top of page

Dereham Town Council 

Data Protection Privacy Notice 

 

Introduction 

Dereham Town Council is committed to protecting your personal data and handling it in a transparent and lawful manner.  

 

This privacy notice explains how we collect, use and protect your personal information when you interact with us, whether as a resident, service user, contractor, employee or visitor.  

 

This notice applies to all personal data processed by or on behalf of the Council in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  

 

Changes to this privacy notice 

We may update this notice from time to time to reflect legal or operational changes. The latest version will always be available on our website.  

 

Who We Are 

Dereham Town Council is the data controller for your personal data. 

Contact details: 

generalenquiries@derehamtowncouncil.org
Assembly Rooms, Ruthen Place, Dereham, Norfolk, NR19 2TX 

 

We have appointed a Data Protection Officer (DPO) who oversees compliance with data protection laws. You can contact the DPO using the details at the end of this document.  

 

The Personal Information We Collect 

We may collect and process the following type of personal data: 

  • Personal and contact details (e.g. name, address, telephone number, email) 

  • Information about family members (e.g. burial records) 

  • Copies of correspondence between you and the Council (e.g. emails you have sent us) 

  • Services you receive from us either now or in the past, or have been interested in, and the associated payment methods used (e.g. allotment records) 

  • Information about services you provide to us (e.g. as a sole trader) 

  • Employment and recruitment information (e.g. job applications, HR records) 

 

What is the source of your personal information? 

We’ll collect personal information: 

  • From you directly (e.g. allotment holders, market traders etc.) 

  • From your family members or representatives (e.g. in relation to burial records) 

 

What do we use your personal information for? 

We use your personal data to: 

  • Deliver and manage Council services 

  • Respond to enquiries and correspondence 

  • Process payments and maintain financial records 

  • Manage contracts and suppliers 

  • Administer allotments, burials and local facilities 

  • Process job applications and manage employment 

  • Carry out statutory duties and public functions 

  • Maintain records for audit and compliance purposes 

 

Lawful Bases for Processing 

We rely on the following legal bases under UK GDPR: 

  • Public task – where processing is necessary to perform our official functions 

  • Legal obligation – where we must comply with the law 

  • Contract – where processing is necessary for a contract with you 

  • Consent – where you have given clear permission (used only where appropriate) 

 

Sharing Your Information 

We may share your data with: 

  • Other public authorities (e.g. District and County Councils) 

  • Government bodies and regulators 

  • Service providers acting on our behalf (e.g. IT and storage providers) 

  • Our bank and financial service providers 

  • External auditors and professional advisors 

All third parties are required to respect the security of your data and process it lawfully.  

 

How and when can I withdraw my consent? 

Where we rely on your consent to process personal data, you can withdraw this at any time by contacting us using the details at the end of this document or via our website. 

 

Is your personal information transferred outside the UK or the EEA? 

We are based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so, we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.  

 

What should you do if your personal information changes? 

You should tell us so that we can update our records using the contact details at the end of this document or via our website. We will then update your records if we can.  

 

For how long is your personal information retained by us? 

We retain personal data only for as long as necessary. Retention is based on: 

  • Legal and regulatory requirements 

  • The purpose for which the data was collected 

  • Council operational needs 

​

You can refer to our Information Audit for further information on this.  

 

What are your rights under Data Protection laws? 

Under UK data protection law, you have rights including: 

  • The right to be informed about how your data is used 

  • The right to access your personal data 

  • The right to correct inaccurate data 

  • The right to request erasure (in certain circumstances) 

  • The right to restrict processing 

  • The right to data portability (where applicable) 

 

To exercise your rights, please contact us using the details above.  

 

Complaints 

If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue. 

You also have the right to lodge a complaint with the Information Commissioner’s Office: 

 

Data Security 

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse.  

 

Changes to This Privacy Notice 

We may update this notice from time to time to reflect legal or operational changes. The latest version will always be available on our website.  

 

Contact Us 

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can do so via our website’s Contact Us page, or via the contact details above. 

​

Published: 2 April 2019 

Last reviewed: 20 April 2026 

Next Review:       April 2027 

​​

bottom of page