Liquor Licensing Applications Privacy Statement

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

The sale of alcohol to the public in any circumstance must be licenced by a Licensing Board. Locally the
Board is the District of Stirling Licensing Board. As such it is worth noting at the outset that the processing of liquor applications (the function covered by this privacy notice) is done on behalf of the Board by Stirling Council officers.

Liquor licences are obtained by means of submitting of an application, which then follow a procedure of submitting onto relevant software and then consulting with relevant officers and/or bodies. Applications are
then determined by the Licensing Board or, in some cases, officers who are permitted to do so under delegated authority from the Board. Finally, the licences are issued to the applicant. Please note that ‘liquor licensing’ includes applications made under the Gambling Act 2005 for the purposes of this survey.

The following liquor licences are applied by submitting an application to the Council’s licensing department:

• Personal Licences (Part 6 of the Licensing
  (Scotland) Act 2005 (the 2005 Act)
• Premises Licences and Provisional Premises Licences (Part 3 of the 2005 Act)
• Occasional Licences (Part 4 of the 2005 Act)
• Extended Hours Licences (Part 5 of the 2005 Act)
• Variation of Premises Licence (Part 3 of the 2005 Act)
• Transfer of Premises Licence (Part 3 of the 2005 Act)
• Gambling applications (Gambling Act 2005)
• Anything which relates to one of the above (e.g. updating records, annual fee etc.)

For all liquor licence applications, data is processed for the purpose of the Board assessing the application and determining whether the licence should be granted or
refused.

Certain supplementary purposes to that core function include:

• To provide all relevant parties in the licensing process with the information required to fulfil their function and feed into the Board’s determination as to whether the licence should be granted or refused
• To allow for ongoing reference which allows for practical uses such as contacting licence holders to advise of upcoming renewals, annual fees and to
  enable the Licensing Standards Officer to visit and for monitoring of licence compliance (e.g. on receipt of complaints as to licence holders)
• Reporting to elected members and Board, as appropriate, as to the determination of licences (e.g. the schedule of licences granted under delegated authority which is submitted to the Board each cycle)
• To comply with statutory requirements (Licensing (Scotland) Act 2005).

Personal data may be about the applicant (for a personal licence) or the premises manager (for a premises licence) or other relevant individual who is making the application on behalf of a licence holder because of their connection to them, or their role in connection with the liquor licence.

Circumstances in which personal data for someone other than the applicant themselves might be received by the licensing team would include:

• Existing licence holders (whose information is already held by the Board)
• Directors of companies/Partners in businesses if the licence applicant is not a natural person
• Employees of businesses (e.g. premises manager)
• People making objections/representations for any given application
• Legal representatives
• Transferees of a licence
• In some circumstances members of the public may contact the team to request information on a licence of the licence application process.

An application may contain data on more than one data subject

The type of personal data that is processed varies depending on the data subject and the type of application.

Personal Data

• Name (all data subjects, all applications)
• Address (all data subjects, all applications)
• D.O.B (most data subjects, all applications)
• Place of birth (some data subjects, some
  applications)
• National Insurance Number (some data subjects, some applications)
• Phone Numbers (most data subjects, all
  applications)
• Email Address (most data subjects, all applications)
• Criminal Convictions (licence holders and potential licence holders, all applications)
• Training Details (licence holders only, most applications)
• Passport-style Photos (personal licence applicants only, personal licence applications only)
• Payment details may also be provided but are not included within application forms themselves

Personal data relating to criminal convictions and
offences is also processed.

We process personal data to comply with a legal obligation. All licensing applications and the subsequent processes are governed by specific statute. The information
required to be submitted by data subjects/data subject controllers are necessary as a task carried out in the public interest or in the exercise of official authority vested in the controller.

Specifically, District of Stirling Licensing Board is acting under the Licensing (Scotland) Act 2005 in determining liquor licensing applications. The relevant parts of the
Act are referred to above and specific reference to the sections under which applications are shared for example with Police Scotland can be pointed to if that level of detail is required. (The Board may also on occasion act under the Gambling Act 2005).

With regard to personal data about criminal offences, when details are sought either from an applicant directly or obtained from Police Scotland as to whether or not an applicant has any relevant convictions, that is done on the basis of specific legislative provision under the
2005 Act which requires the Board to copy the
application to the chief constable. (For personal licence applications see section 73 of the 2005 Act – Notification of Application to chief constable).

The large majority of personal data is submitted by the data subject themselves.

Exceptions to this may be:

• For some applications, information on other data subjects comes from the applicant (e.g. the individual filling out the application form may provide
  information on a designated premises manager, directors, employees, transferee etc.)
• Police Scotland may provide information regarding an individual’s criminal convictions.

Licensing regularly receives personal data from Police Scotland. The information is shared under statutory obligations stipulated throughout the Licensing (Scotland) Act 2005.

Employers may provide personal data of their
employees on their behalf (e.g. a Premises Licence application which names and provides details of their Designated Premises Manager within it).

Electronically, both on specialist software (Northgate GLAMIS) as well as a shared licensing department drive on the Council system.

Through email records of licensing team members who issue licences/ arrange for appropriate checks and answer queries

Paper copies of all applications and granted licences are kept in archive

Personal data may also form part of Licensing Board agendas/ papers.

Premises licences are ongoing and personal licences last for 10 years. As such, the retention policy for
liquor is likely to ‘kick in’ at a later stage as we have interpreted the retention rules as applying from the expiry of the relevant licence

• Personal licences – 2 years
• Premises licences – 2 years
• When licences are revoked or surrendered – 5 years
• Hard copies of most applications are archived for 3 years.
• Occasional and Extended Hours applications, and the data therein, are kept for one year.

Data may be shared with Police Scotland as part of a wider statutory duty

Data may occasionally be requested of, or shared with, other local authorities to assist in specific situations if for example the licence holder has licences with both Boards.

The National Fraud Initiative (NFI) is an exercise that matches electronic data within and between public and private sector bodies throughout the United Kingdom to
prevent and detect fraud. Stirling Council, which participates in the NFI, is required by law to protect the public funds it administers. We may share certain information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

• The right of access – You have the right to request information we hold about you. This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex.
  
  
• The right to rectification - You are entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner
  
  
• The right to erasure - You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example, if we have a legal obligation to keep the information. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.
  
  
• The right to restrict processing - You have the right to restrict how your data is processed in certain circumstances, for example, if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. We must tell you if we decide to lift a restriction on processing.
  
  
• The right to data portability – You have the right to object to processing, if we are processing your personal data with your consent, and it is held in a structured, commonly used, machine-readable form, you have a right to ask us to transmit it to another data controller so they can use it. This right does not apply if we process your personal data as part of our public task.
  
  
• The right to object - You can object to your information being used for profiling, direct marketing or research purposes.
  
  
• You have rights in relation to automated decision making and profiling - to reduce the risk that a potentially damaging decision is taken without human intervention.

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.