Privacy statement

Protecting your information

Any information held by the council about individuals is held securely and in compliance with the Data Protection Act 1998 and GDPR. This council is committed to protecting its service user’s personal data. We have put measures in place to ensure that our staff, service providers, partners and suppliers all look after your information in line with good practice and the law. These follow the rules and practices known as Information Governance (IG).

The information security measures we've put in place include:

  • following good Information Governance practice and the law when it comes to collecting, handling and giving access to information
  • training staff in their data protection responsibilities
  • putting processes in place to ensure good Information Governance practices for information we collect, hold or handle in both manual and electronic forms
  • access to your information is only given to those who need to know and where it is necessary
  • information will not be held for longer than required and will be disposed of securely
  • we encrypt all our electronic devices and sensitive information that is transmitted is encrypted How you can access, update, restrict, remove or correct your information

Your Rights

You have certain rights under the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR), these are:

● The right to be informed via Privacy Notices such as this.

● The right of access to any personal information the council holds about you.


To request a copy of this information you must make a subject access request in writing, either via a letter to Risk and Assurance Team,

The Royal Borough of Kingston Upon Thames,

The Guildhall,

Kingston Upon Thames,


KT1 1EU.


To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.

Presently the council must respond within 40 calendar days of receiving a request and the council may charge for the service.

From May 2018 the council must respond within a month, which may be extended by a further two months if the request is complex and the service is free.

● The right of rectification.

We must correct inaccurate or incomplete information.

● The right of erasure otherwise known as the fight to be forgotten comes into effect in May 2018. You will have the right to have your information erased and to prevent processing unless we have a legal obligation to process your information.

● The right to restrict processing.


From May you have the right to restrict the processing of your data in the limited circumstances provided in law. For example, where the accuracy of the data is contested or the processing is unlawful (and you have requested data restriction) or where the council no longer needs the data. Where those circumstances are present, we will quarantine your information so that it is only used for a more limited range of purposes permitted within the law, such as handling legal claims.

● The right to object. You can object to your information being used and the council may continue using your information unless you can demonstrate that you are justified in your objection.

From May 2018 the council will stop processing your information unless it can demonstrate that it has compelling grounds for continuing the processing, or that the processing is necessary in connection with its legal rights.

● Data Portability. From May 2018 you have the right to get personal data in a machine readable format where you have provided your personal data directly to the council and where the council is relying on consent or performance of a contract as the lawful basis for processing data.

● Automated Decision Making and Profiling. You have rights in relation to automated decision making and profiling including the right to be told if your data is subject to automated decision making and profiling.


Heading 2- Information Commissioner’s Office


The Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights.

If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the ICO’s website. If you have any concerns regarding our privacy practices or about exercising your Data Protection rights, you may contact the ICO: Information Commissioner's Office

Wycliffe House

Water Lane