Privacy and data

Who we are and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire, and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to the Cheltenham Trust, Cheltenham Borough Homes, Cheltenham Leisure & Culture, Cotswold National Landscape and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Publica’s Accountancy & Finance section provides a range of financial services to the partner councils and external clients including financial planning, statements of accounts, budgeting, financial systems and controls, payments and strategic payroll.

Publica is a data controller and data processor under the Data Protection Legislation; we collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations.

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited  
Trinity Road, Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

Publica’s Accountancy & Finance section holds information about individuals so that it can carry out effective financial management including the list is not exhaustive:

• processing payments to external individuals
• processing payments to employees and elected councillors
• recording transactions on the ledger
• properly accounting for expenditure and income
• budget setting and budget monitoring
• providing financial management information
• costing staffing budgets
• providing financial analysis and advice to internal and external customers
• management of corporate and accounts
• submission of government grant funding claims
• administration of employee car loans and leases

We also have a statutory and regulatory obligation to provide these services in accordance with the following legislations, the list is not exhaustive:

• On behalf of each partner council: the Section 151 of the Local Government Act 1972 requires local authorities to make arrangements for the proper administration of their financial affairs
• On behalf of each partner council: The CIPFA Statement on the role of the Chief Financial Officer (CFO) in local government describes the role and responsibilities of the CFO including responsibility for the finance function
• On behalf of each partner council: the CFO and the Accountancy & Finance service require to access individuals’ information as required in order to carry out the role
• The Local Government Finance Act 1988 (Rates)
• The Local Government Finance Act 1992 (Council Tax)
• Localism Act 2011
• Contract – Traded services
• Consent – Consultations

What type of information is collected from you

Publica’s Accountancy & Finance section collects and processes the following types of personal data in order to provide the services:

• personal, for example: name, address, telephone, date of birth (Where a supplier is a sole trader the business address details will potentially be the individual’s personal data. It is noted that where this crossover occurs the individual’s personal data will be provided full data protection and will not be used for purposes outside those of the related business entity)
• employee information, for example, payroll number, salary, taxation, national insurance, pension details, sickness details
• bank account details
• email addresses
• private vehicle details
• personal details relating to insurance claims
• Insurance related legal records.

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact on our ability to provide some services to you.

Who your information may be shared with (internally and externally)

Publica’s Accountancy & Finance section procures systems from various suppliers to support its financial management role. The following providers may have access to your information purely for the purposes of supporting our systems; they will not use your information for any other purpose:

• Unit 4 (Agresso Business World)
• Civica Payments

Publica’s Accountancy & Finance section may share or disclose your information to any of the following recipients as may be necessary for the financial administration of the authority in line with statutory obligations and/or to comply with contractual obligations relating to it:

• service providers, professional advisers and auditors who in certain circumstances will also be “data controllers”
• regulators, the government, local and foreign law enforcement authorities
• His Majesty’s Revenue and Customs
• local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws
• past and present insurance providers, brokers and claims handlers.

How long we keep your information (retention period)

Data is only held as long as is necessary, unless superseded by statutory regulation, and disposed of securely when it is no longer needed.

How we protect your information

Your data is stored securely on Publica’s systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on Publica’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

For any payments which we take from you online we will use a recognised online secure payment system.

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data
• to be provided with information about how your personal data is processed
• to have your personal data corrected
• to have your personal data erased in certain circumstances
• to object to or restrict how your personal data is processed
• to have your personal data transferred to yourself or to another business in certain circumstances
• you have the right to be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner. 

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date please email us or write to us at:

Accountancy & Finance Services
Publica Group (Support) Ltd
Trinity Road, Cirencester, GL7 1PX
Email: customer.services@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.gov.uk

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

We are ‘Publica’ Group (Support) Limited and are a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to the Cheltenham Trust, Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Publica is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations. Publica is also a data processor under the Data Protection Legislation as we collect and process personal information on behalf of our Clients when delivering shared services.

The Communications team works with all Client services to deliver and advise on communications activity including, but not exclusively, media relations, proactive campaigns, marketing, public information and internal (staff and Councillor) communications.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

How we communicate with our Clients’ residents and third parties is really important to us. We are always working to let Clients’ residents and third parties know about what we are doing for local communities, provide updates on vital services and help you better understand how we operate and the decisions we take.

The Communications team processes personal data to enable to team to prepare communications and deal with media requests. The team does not routinely collect special category personal data.

We collect this information by:

• telephone, email, social media, writing or in person
• Electronic sign up forms such as e-bulletin subscriptions

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are;

• Your consent. This is required if you appear in photographs or videos used for promotional or media coverage or if you subscribe to receive direct marketing from us e.g. newsletters. Consent only relates to the specific purpose for which it has been given and you can withdraw your consent at any time. We do not rely on consent as a legal basis for any other processing.
• We need it to perform a public task Article 6(1)(e). To fulfil the duty to inform and engage with Clients’ residents and other partners.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Other contact details – email address and telephone number
• Parental consent and contact details for entrants aged 18 or younger

Others include:

• Video footage
• Photographs
• Films or words

Special categories of personal data

We will not purposely collect any special category or criminal data. Photographs or videos may collect special category data including:

• personal data revealing racial or ethnic origin
• personal data revealing political opinions
• personal data revealing religious or philosophical beliefs
• data concerning health

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

We may also receive your personal information indirectly for PR or marketing purposes from our Clients and other organisations (e.g. Emergency Services, Landlord, Housing Associations, third sector partners) regarding an individual.

Your data may be shared externally with organisations for media publicity and via emailed press releases to organisations. You will also be asked if you consent to this beforehand.

Apart from where previously stated, we do not pass your details to third parties without your consent or unless we are lawfully required do so.

How long we keep your information (retention period)

We will only retain your personal information for as long as we are required to do so by law and the purpose, we collected it for.

The retention period is either dictated by law or by our discretion. Once your data is no longer needed it will be securely and confidentially destroyed or dispose of the data in line with retention schedules.

• Photos/Video footage – three years
• E-forms – one year

How we protect your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on Publica’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to Publica sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Publica will not transfer your personal data outside the EU without your consent.

Publica have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk. 

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date, please email us or write to us at:

Communication Team
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: enquiries@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

You can also complain to the Information Commissioner: https://ico.org.uk

Publica reserve the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

Publica Group Limited is a council-owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

Publica is a Data Controller and Data Processor for the purposes of the Data Protection Legislation (UK General Data Protection Regulation and the Data Protection Act 2018).

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

We will only collect personal data where it is necessary for us to respond to the complaints, queries or feedback that you present to us.

Personal data that is collected for any of the purposes outlined in this notice is never used for direct marketing purposes and is not sold on to any other third parties.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• If you are providing feedback in the form of a complaint or are reporting an issue with a service that Publica is responsible for providing, we rely upon the lawful condition for processing outlined in Article 6(1)(e) of the UK General Data Protection Regulation (processing for the purposes of delivering a public task that is carried out in the public interest).
• If you are contacting us about one of the services we provide, we rely upon the lawful condition for processing outlined in Article 6(1)(e) of the UK General Data Protection Regulation (processing for the purposes of delivering a public task that is carried out in the public interest).
• If you are making a general enquiry to Publica, we will rely upon your consent to process your personal data under Article 6(1)(a) of the UK General Data Protection Regulation.
• If you are raising a safeguarding concern, we rely upon the lawful condition for processing outlined in Article 6(1)(c) of the UK General Data Protection Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject).

What type of information is collected from you

We may collect and store records about you on our secure Customer Relationship Management   system, which may include:

• Personal information including: name, contact details, personal finance information, personal identification and payment details dependent on the service or response required.
• Recordings of telephone discussions you have with the Customer Service Centre;
• Information you provide us on forms, in emails or via telephone discussions;
• Information you provide us in email correspondence regarding complaints, queries or issues you are experiencing.

We will only ask for personal information that is appropriate to enable us to deliver our services.

In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact on our ability to provide some services to you.

Who your information may be shared with (internally and externally)

To deliver services to you it may be necessary to share your personal data with other services and partner organisations. We may also share information to enable us to comply with court orders and other legal obligations. If this is necessary, we will only share the minimum amount of personal data needed for this purpose.

Please note that we will always endeavour to share only the minimum amount of personal data that is necessary for the intended purposes.

How long we keep your information (retention period)

We will retain your general enquiries and complaints (requesting information, dealt with at first stage). Please see our Customer Services Retention Schedule:

All enquiries sent to a specific service for resolution will be retained under their retention schedule as published in our Corporate Retention Policy.

How we protect your information

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

For any payments which we take from you online we will use a recognised online secure payment system.

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data
• to be provided with information about how your personal data is processed
• to have your personal data corrected
• to have your personal data erased in certain circumstances
• to object to or restrict how your personal data is processed
• to have your personal data transferred to yourself or to another business in certain circumstances
• to be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer at data.protection@publicagroup.uk. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email us or write to us at:

Customer Services
Publica Group Limited
Trinity Road, Cirencester, GL7 1PX
Contact us

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way the Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Data Protection Legislation means the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA18) and all applicable laws and regulations relating to processing of personal data and privacy including, where applicable, the guidance and codes of practice issued by the Information Commissioner.

Publica Group (Support) Ltd is a data controller for the purposes of the Data Protection Act 2018.

Publica Group (Support) Ltd holds and uses a considerable amount of information, including personal data, so that it can provide its services to you. Please see the privacy notice section https://publicagroup.uk/support/privacy-and-data/ to read how we use your personal data.

Our Data Protection Policy leads and advises on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.

Our Data Breach Policy has details on detecting and responding to personal data breach occurrences.

Our Record of Processing Activities (ROPA) describes how and why we use personal information.

The Information Commissioner's Office look after data protection in the UK. We are registered with the Information Commissioner's Office as a data controller (Registration No. ZA282402). Our certificate is available to download at https://ico.org.uk/ESDWebPages/Entry/ZA282402.

Further guidance about the data protection legislation is available from the Information Commissioner’s Office.

Who's responsible for our compliance

The Data Protection Officer is responsible for ensuring our compliance with data protection legislation and with this policy.

If you have any questions about the operation of this policy or any concerns that the policy has not been followed, email data.protection@publicagroup.uk.

You can also write to:
Data Protection Officer
Publica Group (Support) Ltd
Trinity Road
Cirencester GL7 1PX

Complaints

If you're unhappy with the response you've received to an information request, you have the right to complain. You can find out how to make a complaint here: enquiries@publicagroup.uk

It is your right to make a complaint to the ICO: https://ico.org.uk/make-a-complaint/

Data protection principles

The Act contains six data protection principles with an overarching accountability responsibility for data controllers to demonstrate compliance with these principles. This means personal data must be processed:

• Lawfully, fairly and transparently
• For specified, explicit and legitimate purposes and not processed in a manner other than the purpose it was collected
• Adequate, relevant and not excessive
• Accurate and where necessary kept up to date
• Not kept longer than necessary
• With the appropriate security and protection

Personal data shall not be transferred to countries that do not have an adequate level of data protection.

Reporting personal data breaches

Data breaches are defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a data breach is more than just losing personal data.

You must report data breaches to Publica’s Data Protection Officer (DPO) as soon as you become aware of them by emailing data.protection@publicagroup.uk.

There is a strict requirement on us to notify reportable breaches to the Information Commissioner’s Office (ICO) without undue delay and within 72 hours. The clock starts ticking for our Data Protection Officer to make a report to the Information Commissioner’s Office as soon as we become aware of the data breach.

Delays in reporting breaches or suspected data breaches to Publica means that there is less time to investigate these matters and take appropriate action to mitigate any harms which may be caused to the individuals affected.

Please ensure that any data breaches reported include an accurate summary of the personal data involved and the number of people affected.

Data breaches can have a significant detrimental impact on individuals and organisations, so please do all you can to enable us to respond efficiently and well within the reporting requirements.

Our Data Breach Policy has details on detecting and responding to personal data breach occurrences.

Data protection individual’s rights and subject access request

All processing of personal data must be in accordance with the data subject's rights. These include:

• The right to be informed
• The right of access
• The right to rectification
• The right to be forgotten
• The right to restrict processing
• The right to data portability
• The right to object
• The rights in relation to automatic decision making and profiling
• The right to lodge a complaint with the supervisory authority

Subject access and rights requests

Under data protection legislation an individual has the right to access the information that an organisation holds about them. Accessing personal data in this way is known as making a subject access request.

Subject access requests are different to requests submitted under FOI legislation, which relate to information about the organisation itself.

You can find more information here: https://publicagroup.uk/who-we-are/key-information and here: https://ico.org.uk/for-the-public/official-information

You are entitled:

• to be informed whether your personal data are being processed
• to be sent a copy of your personal data subject to any applicable exemptions and the removal of other people's personal data as appropriate
• to be sent certain information about your personal data

Your request to Publica may be submitted in whatever format you wish, but we have created a standard subject access and right request form for your convenience, which may be completed and emailed to data.protection@publicagroup.uk.  

Using the form will help us to verify your identity and give a timely and accurate response to your request. There is no charge to make a subject access request.

Privacy notices

For more information on how we process your personal data please go to: https://publicagroup.uk/support/privacy-and-data/

Retention schedule

Publica’s Data Retention Policy sets out a list of records for which pre-determined retention dates have been established. The retention schedule brings together the following information:

• The name and purpose for processing of Publica's data processing activities; 
• disposal, pseudonymisation or anonymisation of those records which have completed their retention period;
• storage of records which have to be kept after their retention period insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Personal information requests – police and other agencies

In some circumstances, the police and other authorised agencies can request access to personal information held by Publica for specified purposes. These types of requests may be permitted if an exemption under Schedule 2 Part 1 of the Data Protection Act 2018 applies. 

The Data Protection Act does not give an automatic right of access to information, however, it does allow Publica to assess the merits of requests and decide whether or not to apply an exemption. 

Please see the Information Commissioner's guidance on the Data Protection Act exemptions.

To make a request under an exemption, please complete our Data Sharing Request Form. This form will be sent to Publica's Data Protection Officer for consideration.

For more information or assistance, please contact Publica's Data Protection Officer by emailing data.protection@publicagroup.uk.

Who Publica is and what Publica does

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

We are the Corporate Communications team and operate a drone to capture images of council services and images of our district generally.

The councils (as referred above) are the data controllers for the work captured by the drone.

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

We use drone footage to capture images of council owned facilities for promotional purposes. The team will also capture other images of the district to promote the councils generally, and local services. Landowner permission where necessary will be obtained at all times.

In the vast majority of occasions, and as a standard practice, any images of people or vehicles that would be in breach of data protection laws will be obscured in our final edit before publication.

We do not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• UK GDPR Article 6 (1) (a) Consent – consent has been given by the data subject, yourself, for the lawful processing of your personal data.

What type of information is collected and how will we use it?

We use drone footage to capture images of council owned facilities for promotional purposes. The images will be used on promotional channels such as social media and websites.

We do not collect or store any personal information such as names, contact details or addresses - only images.

Who your information may be shared with (internally and externally)

All information/footage will be used for promotional material on our social media platforms, e-newsletters, websites and printed materials, across our services and in partnership with third parties for marketing campaigns.

Any personal information protected by law will not be disclosed to any other organisations, except where we are required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

How long do we keep your information (retention period)

In the majority of occasions once a final edit is produced, all raw footage containing unobscured images will be maintained on Publica's secure systems. This includes images of individuals and/or property where permission has been obtained. We will only keep images containing personal information if permission is obtained in compliance with law.

Images will be kept for 3 years.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of in line with retention schedules.

How do we protect your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on our network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to Publica and our council sites require a personal electronic pass to access staff only areas. We have strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working hard to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date, please email us or write to us at:

The Communication Team
Publica Group Limited
Trinity Road, Cirencester, GL7 1PX
Email: customer.services@publicagroup.gov.uk

Further information

If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.gov.uk

For more information about data protection see our Data Protection policy here.

For more information about the Drone and Model Aircraft Code: https://register-drones.caa.co.uk/drone-code/protecting-peoples-privacy 

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserve the right to update this privacy notice from time to time by publishing a new version on our website.

Who are we and what we do

We are ‘Publica’ Group (Support) Limited and are a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to the Cheltenham Trust, Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Publica is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide these services and meet our statutory and regulatory obligations. Publica is also a data processor under the Data Protection Legislation as we collect and process personal information on behalf of our Clients when delivering shared services.

We recognise that your personal information is important to you and we take our responsibilities for ensuring that we collect and manage it proportionately, correctly and safely very seriously.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)

Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

The Public Sector Equality Duty 2011 was created under the Equality Act 2010; we must exercise our functions with due regard to the need to:

• Eliminate unlawful discrimination, harassment and victimisation and other conduct prohibited by the Act.
• Advance equality of opportunity between people who share a protected characteristic and those who do not.
• Foster good relations between people who share a protected characteristic and those who do not.

We collect personal data and special category personal data to monitor and improve our service delivery to assist in the removal of barriers and the advancement of opportunities.

We do not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• GDPR Article 6 (1) (c) Legal Obligation – we collect and lawfully process your personal data under the Equalities Act 2010 and the subsequent Public Sector Equality Duty 2011.
• GDPR Article 6 (1) (e) Public Task – we collect and lawfully process your personal data as it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or our Clients.

We process special category personal data under:

• GDPR Article 9 (2) (a) Explicit Consent – we collect and lawfully process your personal data as explicit consent has been given for the processing.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Other contact details that you provide to us e.g. email address, telephone number

Special categories of personal data

We may collect any special category data with your explicit consent, examples would be race or ethnic origin, sexual orientation, health or religious beliefs.

Who your information may be shared with (internally and externally)

Equality data (anonymised data on numbers or percentages relating to protected characteristic) is captured corporately for publication on our, or our Clients’, website, in order to comply with our legal obligations under the Equality Act 2010 and Public Sector Equality Duty 2011. There are no personal identifiers contained within the published data.

Equality Impact Assessments may be carried out in partnership with other public bodies. This would be made clear in any surveys / consultations that are part of an assessment process. We may disclose your information to others, but only where this is necessary to either comply with our legal obligation or as permitted by Data Protection legislation.

Apart from where previously stated, we do not pass your details to third parties without your consent or unless we are lawfully required do so.

How long Publica keeps your information (retention period)

We will only retain your personal information for as long as we are required to do so by law and the purpose we collected it for. In the case of equality data, which forms part of an equality impact assessment, the retention period is 6 years.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of in line with retention schedules.

How Publica protects your Information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on our network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Publica will not transfer your personal data outside the EU without your consent.

Publica have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date, please email us or write to us at:

Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

For more information about data protection please see our Data Protection policy here.

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who Publica is and what the Publica does

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).  

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

For the purposes of Data Protection, Publica is the Data Controller for your information.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how Publica uses it

Our Communications and Marketing Team is responsible for the promotion of services, campaigns and events in order to provide information, encourage take up, change behaviours and enhance the reputation of Publica. We use social media as part of this role. Photography and filming form an important part of this role.

Publica does not sell your personal information to anyone else.

The communications and marketing team uses your information for the following:

• Press and media (including newspapers, magazines, websites and social media)
• On our website and our partner’s websites
• On our social media feeds including Twitter, Facebook, YouTube, Instagram and LinkedIn
• In our printed publications such as the Cotswold Newsletter
• In printed publicity literature such as leaflets, posters or other display materials.
• We use images to promote services across Publica, the partner councils and our other business partners.
• The images/footage will often be accompanied by the details of the story you, your child / dependent is helping to promote. When known, e.g. at an organised press event, this could be the full name, age, the area, school or club / organisation the event / activity is taking place in.
• We will only use images/footage that are appropriate.
• We will not publish images / footage which could imply criticism or damage a person’s reputation.
• We will not film or take photographs of any child that is considered at risk or under a supervision order.
• We will use your image/footage to promote the service/s or events at which they were taken and for wider related service / event promotion. For example a photograph taken of children for a litter-picking campaign may also be used to promote our broader clean and green service.
• If we want to use your image for larger publicity purposes, we will discuss this with you separately. For example if we wish to use your image on a bus, a billboard, or a suite of campaign posters and leaflets.

What is the legal process for collecting and processing this data

The lawful basis for processing your information are:

• GDPR Article 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• GDPR Article 6(1)(f) Legitimate interest - Legitimate interest: processing is necessary for the purposes of the legitimate interests (we can use ‘legitimate interests’ if we can demonstrate that the processing is for purposes other than for performing our tasks as a public authority). In this context, we aim to provide a rich and varied quality of life for the benefit of our communities, by increasing the opportunities for participation by the public, in cultural and leisure activities in the districts (Cotswold, Forest of Dean and West Oxfordshire), and participation in campaigns and service initiatives.

What type of information is collected from you

• Images
• Video footage including interviews

We may also collect:

• Your name, age, address and contact details (email, telephone number and/or postal address)
• Name of group, organisation or school that you are part of.
• Consent for a child aged 16 or under, or a vulnerable adult - the name of the consenter and their relationship to you How we collect personal information
• A consent form (children aged 16 and under and vulnerable adults only)
• A Publica filming crew or authorised representative eg a Publica employed photographer
• Pre-arranged photo opportunities information is collected by marketing and communications officers and/or by other services and partners who have a stake in the relevant campaign or event.

Who your information may be shared with (internally and externally)

If your personal information is used on social media that content can be shared by anyone after it is published.

We also routinely share images with service teams across Publica, our partner Councils and our customers for them to use when they are involved in a campaign or event. They include, but are not limited to:

• Press agencies
• Festival and events
• Schools
• NHS
• Police

Key partners will be identified on the promotional material related to a campaign or event.

How long Publica keeps your information (retention period)

Publica has a corporate retention policy in place to ensure that information is only held for as long as it is needed. The Communications and Marketing Team will keep your personal information for three years and may use images/ footage in council publicity for up to three years from the date the pictures were taken.

Publica will not keep your information for longer than is required to by law. Your information will be disposed of in a controlled and secure manner in accordance with Publica’s policy.

How Publica protects your information

All the information Publica collects is stored securely on our IT system and manual filing systems. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Publica will not transfer your personal data outside the EU without your consent.

Publica have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records, you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email us or write to us at:

The Communication Service
Publica Group (Support) Limited
Council Offices
Cirencester, GL7 1PX
customer.services@publicagroup.gov.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk.

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

Publica Group Support Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire, and Forest of Dean District Councils (hereon known as “Clients”). Publica additionally provides services to the Cotswold National Landscape and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Our Human Resources (HR) service collects and processes personal data relating to its employees to manage the employment relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Publica is a Data Controller and Data Processor for the purposes of the Data Protection Legislation (UK General Data Protection Regulation and the Data Protection Act 2018).

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Support Limited
Trinity Road, Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

Publica needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer, pension and benefit entitlements.

In some cases, Publica needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee's entitlement to work in the UK, to deduct tax, to comply with health and safety laws, to enable employees to take periods of leave to which they are entitled, and to consult with employee representatives if redundancies are proposed or a business transfer is to take place.

For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question. We will carry out checks every 3 years after commencement of employment.

Processing employee data allows the organisation to:

• run recruitment and promotion processes;
• maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
• operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
• operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
• operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
• obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
• operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
• ensure effective general HR and business administration;
• conduct employee engagement
• provide references on request for current or former employees;
• respond to and defend against legal claims; and
• maintain and promote equality in the workplace.

Where Publica relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers.

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes). Information about trade union membership is processed to allow the organisation to deduct union subscriptions.

Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.

Data that the organisation uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time.

Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.

What is the legal process for collecting and processing this data

We rely on a number of lawful bases for processing personal data. Primarily, our lawful basis is for the performance of the contract between us but in some cases we will process personal data where we are under a legal obligation to do so.

We also rely on legitimate interests in processing personal data (for example where we need to keep a record of employee performance, keep a record of grievance or disciplinary process, records of training, issuing ID cards and monitoring of systems or respond to or defend legal claims).

What type of information is collected from you

Publica collects and processes a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number, date of birth and gender;
• the terms and conditions of your employment;
• details of your qualifications, education, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
• information about your pay, including entitlement to benefits such as pensions;
• details of your bank account and national insurance number;
• information about your marital status, next of kin, dependants and emergency contacts;
• information about your nationality and entitlement to work in the UK;
• information about your criminal record;
• details of your schedule (days of work and working hours) and attendance at work;
• details of periods of leave taken by you, including holiday, sickness absence, family leave, and the reasons for the leave;
• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
• assessments of your performance, including my performance conversations (where appropriate), training you have participated in, performance improvement plans (where appropriate) and related correspondence;
• information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
• details of trade union membership for payment deductions; and
• equal opportunities monitoring information, including information about your age, sex, ethnic origin, sexual orientation, marriage status, gender reassignment, and religion or belief.

Publica collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.

Data is stored in a range of different places, including in your personnel file, in the organisation's HR management systems and in other IT systems including the organisation's email system.

Who your information may be shared with (internally and externally)

Your information will be shared internally with:

• members of the HR team (including payroll)
• your line manager
• managers in the business area in which you work
• IT staff if access to the data is necessary for performance of their roles.

Your data may also be shared with:

• employee representatives in the context of collective consultation on a redundancy

This would be limited to the information needed for the purposes of consultation, such as your name, contact details, role and length of service.

Publica shares your data with third parties in order to:

• obtain pre-employment references from other employers
• obtain employment background checks from third-party providers
• obtain necessary criminal records checks from the Disclosure and Barring Service

Publica also shares your data with third parties that process data on its behalf, in connection with:

• payroll
• the provision of benefits
• the provision of occupational health services
• the provision of pension services

Under the Local Government Act 1972 Section 117, a legal duty is imposed on all officers to make a disclosure of interests that are disclosable.

Automated decision-making

Employment decisions are not based on automated decision-making.

How long we keep your information (retention period)

If you are applying for a role and are unsuccessful, we will keep your data for 12 months, after which time it will be destroyed. If you decide that your data is to be removed from the system please email HR@publicagroup.uk.

As an employee of Publica or one of our clients, we will keep your data for a minimum of 7 years after the end of your employment after which time it will be destroyed. More information on our corporate retention schedule can be found here.

How we protect your information

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data
• to be provided with information about how your personal data is processed
• to have your personal data corrected
• to have your personal data erased in certain circumstances
• to object to or restrict how your personal data is processed
• to have your personal data transferred to yourself or to another business in certain circumstances
• to be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email us or write to us at:

Human Resources
Publica Group (Support) Limited
Trinity Road, Cirencester, GL7 1PX
Email: HR@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk 

For more information about data protection please see our Data Protection policy here.

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who are we and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to the Cotswold National Landscape, Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Publica is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide these services and meet our statutory and regulatory obligations. Publica is also a data processor under the Data Protection Legislation as we collect and process personal information on behalf of our Clients when delivering shared services.

Although you may not be a customer or employee of Publica, we hold and use your personal information as a result of your relationship to a Publica employee. This privacy notice therefore applies to your personal information. This notice explains why Publica asks for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

Publica requires your personal data in order to contact an employee's Next of Kin and / or Emergency Contact in the event of an emergency. As such we have a legitimate interest in processing this information during the employment relationship to maintain accurate and up to date records of who to contact in an emergency situation.

We do not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful base we rely on for processing this information is:

• UK GDPR Article 6 (1) (f) Legitimate Interests – we collect and lawfully process your personal data as the processing is necessary for the legitimate interests of a third party, i.e. our employee.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Other contact details – email address and telephone numbers

Special categories of personal data

We will not purposely collect any special category data.

The above list is not exhaustive. We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that, this may impact on our ability to provide some services to you.

We collect this information from employees who have directly nominated you as their Next of Kin and / or Emergency Contact.

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

We may also share your personal information with the Emergency Services.

Your information will not be disclosed to any other organisations, except where we are required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

We will not share your information with third parties for marketing purposes. 

How long we keep your information (retention period)

We will only retain your personal information for the duration of the employment or until the employee notifies us that you are no longer the Next of Kin and / or Emergency Contact.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of.

How we protect your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on our network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites require a personal electronic pass to access staff only areas. We have strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if we have made a mistake whilst processing your data and we will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information that we hold is inaccurate or out of date, please email us or write to us at:

Human Resources
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: hr@publicagroup.uk

Further information

If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk.

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

We are 'Publica' Group Limited and are a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as "Clients").  

Publica additionally provides services to the Cheltenham Trust, Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as "Clients").

Publica’s ICT Service provides a range of information technology and communication services to the partner councils and external clients.

Publica is a data controller and data processor under the Data Protection Legislation; we will only collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations.

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Limited  
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

The Council has a lawful basis for collecting and processing personal information about you for the purpose of ICT Services.

We collect information about you via your correspondence with us and your visits to our websites. We collect your personal data in order to enable us to:

• To respond to customer queries
• To manage staff IT accounts
• Analyse web statistics
• Improve our online services
• For the prevention and detection of crime or fraud

What type of information is collected from you

Publica’s ICT Service may collect and process the following types of personal data in order to provide the services:

• personal, for example: name, address, telephone, date of birth
• email addresses
• Social media accounts
• Details of the type of computer or mobile phone, web browser or operating system used
• Location (based on IP address)
• Web pages viewed and search terms used on our websites

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact on our ability to provide some services to you.

Who your information may be shared with (internally and externally)

The Service may share or disclose your information to any of the following recipients as may be necessary for the administration of the Service in line with statutory obligations and/or to comply with contractual obligations relating to it:

• Other Council Departments or Services to assist with enquiries and to share feedback
• Other Councils such as the relevant County Councils
• Third party organisations and Software as a Service providers such as Google
• Service providers, professional advisers and auditors who in certain circumstances will also be “data controllers”
• Regulators, the government, local and foreign law enforcement authorities
• Local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws

How long we keep your information (retention period)

We will keep your personal data in accordance with our retention schedule, unless you explicitly request it to be removed under GDPR information rights. This right to have your data removed is not an absolute right, for example, we will need to retain your data if this information forms part of a legal requirement, public registry or an existing contract. More information on our retention schedule can be found online

How we protect your information

We will not transfer your personal data outside the EU without your consent.

Details of transfers to third country and safeguards: Your information will normally be stored and processed on servers in the United Kingdom and also within the European Economic Area. While it may sometimes be necessary to transfer personal information overseas, any transfers will be in full compliance with data protection legislation.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

For any payments which we take from you online we will use a recognised online secure payment system.

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data
• to be provided with information about how your personal data is processed
• to have your personal data corrected
• to have your personal data erased in certain circumstances
• to object to or restrict how your personal data is processed
• to have your personal data transferred to yourself or to another business in certain circumstances
• to be told if we have made a mistake whilst processing your data and we will self-report breaches to the Commissioner

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection officer. You are entitled to receive a copy of your records free of charge, within a month.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email us or write to us at:

Publica Group Limited
Cotswold District Council
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Who we are and what we do

We are Publica Group (Support) Limited and are a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

The internal audit function is outsourced to the South West Audit Partnership (SWAP) who provide an independent function to provide assurance on internal control, fraud and governance processes. SWAP’s Privacy Notice can be found on their website

• https://www.swapaudit.co.uk/
• https://www.swapaudit.co.uk/_files/ugd/c35ae1_d1bb561586c94e088ff5e1d25a5fca53.pdf

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

Under Section 151 of the Local Government Act 1972 we are required to hold or have access to information from systems and processes across the Clients. Access to this information is securely provided to SWAP in order to fulfil the legal requirement to provide an internal audit function and to prevent, detect and deter fraud and / or corruption, thus safeguarding the public purse and providing assurance of safe stewardship of public funds.

We do not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• UK GDPR Article 6 (1) (c) Legal Obligation – processing is necessary for compliance with legal obligation to which the Clients are subject 
• UK GDPR Article 6 (1) (e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in the Clients.

The following acts and regulations provide the primary bases on which the internal audit function operates:

• Section 151 of the Local Government Act 1972 requires that authorities ‘make arrangements for the proper administration of their financial affairs'
• The Accounts and Audit Regulations 2015 require that ”a relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance. Any officer or member of that body must if the body requires:
• a) make available such documents and records (including those in electronic form), and
• b) supply such information and explanation.

as are considered necessary by those conducting the internal audit”

What type of information is collected from you

Personal details, which may include:

• Name, date of birth, address
• Other contact details – email address and telephone number
• Employment Details e.g. National Insurance Number
• Financial Details e.g. Bank Account information
• Information gathered during the course of an investigation.

The above list is not exhaustive. We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that, that this processing is governed by Legal Obligation and Public Task.

We collect this information by:

• telephone, email, social media, writing or in person

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles; within the Clients, Publica or SWAP.

Sometimes the Clients have a legal duty to provide your personal information to other organisations, for example the court service or HMRC.

The Clients may also share your personal information with government departments, agencies and third party contractors such as, but not limited to, the Police.

We will not normally share your information with organisations without your consent. However the Clients will use the information for the purpose of performing any of its statutory enforcement duties. They will make any disclosures required by law and may also share this information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds.

Your information will not be disclosed to any other organisations, except where the Clients are  required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

We will not share your information with third parties for marketing purposes. 

How long we keep your information (retention period)

We will only retain your personal information for as long as we are required to do so by law and the purpose, we collected it for.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.

How we protect your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the Clients network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to ours and our Clients sites require a personal electronic pass to access staff only areas. We have strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

If you use your credit or debit card to make payments, the Clients pass your card details securely to our payment processing partner as part of the payment process. The Clients do this in accordance with the Payment Card Industry Security Standard and do not store the details on their websites. The information you give to the Clients when using the online payment system will only be used for the recording of your payment

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if we have made a mistake whilst processing your data and we will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date, please email us or write to us at:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester¸ GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Further information

If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

We reserve the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

We are a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). 

Publica additionally provides services to the Cheltenham Trust and UBICO (an environmental services local authority company) (hereon known as “Clients”).

Publica’s ICT Service provides a range of information technology and communication services to Publica’s partners and external clients. MS 365 is provided to users with the aim to offer more flexibility and improve communications and collaboration.

Publica is a data controller and data processor under the Data Protection Legislation; we will only collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Ltd
Council Offices
Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

Publica processes personal data provided in connection with the use of Microsoft 365 for communication and collaboration purposes in accordance with the UK GDPR.

The data may only be used for the purpose of providing the Microsoft 365 services. Microsoft acquires no rights over it and your email or documents held by Microsoft are not scanned for advertising purposes.

For more details, please see Microsoft's Office 365 privacy statement https://privacy.microsoft.com/en-gb/privacystatement

Publica does not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• UK GDPR Article 6 (1) (e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in Publica.
• We have a legal basis to process this as part of your contract of employment (either permanent or temporary) following data protection and employment legislation.
  • Staff administration and management of Microsoft 365 for users to have access to the applications
  • Business management and planning
  • Education or training for staff

What type of information is collected from you

• Name
• Job title
• Department
• Location
• Directorate
• Publica email address
• content: your meetings and conversation chats, shared files, recordings (recordings capture audio, video and screen sharing activity), attendance and transcriptions
• profile data: data that is shared within Publica (e.g. name, profile picture, e-mail address etc.)
• image and/or video: should the meeting be recorded
• phone numbers: call recordings (if required)
• call history: a detailed history of the phone calls you make, which allows you to go back and review your own call records
• call quality data: details of meetings and call data are available to Publica’s IT Services
• support/Feedback data: information related to troubleshooting tickets or feedback submission to Microsoft
• diagnostic and service data: diagnostic data related to service usage

In the context of certain meetings, Publica may organise video or audio recording. In the case of video recording, Publica will as much as is possible arrange for an opt-out facility for meeting participants who prefer their images are not recorded.

Please note neither Publica nor Microsoft can control what you share during meetings and conversation chats. Please refrain from using Microsoft Teams to disseminate special category data (sensitive personal data).

Who your information may be shared with (internally and externally)

The personal data is disclosed, under the need to know basis, to the following recipients:

• relevant Publica staff;
• intended participants of a meeting
• Microsoft and Microsoft’s processors involved in the data processing necessary to provide the service;

We will not normally share your information with organisations without your consent. However, Publica will use the information for the purpose of performing any of its statutory enforcement duties. It will make any disclosures required by law and may also share this information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds.

Your information will not be disclosed to any other organisations, except where Publica is required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

Publica will not share your information with third parties for marketing purposes. 

How long Publica keeps your information (retention period)

We will only keep your information for the minimum period necessary. The information outlined in this privacy notice will be kept for the period of your employment plus a further six years.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.

How Publica protects your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on Publica’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our Publica sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Microsoft Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services.

Publica will not transfer your personal data outside the EU without your consent.

Publica have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date, please email us or write to us at:

ICT
Publica Group Ltd
Council Offices
Cirencester, GL7 1PX
Email: customer.services@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at https://publicagroup.uk/support/privacy-and-data/

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

This privacy notice explains the relationship between the Controller (Publica) and the Processor (the supplier), how your information will be used and why.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group Limited
Council Offices, Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how Publica uses it

Your personal data will be used for the provision of external printing and postage on behalf of Publica. Publica has a duty to distribute information you have requested or agreed to receive, or has a lawful reason for sending you. Publica aims to procure external services at the best price and make sure public money is correctly used. 

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• UK GDPR Article 6(1)(a) Consent – the data subject has given consent to the processing of your personal data for one or more specific purposes

• UK Article 6(1)(b) of the GDPR provides a lawful basis for the processing of personal data to the extent that the processing is necessary for the performance of a contract to which the data subject is a party
• UK GDPR Article 6(1)(c) Legal Obligation – processing is necessary for compliance with the legal obligation to which Publica is subject to
• UK GDPR Article 6(1)(e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in Publica.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Email address

Publica will only ask for personal information that is appropriate to enable us to deliver the service.

Who your information may be shared with (internally and externally)

Your data is shared externally with the appointed printing and posting supplier and internally only with the appropriate staff where it is necessary for the performance of their roles.

How long is your personal data kept for (retention period)

Our appointed supplier will destroy all copies of the data when they receive our written instructions to do so 3 calendar months after the end of the contract, and will provide written confirmation to us that the data has been securely destroyed, except if the retention of our data is required by law.

How Publica protects your information

Your data is stored securely on Publica’s systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on Publica’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites requires a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

The supplier will not transfer your personal data outside the EU without our consent.

The supplier has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that transmission over the internet this can never be guaranteed to be 100% secure.  

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date, please email us or write to us at:

The Data Protection Officer
Publica Group Limited
Council Offices, Cirencester, GL7 1PX
Email: data.protection@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk.

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserve the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire, and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as “Clients").

Publica’s procurement service is responsible for the procurement strategy and policy, procurement efficiency and the delivery of Publica’s procurement projects and also procurement services provisions to the partner councils (above).

Publica is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations.

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited 
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

We collect personal information from individuals to enable us to discharge our duties. Specifically this is to undertake procurement process activities to enable us to meet our needs and requirements for the provision of goods, works and services.

We have a statutory and regulatory obligation to provide these services in accordance with the following legislations, the list is not exhaustive:

• The Local Government Act 2003
• The EU Public Contracts Directive 2014
• The Public Contracts Regulations 2015
• The Council’s Financial Procedural Rules and Contract Standing Orders
• Public Procurement and Disposal Act  2005
• Disposal Regulations, 2006

What type of information is collected from you?

In order to administer our services we collect the following information from you:

• Contact details of bidders, their staff or sub-contractors such as: name, address, telephone number, email address etc
• Business details of bidders such as: company registration details, bank details, financial accounts etc
• Additional information in relation to the procurement process requirement to enable us to progress the service. This will depend on the type of procurement being undertaken.

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact on our ability to provide some services to you.

Who your information may be shared with (internally and externally)

We may share some information with other organisations including:

• other Publica and council services
• members of the public, in accordance with our obligation to publish information on the outcome of the procurement procedure

How long we keep your information (retention period)

Data is only held as long as is necessary, unless superseded by statutory regulation, and disposed of securely when it is no longer needed.

How we protect your information

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data
• to be provided with information about how your personal data is processed
• to have your personal data corrected
• to have your personal data erased in certain circumstances
• to object to or restrict how your personal data is processed
• to have your personal data transferred to yourself or to another business in certain circumstances
• to be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer at data.protection@publicagroup.uk. You are entitled to receive a copy of our records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email us or write to us at:

Procurement Services
Publica Group (Support) Limited 
Trinity Road, Cirencester, GL7 1PX
Email: customer.services@publicagroup.uk

Further information

If you would like to know more about Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk.

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why we need your information and how we use it

The Publica Group’s Communications Team is responsible for the promotion of services, campaigns and events in order to provide information, encourage take up, change behaviours and enhance the reputation of the partner councils. Social media is used as part of this role.

Information may be used to

• Deliver services and support to you
• Manage those services we provide to you
• Help investigate any worries or complaints you have about our services
• Enforce our social media moderation policies and procedures
• Create videos which may be placed on our YouTube channels or websites

What type of information is collected from you

The Publica Group may collect this data via posts, direct mailings, screen shots, filming and recording in emails from any social media channel we run, including (but not limited to) those on Facebook, Twitter, Instagram and Linkedin when you submit an enquiry and make a comment. We will not film you without your prior consent.

We will collect the following information about you:

• name
• address
• email address
• contact number
• social media handle
• other contact information required to allow us to deal with your enquiry
• comments/images posted by you on a public social media channel that may contain personal or sensitive data
• filming of you

Who your information may be shared with (internally and externally)

Your information may be shared internally within the Publica Group. We will not publicly share any personal data that you supply to us privately. We may however share posts you have already made public.

How long we keep your information (retention period)

After we deliver a service to you, we have to retain your information as a business record of what was delivered. The type of service will determine how long the data is retained.

More information on our retention schedule can be found online.

How we protect your information

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights 

You have rights under the Data Protection Legislations:

• to access your personal data

• to be provided with information about how your personal data is processed

• to have your personal data corrected

• to have your personal data erased in certain circumstances

• to object to or restrict how your personal data is processed

• to have your personal data transferred to yourself or to another business in certain circumstances

• to be told if we have made a mistake whilst processing your data and we will self-report breaches to the Commissioner.

How you can access, update or correct your information

Communications Team
Publica Group Limited
Trinity Road, Cirencester GL7 1PX
Email: customer.services@publicagroup.uk 

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk 

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who we are and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”).

Publica is a Data Controller and Data Processor for the purposes of the Data Protection Legislation (UK General Data Protection Regulation and the Data Protection Act 2018).

Under the UK General Data Protection Regulations (UK GDPR) data subjects have the right to access and receive a copy of their personal data, and other supplementary information, that we hold within one month from the date of receipt of confirmation of identity and proof of address. This is commonly referred to as a subject access request.

Any questions regarding our privacy practices should be sent to:

The Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

Publica holds information about you in order to enable it to provide services and to meet its statutory and regulatory obligations, a subject access request enables you as the data subject to request a copy of this information.

As part of the subject access request process we will require further information to ensure the validity of your request. In this way we can ensure that we are able to respond to your request and that any information provided is sent to those who are legally entitled to receive it. If you chose not to provide some of this information we may not be able to progress with your request.

Personal data will be collected directly from yourself as the data subject or from someone legally entitled to request the data on your behalf e.g. legal representative or parent of minor.

We collect this information by:

• telephone, email, social media, writing or in person

What is the legal process for collecting and processing this data

Under the UK GDPR and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

• UK GDPR Article 6 (1) (a) Consent – by submitting the request for your personal data you are giving us your consent to use your personal data to fulfil the request.
• UK GDPR Article 6 (1) (c) Legal Obligation – in accordance with the UK GDPR and Data Protection Act 2018 we are legally obliged to provide you with your personal data should you make a valid request for us to do so.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Other contact details – email address and telephone number

• Confirmation of identity (current, valid photo-card driving licence or birth/adoption certificate or passport) and proof of address (utility bill or bank statement less than 3 month old).

This is to ensure that you are legally entitled to receive the information requested.

Special categories of personal data

We will not purposely collect any special category or criminal data.

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles in processing your request.

Data may be shared with a third party acting on your behalf e.g. legal representative appointed by yourself.

We will not normally share your information with organisations without your consent, however, there may be certain circumstances where we would share without consent such as where we are required to do so by law e.g. emergency situations.

How long Publica keeps your information (retention period)

We will retain the personal information collected as part of the subject access request process for 3 years from the date of completion of the request.

Your ID and proof of address will be deleted one month after the SAR has been completed.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of in line with retention schedules.

How Publica protects your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on our network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Publica will not transfer your personal data outside the EU without your consent.

Publica has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if we have made a mistake whilst processing your data and the we will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘subject access request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make its record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date, please email us or write to us at:

Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk.

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who are we and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils (hereon known as “Clients”). 

Publica is a data controller under the Data Protection Legislation as we collect and process the personal information about that you may disclose to us when completing a survey. Publica is also a data processor under the Data Protection Legislation as we collect and process personal information on behalf of our Clients when delivering shared services.

This notice explains why we ask for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

We may use surveys to collect public opinion on a number of issues, such as initiatives, schemes or services. The completion of the survey is entirely optional, we will only use your information on the basis that you have given consent. We will use your data for statistical purposes.

We do not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful base we rely on for processing this information is:

• UK GDPR Article 6 (1) (a) Consent – by completion of the survey consent has been given by the data subject, yourself, for the lawful processing of your personal data

What type of information is collected from you

Dependent upon the nature of the survey personal details may include:

• Identity Data – such as title, full name, username or similar identifier, date of birth etc
• Contact Data – such as address, email address and telephone numbers

Special categories of personal data

Dependent upon the nature of the survey we may collect special category personal data about you. Special category data encompasses details about your race or ethnicity, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data where used for identification purposes, health, sex life and sexual orientation.

We collect this information directly from the data subject via the completion of a survey.

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

We will not normally share your information with organisations without your consent.

Your information will not be disclosed to any other organisations, except where we are required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

We will not share your information with third parties for marketing purposes.

Anonymisation

Your personal information may be converted into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Anonymised data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.

How long we keep your information (retention period)

We will retain your personal data for 12 months. Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.

How we protect your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on our network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our sites require a personal electronic pass to access staff only areas. We have strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

We will not transfer your personal data outside the EU without your consent.

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if we have made a mistake whilst processing your data and we will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information that we hold is inaccurate or out of date, please email us or write to us at:

The Data Protection Officer
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Further information

If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way we are handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.

Who are we and what we do

Publica Group (Support) Limited is a council owned employment company which delivers shared services between Cotswold, West Oxfordshire and Forest of Dean District Councils and Cheltenham Borough Council (hereon known as “Clients”). Publica additionally provides services to the Cheltenham Trust, Cheltenham Borough Homes and Ubico (an environmental services local authority company) (hereon known as “Clients”).

Publica is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide these services, and to meet our statutory and regulatory obligations. Publica is also a data processor under the Data Protection Legislation as we collect and process personal information on behalf of our Clients when delivering shared services.

The Information Technology team works with all Client services; we are committed to safeguarding the privacy of our website visitors. We will ask you to consent to our use of cookies when you first visit our website.

Any questions regarding our privacy practices should be sent to:

The Data Protection Officer (DPO)
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Why Publica needs your information and how we use it

We collect information via your interaction with our website and it will be used for the purposes specified on the relevant pages of the website. Additionally your personal data may be used to:

• Administer our website and business
• Personalise our website for you and enable your use of the services available on our website
• Communicate with you e.g. send notifications or newsletters that you have specifically requested

Cookies may be either "persistent" or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, will expire at the end of the user session when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use both session and persistent cookies on our website.

We use cookies to recognise a computer when a user visits the website, track users as they navigate the website, improve the website's usability, analyse the use of the website, administer the website, prevent fraud, improve the security of the website and personalise the website for each user.

We use Google Analytics to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies. The information generated relating to our website is used to create reports about the use of our website. Data gathered from our website by Google Analytics may be shared with Google to help improve Google's products and services. Our analytics service provider's privacy policy is available at: https://policies.google.com/privacy 

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information is:

• Your consent (to use of cookies). You can agree to accept all cookies on our site or you can set a personal preference using our cookie banner or you can configure your device by adjusting your browser preferences if you prefer cookies to be refused. However, as certain website functions rely on cookies, refusing cookies may affect your use of this website. Visit aboutcookies.org.uk for information on how to adjust your cookie settings in the most popular web browsers.

What type of information is collected from you

Personal details, which may include:

• Name
• Address
• Other contact details that you provide to us when using or subscribing to our services e.g. email address, telephone number
• information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths

Special categories of personal data

We will not purposely collect any special category or criminal data.

Who your information may be shared with (internally and externally)

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

Data gathered from our website by Google Analytics may be shared with Google to help improve Google's products and services.

Apart from where previously stated, we do not pass your details to third parties without your consent or unless we are lawfully required do so.

How long Publica keeps your information (retention period)

We will only retain your personal information for as long as we are required to do so by law and the purpose we collected it for. In the case of cookies this retention period is 30 days.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of in line with our retention schedules.

How Publica protects your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on Publica’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to Publica sites require a personal electronic pass to access staff only areas. Publica has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Publica will not transfer your personal data outside the EU without your consent.

Publica have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.

Publica will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

• To access your personal data
• To be provided with information about how your personal data is processed
• To have your personal data corrected
• To have your personal data erased in certain circumstances
• To object to or restrict how your personal data is processed
• To have your personal data transferred to yourself or to another business in certain circumstances
• To be told if Publica have made a mistake whilst processing your data and Publica will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. Publica is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information Publica holds is inaccurate or out of date, please email us or write to us at:

ICT Support Services
Publica Group (Support) Limited
Trinity Road, Cirencester GL7 1PX
Email: data.protection@publicagroup.uk
Tel: 01993 861194

Further information

If you would like to know more about how Publica uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@publicagroup.uk

For more information about data protection please visit: https://publicagroup.uk/support/privacy-and-data/

If you are concerned about the way Publica is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

Publica reserves the right to update this privacy notice from time to time by publishing a new version on our website.