The categories of this information that we collect, process, hold and share include:
- personal information (such as name, address and bank details)
- details of payments made to you by Suffolk County Council
- details of charges for services provided by, or on behalf of, Suffolk County Council
Why we collect and use this information
We use Corporate Services Finance data to:
- enable us to carry out specific functions for which we are responsible, including:
- making payments to individuals and service providers
- collecting direct debits to settle invoices issued to individuals for services provided by, or on behalf of, Suffolk County Council
- assess performance and to set targets for paying individuals and collecting income on time
The lawful basis on which we use this information
We have a lawful basis to collect, process, hold and share this information, collect, and use this information under as detailed in paragraphs 1 b) and 1 c) of Article 6 of the General Data Protection Regulation (GDPR), as detailed below:
b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract
c) processing is necessary for compliance with a legal obligation to which the controller is subject
Collecting this information
Whilst the majority of Corporate Services Finance information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
Storing this information
We hold your data for 6 years plus the current year.
Who we share this information with
We routinely share Corporate Services Finance information with banks in order to make payment to your bank account or collect money by way of a direct debit.
Why we share this information
We share Corporate Service data with the banks in order to effect payments to individuals or collect payment from the account on behalf of the individual. This data sharing underpins these functions of the service.
We do not share information about individuals without consent unless the law and our policies allow us to do so.
Data collection requirements
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether Corporate Services Finance releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested, and
- the arrangements in place to store and handle the data
To be granted access to Corporate Services Finance information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
Requesting access to your personal data
Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information contact firstname.lastname@example.org.
You also have other rights regarding your personal data which are set out in SCC’s corporate privacy notice.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance, by writing to the Data Protection Manager at email@example.com or by post to:Constantine House5 Constantine RoadIpswichIP1 2BX
Alternatively, you can contact the Information Commissioner’s Office.
You can read SCC’s corporate privacy notice.