Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act and the General Data Protection Regulation (Regulation (EU) 2016/679).
The information being processed
The Council is collecting email addresses and customer postcode data for the purpose of future email marketing in relation to tickets purchased for MTV Presents Ocean City Sounds, and future mailing for 2019’s music event.
This information will be used to understand the audience for the event and to provide customer ticketing information to consumers via legitimate interest.
To ensure that the council provides you with an efficient and effective service we will sometimes need to share your information between teams within the council as well as with our partner organisations that support the delivery of the service you may receive. In this case, the information collected may be shared with:
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
We will never share your information for third-party marketing purposes.
We will only keep your information for a maximum of 3 years. Each year we will contact you to check that you are happy to remain on our database to receive information from us and our associated partners.
Purpose of Processing Personal information
As a local authority, the council delivers services to you. In order to do this in an effective way we will need to collect and use personal information about you.
The Data Protection Act 2017 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
Process all personal information lawfully, fairly and in a transparent manner.
Collect personal information for a specified, explicit and legitimate purpose.
Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
Ensure the personal information is accurate and up to date.
Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
Keep your personal information securely using appropriate technical or organisational measures.
You have certain rights under the Data Protection Act and the EU General Data Protection Regulations (GDPR), these are:
The right to be informed via Privacy Notices such as this.
The right of access to any personal information the council holds about yourself.
The right of rectification, we must correct inaccurate or incomplete data within one month.
The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
During your contact with the council you will be informed of how you, or your children's, information will be used and shared with other services or organisations.
We will usually seek your consent prior to processing or sharing your information, If you object you must inform the council, however, if there is a legal reason, as outlined under the Data Protection Act, we may not require your consent, for example:
To protect a child, a vulnerable adult, or member of the public
Where the disclosure is necessary for the purposes of the prevention and/or detection of crime.
Tax or duty assessment
Required by court or law
Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA).
Plymouth City Council is registered as a data controller with the Information Commissioner's Office (registration number: Z7262171).
Contact details for the council's data controller are:
Data Protection Officer, Plymouth City Council, Ballard House, West Hoe Road, Plymouth PL1 3BJ.