Saffron Walden Town Council

Policies (including statement and action on structural and systemic racism)


Annual Governance Statement 2018 2019

Benches, MEMORIAL TREES and plaques policy


Cemetery Policy

climate change

Code of Conduct

Complaints Policy

Co-Option Policy

Councillor Code of Conduct

data protection

Equal Opportunities Policy

FilmING and Photography

Financial Regulations APRIL 2021

GeNeral and Earmarked Reserves

general power of competence

discretions policy lgps regulation 2013


Health and Safety

Internal Audit Corporate Governance Review

Investment Policy

Market Terms and Conditions

Mayor Making

Mayoral Chain Policy


member officer protocol

Neighbourhood Plan Terms of Reference

Planning Engagement Policy

Privacy Notice


retention of documents policy part i

retention of documents policy part ii

Risk assessment with procedures

Roles of Town Mayor and Leader


 Saffron Walden Town Council Pension Policy


Standing OrderS

Terms of Reference for Committees


Vexatious behaviour policy

Volunteer Policy


General Data Protection Regulations

Saffron Walden Town Council Overarching Privacy Notice

This privacy notice explains how Saffron Walden Town Council, (as a Data Controller) collects, uses and protects personal data that we hold.

 Your personal data - what is it?

Personal data is any information relating to a living person who can be identified from that data directly or indirectly such as name, photograph, identification number, location data or online identifier. There are also special categories of personal data referred to as 'sensitive personal data' and the categories include genetic data, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.

The processing of personal data is governed by the principles set out in General Data Protection Regulation (the GDPR) 2016 and the Data Protection Act 2018.

Who are we?  

Saffron Walden Town Council is the data controller – contact details as below.  This means it decides how your personal data is processed and for what purposes.

How do we process your personal data?

We comply with our obligations under the GDPR and the principles of the Data Protection Act (DPA) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Under the GDPR and DPA, we have a legal duty to protect any personal data we collect from you.  We will use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

What is the legal basis for processing your personal data?

The legal basis for processing your personal data will depend on the reasons for collecting it.  Generally, the legal basis for processing by the Council as a public authority will be:

1.    To perform a function or provide a service required by statute;

2.    To comply with a legal obligation;

3.    Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;

4.    Where disclosure is in the vital interests of yourself or another person;

5.    With your explicit consent;

6.    In very limited circumstances, the Council may be able to rely on 'legitimate interest' of the Authority but only when these interests override those of the individual and when the Council is not acting in its role as a public authority.

Who will your data be shared with?

Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other personnel within the council to deliver services and with other local authorities.  Personal data may be shared where necessary with other organisations that provide services on our behalf such as contractors carrying out repairs to Council property or assets.  In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.

Sometimes we have a legal duty to disclose your information to other organisations or make it available in a public way. This is often because it forms part of an application or legislation requires it or where court orders are in place. In these situations we do not have an option but will be clear about how we use your information.

In most cases we will not disclose your personal data without your consent; however there are situations where consent would not be required such as when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:

  • For the detection and prevention of crime/fraudulent activity; or
  • If there are serious risks to the public, our staff or to other professionals;
  • To protect a child; or
  • To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
  • Where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality.

On occasions the Council will undertake research into various topics. When using personal data for research purposes, the data will usually be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.

We do not sell personal information to any other organisation for the purposes of direct marketing.

How long do we keep your personal data?

We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep data for a set time period.  However, where possible we will anonymise this data so that you cannot be identified.   Where we do not need to continue to process your personal data, it will be securely destroyed.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

a.    Right of access:  to request a copy of your personal data which we hold about you.

b.    Right to rectification:   to request that we correct any personal data if it is found to be inaccurate or out of date;

c.    Right to erasure:  to request that your personal data be erased where it is no longer necessary for us to retain such data;

d.    Right to withdraw consent:  to withdraw your consent to the processing at any time (this will only apply in certain circumstances; please contact the Council's Data Controller who will explain if your consent can be withdrawn).  

e.    Right to data portability:  to request that we provide you with your personal data and where possible directly to another controller (where applicable)- please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you; and in either case where we process the data by automated means;

f.    Right to restrict processing:  to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;

g.    Right to object:  to object to the processing of personal data (where applicable) - please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/ exercise of official authority); direct marketing and processing for the purposes of scientific / historical research and statistics;

h.    Right to complain:  to lodge a complaint with the Information Commissioner's Office. 


You can access the personal information that we hold about you at any time by submitting a Subject Access Request (SAR) to the Council.  This request should be in writing and clearly specify the information you require.  

Please email us at [email protected] or write to us at Saffron Walden Town Council, 11 Emson Close, Saffron Walden, Essex, CB10 1HL.  Alternatively, please complete and return the SAR form available on the Council's website to assist you with submitting a request.   

You can ask to change information you think is inaccurate, you should let us know if you disagree with something written on your file.  We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

If you would like to make a request in regards to the processing of your personal data please contact the Data Controller on the details provided below.  However, it is not always possible for requests to delete information to be fulfilled and the Data Controller can provide you with more information on request.

Complaints or queries

We try to meet the highest standards when collecting and using personal information.  For this reason, we take any complaints we receive about this very seriously.  We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.  We would also welcome any suggestions for improving our procedures.

If you have any concerns, questions or comments please email the Council's Data Controller [email protected] or write to

Data Controller
Saffron Walden Town Council
11 Emson Close
Saffron Walden
Essex, CB10 1HL

The Data Controller will advise you of the Town Council’s Complaints Process – a copy of which can also be found online. 

If having exhausted the complaints process you are still of the opinion that your request or review has not been dealt with satisfactorily, you can complain to the Information Commissioner's Office or by calling them on 0303 123 1113 or writing to:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire, SK9 5AF