your consent, and it is held in a structured, commonly used, machine-readable form, you have a right to ask us to transmit it to another data controller so they can use it. This right does not apply if we process your personal data as part of our public task.

  • The right to object - You can object to your information being used for profiling, direct marketing or research purposes.

  • You have rights in relation to automated decision making and profiling - to reduce the risk that a potentially damaging decision is taken without human intervention.

Complaints and comments

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.

Contents