Councillors: privacy

Introduction

This Privacy Notice explains how personal data is processed by elected councillors of Hart District Council in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It is subject to regular review to ensure compliance with current legislation.

The Councillor’s role as a Data Controller

Data Controllers are responsible for ensuring that any personal data they collect and use is processed lawfully, fairly and transparently.

Each councillor acts as a Data Controller when handling personal data in their role as an elected ward representative, outside of formal council business, such as:

• Constituency casework: When a resident contacts a councillor for help with a personal issue (e.g., housing concerns, planning objections, benefits queries) and the councillor liaises with relevant bodies on their behalf.
• Community engagement: When a councillor organises or attends local events, meetings or surgeries and collects personal data from attendees to follow up on issues or provide updates.
• Local campaigns: When a councillor runs or supports a campaign on a local issue and collects personal data to coordinate efforts or keep supporters informed.

In some circumstances, councillors act on behalf of Hart District Council rather than in their individual capacity. In these cases, Hart District Council is the Data Controller and the councillor is acting as a representative of the Council. 

This typically applies when:

• The councillor is performing duties as part of a formal council committee or sub-committee.
• The councillor is working with council officers on a matter that falls under the Council’s statutory responsibilities.
• The councillor is accessing or using council systems, databases or platforms to process personal data.
• The councillor is involved in council-led consultations, surveys or service delivery.

In these scenarios, the processing of personal data is governed by the Council’s overarching privacy policies and procedures. 

Purpose of processing

Councillors process personal data to:

• Respond to enquiries and requests for assistance from constituents.
• Represent constituents in council matters.
• Raise issues with relevant authorities or organisations on behalf of constituents.
• Communicate updates, news and information relevant to their ward.

Lawful basis for processing

Councillors rely on the following lawful bases under UK GDPR:

• Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Consent: Where a constituent has explicitly asked a councillor to act on their behalf
• Legal obligation: In some cases, processing may be required to comply with legal duties.

For special category data, councillors must identify an additional lawful basis under Article 9 of UK GDPR, such as:

• Explicit consent.
• Substantial public interest (e.g. elected representatives responding to requests).

Categories of personal data 

Councillors may collect:

• Basic personal data: Name, address, email, phone number
• Case-specific data: Details of the issue or concern raised
• Sensitive data (special category): Health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, trade union membership and criminal convictions – only where relevant and necessary.

Sources of data

Personal data may be obtained from:

• The individual directly
• Other constituents or community groups
• Public petitions or surveys
• Council officers or external agencies involved in the matter

Data sharing

To resolve constituent issues, councillors may share personal data with:

• Hart District Council officers
• Other ward councillors
• Hampshire County Council
• Local MPs
• Housing associations, NHS bodies, or other relevant organisations

Councillors will inform constituents about who their data is shared with unless there is a legal or safeguarding reason not to.

Data retention

Personal data will be retained only for as long as necessary to fulfil the purpose for which it was collected. Councillors will securely dispose of data once it is no longer needed, in line with council retention schedules and legal obligations.

Data security

Councillors are responsible for ensuring that personal data is stored securely, whether in physical or digital form. This may include:

• Using secure council email accounts
• Protecting devices with passwords and encryption
• Avoiding the use of personal devices or accounts for council business

Your rights

Under UK GDPR, individuals have the right to:

• Access their personal data
• Request correction of inaccurate data
• Request erasure of data (where applicable)
• Object to processing
• Restrict processing
• Lodge a complaint with the Information Commissioner’s Office (ICO).

Contact

If you have concerns about how your data is being handled or wish to make a subject access request, you can contact your councillor directly using the details provided on the Hart District Council website at www.hart.gov.uk/councillors.

Complaints and contacting ICO

If you have concerns about how your personal data has been handled by a councillor and you are not satisfied with the response you receive, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

The ICO is the UK’s independent authority set up to uphold information rights and data privacy for individuals.

You can contact the ICO using the following details:

• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Email: casework@ico.org.uk
• Post:
  Information Commissioner's Office
  Wycliffe House
  Water Lane
  Wilmslow
  Cheshire, SK9 5AF

Before contacting the ICO, it is recommended that you first raise your concern directly with the councillor or with Hart District Council’s Data Protection Officer to give them an opportunity to resolve the issue.