We will not pass any personal data on to third parties, other than those who either process information on our behalf, or because of a legal requirement, and will only do so, where possible, after we have ensured that sufficient steps have been taken to protect the personal data by the recipient.

Information given in confidence

We will not normally share any information that you give ‘in confidence’ to us- meaning we have promised you we will not share it with others. At times we will need to share this information when you have said that we can, or when we have to by law, or where believe that not sharing the information would put you or someone else at risk of harm. If we do share information because of this, we will try to tell you about this but we can only do this if it is safe and legal for us to do so.

Information shared with Stratford-on-Avon District Council

We have a strong working relationship with Stratford-on-Avon District Council and we are continuing to identify opportunities to work with them collaboratively, where such opportunities will enable us to be more efficient and/or effective in the ways we spend the money we have, or to support us in providing a better service for you. These projects may involve the sharing of some of your personal data with Stratford-on-Avon District Council. We will only share your personal data if it is necessary for us to do so in order to complete the tasks for which The Council are responsible, and only for the purposes identified in the data-sharing agreements between us and Stratford-on-Avon District Council.

For the purpose of these projects, both Councils will be joint data controllers. Each of these projects has its own data-sharing agreement and data privacy impact assessment between the Councils which sets out the personal data that will be shared, what it can be used for, who is responsible for it and when it will be deleted. We consider that Stratford-on-Avon District Council have high levels of information security, and will make every effort to look after your personal data in the same way that we do.

For every one of these projects, each Council will have the following specific, named officers:

• Data Owner: They lead the project and are responsible for ensuring your data is handled in line with all data protection principles. They usually create their project’s data-sharing agreement and data privacy impact assessment, with guidance from the Information Governance Manager.
• Information Risk Owner (IRO): The IRO is the appropriate Head of Service, and they are responsible for ensuring the Data Owner is meeting their responsibilities with relation to Data Protection. They review all data-sharing agreements and data privacy impact assessments for these projects before they can be approved.
• Senior Information Risk Owner (SIRO): This person is always a Senior Manager, and they hold overall responsibility for Data Protection within the Council. They review all data-sharing agreements and data privacy impact assessments for these projects before they can be approved.
• Information Governance (IG) Manager: The shared IG Manager is the Data Protection Officer for both Councils and offers guidance and support to all above named persons. They review all data-sharing agreements and data privacy impact assessments for these projects before they can be approved.

If you wish to make a request for any information in relation to a specific project which involves ourselves and Stratford-on-Avon District Council as joint data controllers, you only need to ask one Council for the information as they will ask the other Council for any relevant information, if needed.

You may obtain a copy of the database of projects which currently involve data-sharing across the Councils as part of these agreements by making a request for information from us online.

Some Council officers work for both Councils and these officers use a different e-mail address for each Council. To help these Officers work effectively in their role, your e-mail to officers at Warwick District Council may be automatically forwarded to their e-mail address at Stratford-on-Avon District Council and you may receive a reply from their Stratford-on-Avon District Council e-mail address. In these cases, this does not change who controls your personal data and Warwick District Council remain as data controller.

Information shared with partner organisations and agencies

We may need to pass your information to other people and groups. These people and groups are called ‘third parties’.

‘Third parties’ must look after your personal data, and only use it to answer your question or help with what you are asking them to do. If we want to share very private information about you, like your sensitive or confidential information, with a third party, we will only do so where we have to by law, where you have told us we can do so, or where it is necessary to do so in the completion of our public tasks.

By law, we must appoint a Returning and Electoral Registration Officer who runs electoral services. The Returning Officer is in control of the data they hold. To find out how they use your personal data, please see Electoral Services (elections and electoral registration) privacy notice - Warwick District Council.

Section 23 and 35 of the Representation of the People Regulations 2001 (RPA) says that the Electoral registration officer can use personal data that we have, if they need it to run their services. The Council will only share your personal information with electoral services for this reason and we will only share what they need.

Sharing special personal information

Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior, explicit consent, where we are legally required to or where we otherwise have a lawful basis to do so under Article 9 of the GDPR. We may also lawfully disclose information when necessary to prevent risk of harm to an individual or individuals.

Sharing for marketing purposes

We will never share your information with other groups for them to try to sell something to you, unless you tell us that we can do so.

Legal obligations including the prevention and detection of crime, including fraud

We may need to share information with other groups, either to do something we have to do by law, or where the Data Protection Act or other Act or Regulation says that we can do so, such as when we must share information to help stop crime.

By law, we must protect the public money we use. We can use any of the information you give to us to help stop crime. We can also share this information with other groups in charge of auditing, looking after and spending public money, when we are doing one of our public tasks, or to prevent and spot fraud. We may share the information with the Cabinet Office, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police.

Section 68 of the Serious Crime Act 2007 says we can share information to try to prevent fraud as a member of an anti-fraud group or when we have an agreement with an anti-fraud group that allows this.

Personal Information transferred outside the EU

Most of the personal information we have about you is held on computer systems in the UK but there are some times where your information may leave the UK. If we share or use your information abroad or use computer systems that are outside the European Union, we will tell you. We will only do this when we have data processing agreements that say what every group must do under the General Data Protection Regulations and the Data Protection Act.

We’ll do what we can to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments. If we need to send your information to an ‘unsafe’ country, we’ll always ask for advice from the Information Commissioner first.