About this item

Overview

The Data Protection Policy (General) defines how Kesgrave Town Council manages, stores, and protects personal data to ensure compliance with the UK GDPR and the DPA 2018. It outlines the rights of individuals and the responsibilities of Councillors, employees, and contractors when handling personal data.

Purpose

The Council is committed to being transparent about how it collects and uses personal data to meet its data protection obligations. The policy applies to data relating to job applicants, employees, Councillors, residents, contractors, suppliers, and other members of the public.

Key Principles

Kesgrave Town Council follows the six data protection principles set out in the UK GDPR:

  1. Process personal data lawfully, fairly, and transparently.
  2. Collect data for specific, explicit, and legitimate purposes only.
  3. Ensure data is adequate, relevant, and limited to what is necessary.
  4. Keep data accurate and up-to-date.
  5. Retain data only as long as necessary.
  6. Secure data against unauthorised access, loss, or damage.

Lawful Bases for Processing

Personal data is processed only where a lawful basis exists, including contractual necessity, legal obligation, legitimate interest, protection of vital interests, or performance of a public task.

Special Categories of Data

Special category data (such as health, ethnicity, or political beliefs) is processed only under specific lawful conditions or with explicit consent, and always with additional safeguards in place.

Individual Rights

Individuals have rights to access, rectify, erase, restrict, or object to the processing of their personal data. They may also request data portability or lodge a complaint with the Information Commissioner’s Office (ICO).

Subject Access Requests

Anyone wishing to access their personal data may submit a written request to the Town Clerk or Chair of Council. The Council will respond within 30 days, subject to verification of identity and data scope.

Data Security

Strict internal controls and secure IT systems protect data from loss or misuse. Third-party processors acting on behalf of the Council must adhere to confidentiality and security requirements.

Data Breaches

Any suspected breach must be reported immediately to the Town Clerk or Chair. Where a breach risks individual rights or freedoms, it will be reported to the ICO within 72 hours and logged in the Council’s breach register.

Training and Awareness

All employees and Councillors receive data protection training. Additional training is provided for those handling personal data regularly or responsible for implementing the policy.

Further Information

Contact: For enquiries regarding data protection, contact:
Kesgrave Town Council
Town Council Office, Ferguson Way, Kesgrave, IP5 2FZ
Tel: 01473 625 179
Email: enquiry@kesgravetowncouncil.org.uk

Published
Sun, 26 Oct 2025 · 21:04
Validation date
Mon, 02 Jun 2025 · 21:02
Review frequency
365
Next review due
Tue, 02 Jun 2026
Associated files 1 View related files
Associated URLs 0 View related links

Documents

Files 1

Data Protection Policy (General) 2025 (PDF) (v1)

Kesgrave Town Council’s Data Protection Policy describes how personal data is processed, stored, and protected in accordance with UK GDPR and the Data Protection Act 2018.

Uploaded: Sun, 26 Oct 2025, 21:05 Author: Kesgrave Town Council Valid from: 02 Jun 2025 Review due: Tue, 02 Jun 2026
Download Data Protection Policy (General) 2025 (PDF)

No links available.