This is the “appropriate policy document” for the Superintendent Registrar for Leeds City Council.
It sets out how the Superintendent Registrar will protect your special category personal data, when your data is being used for the purpose of undertaking statutory functions relating to birth, marriage, death registrations, and citizenship ceremonies.
It meets the requirement at paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be processed for reasons of substantial public interest are set out at paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018. Depending on the circumstances, there are specific conditions which we might need to rely on.
The specific conditions we are most likely to rely on are:
- paragraph 6 if the processing is necessary for the exercise of a function conferred on a person by an enactment or rule of law, or the exercise of a function of the Crown, a Minister of the Crown or a government department; and where it’s also necessary for reasons of substantial public interest
- paragraph 12 if the processing is necessary for the purposes of complying with, or assisting other persons to comply with, a regulatory requirement relating to unlawful acts and dishonesty
Procedures for securing compliance
Article 5 of the UK General Data Protection Regulation (UK GDPR) sets out the data protection principles. These are our procedures for ensuring that we comply with them.
Principle 1
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
We will:
- ensure that personal data is only processed where a lawful basis applies, and where processing is otherwise lawful. When we are processing data which isn’t special category data, we will have a proper legal basis under Article 6 of the UK GDPR. When data is being processed which is special category data, we will make sure that we do this on one or other of the legal bases in Schedule 1 mentioned above
- only process personal data fairly, and ensure that data subjects are not misled about the purposes of any processing. In particular, we will make sure we take account of how people’s privacy might be affected by our use of their data
- ensure that data subjects receive privacy information so that any processing of personal data is transparent, by making sure our privacy notice is accurate and up to date
Principle 2
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
We will:
- only collect personal data for specified, explicit and legitimate purposes, and we will tell data subjects what those purposes are in our privacy notice
- not use personal data for purposes that are incompatible with the purposes for which it was collected. If we do need to use personal data for a new purpose that is compatible, we will tell the data subject first
Principle 3
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
We will only collect the minimum personal data that we need for the purpose for which it is collected, and we will make sure we only collect data which is adequate and relevant.
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
We will ensure that personal data is accurate, and kept up to date. We will be particularly careful about this when we know that using data which is out of date could have a significant impact on the people concerned.
Principle 5
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
We will keep your data only for as long as we are required to keep it by law. Once it is no longer required, it will be disposed of securely and safely. Details of our retention periods are available from the
Registrars data retention page.
Principle 6
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is always processed on council’s devices, and these are at the compliant standard.
Accountability principle
The controller shall be responsible for, and be able to demonstrate compliance with these principles.
We will:
- ensure that we complete and keep up to date, the Superintendent Registrar record of processing activities, and provide this to the Information Commissioner’s Office on request
- ensure that we keep our privacy notice up to date and accurate
- ensure that the data is only used in accordance with the legislation provided in our privacy notice
- make sure we take account of how individuals’ privacy could be affected by our use of their data
My policies as regards retention and erasure of personal data
We will ensure, where special category personal data is processed, that:
- the Superintendent Registrar retention schedule includes this, and sets out the time limits for erasure of the data
- where we no longer need special category personal data for the purpose for which it was collected, we will ensure it is securely deleted
- data subjects receive a privacy statement about why we are collecting their data
How can you contact the Superintendent Registrar?
The Superintendent Registrar and can be contacted at
register.headoffice@leeds.gov.uk.
