Privacy Policy

Forward

This policy describes the ways in which SIGOMA makes use of the information collected about you when you visit our website and the data we hold to facilitate its secure operation.

General site visitors will not be asked to volunteer any ‘personal data’ when using this website. Personal data provided by SIGOMA members will be used as described in this privacy policy.

This policy may be updated as required and reviewed in line with the intervals set out in our ‘Data Protection Procedure’. It was last updated on 04/05/2018.

If you have any questions or concerns about this policy, or the way it is being applied on the SIGOMA website, please address them to: sigomaenquiries@barnsley.gov.uk

Further contact details can be found HERE

SIGOMA’s Data Protection Officer can be contacted via DPO@barnsley.gov.uk

If you have a concern regarding SIGOMA’s handling of personal data, please contact a member of our staff in the first instance.

We will do everything we can to address any concerns you may have but, should you wish to take things further, you also have the right to inform to the Information Commissioner’s Office… HERE

Overview

SIGOMA occasionally monitors anonymised analytics data on all site users for the sole purpose of identifying areas for website and content optimisation.

We hold secured personal data on SIGOMA members on this website solely for the purpose of facilitating and managing a secure login facility for the private members’ area.

SIGOMA is considered both a ‘Data Controller’ and ‘Data Processor’ under the General Data Protection Regulation, introduced on 25/5/18 and has taken necessary steps to ensure full compliance with this legislation.

No data held by SIGOMA is shared or processed by us outside of the EU.

Personal Data

The ‘personal data’ SIGOMA holds on users of the secure login facility is secured using measures proportionate to its sensitivity as defined under the General Data Protection Regulation.

SIGOMA holds a written agreement with our current website hosting provider, ‘Cursor’, who are considered a ‘Data Processor’ under the GDPR. We have reviewed their site security and privacy arrangements and have satisfied ourselves that they are fit for purpose.

This data is held by SIGOMA as a ‘legitimate business interest’ (i.e. solely for the facilitation of the secure members’ area, which is central to our core function as a membership organisation) and with the freely given and explicit consent of ‘data subjects’ following the introduction of the GDPR.

A ‘Legitimate Interests Assessment’ has been conducted and this minimal processing has been deemed to be necessary, proportionate, conducted in the interests of, and in line with the expectations of data subjects, presenting no material risk to their interests, rights or freedoms.

Appropriate consent is also maintained via our annual billing procedure to member councils, in which they agree for us to contact their staff members in line with our core functions as a special interest group (which includes the facilitation of this website).

This data is also jointly held by/shared with ‘Cursor’ as a ‘legitimate business interest’, required to fulfil their core function as a host and facilitator of the day-to-day operation of the website and the secure login facility to its private members’ area.

SIGOMA does not currently share ‘personal data’ with any other third party and would never do so except with the express prior consent of the ‘data subjects’ whom it concerns.

Following the introduction of GDPR, SIGOMA will hold personal data for a period of 5 years before seeking to refresh the consent of data subjects. This refresh period has been introduced to demonstrate that the data held is not to be held indefinitely, in line with the requirements of GDPR.

What information do we collect?

Google Analytics collects the following information, which SIGOMA monitors.

  • The HTTP request of the user
  • Browser/system information
  • First-party cookies

We also collect and store information necessary to administer the user accounts of SIGOMA members. This is limited to:

  • Username
  • First and last name
  • Email address

Rights of data subjects

The GDPR provides the following rights for individuals:
1. The right to be informed – you have the right to know what personal data (if any) we hold on you, the categories of personal data we hold, how long we intend to hold it for, how we use it, who we share it with, and lawful basis for processing it. All of this information is set out on this page.
2. The right of access – you have the right to know whether we may be processing your personal data and request a copy of the information we may hold on you, free of charge.
3. The right to rectification – you have the right to request that we rectify any out of date or inaccurate data we may hold on you
4. The right to erasure – you have the right to ask for all the data we may hold on you to be deleted
5. The right to restrict processing – you have the right to ask us to limit the way we use your personal data
6. The right to data portability – you have the right to request copies of the data we hold on you in a machine readable format
7. The right to object – you have the right to object to us processing your data and may ask us to cease doing so at any time
8. Rights in relation to automated decision making and profiling – SIGOMA does not use automated decision making or profiling.

These rights are discharged by us as part of this ‘Data Protection Policy’ and via our internal ‘Data Protection Procedure’ and ‘Data Audit’.

We have, to the best of our ability, endeavoured to ensure that all of the information you need to uphold these rights are contained on this page. But if there is anything you think we might have missed, please don’t hesitate to let us know, and we would be happy to update it.

Should you have any requests concerning personal data we may hold on you pertaining to your rights as a ‘data subject’ we will respond appropriately, without undue delay, usually within two working days, and at the latest, within one month of receipt, as required by law.

How do we use this information?

We use basic website usage data to analyse traffic to the SIGOMA website. This helps us to understand things like how many users visit our pages, the duration of their visits etc.

This data is used by SIGOMA solely for monitoring, reporting and the improvement of the SIGOMA website.

The personal data of SIGOMA members who have signed up to access the secure members’ area of this website is stored solely to facilitate the use and security of this area.

Cookies

Cookies are small files placed on your computer or portable device to identify it when you visit various parts of a website. They help us to build up a picture of how the SIGOMA website is used.

SIGOMA may use cookies to:

  • Analyze website traffic using analytics
  • See whether members are signed in to the SIGOMA website

You can set your browser to reject cookies. However, please bear in mind that this may adversely affect the functionality of the website.

Email

SIGOMA holds a mailing list of the staff of SIGOMA member councils and parliamentarians which is stored on a secured internal server, separate to this website.

This list is used solely for the provision of our information services, such as news bulletins and meeting notifications, on the basis of our legitimate interests as a special interest group, as described above.

If you have any requests pertaining to your rights as a data subject in relation to personal data that may be hosted on this website, please let us know whether your request also applies to our members’ mailing list (as your personal data may be held on both).

Data Protection

SIGOMA do not hold the ‘Personal Data’ of general users. Any information we hold pertaining to the staff of SIGOMA member councils is processed and stored in accordance with the General Data Protection Regulation 2018 as described in this privacy policy.

Disclaimer

Whilst we make every effort to ensure that any external hyperlinks found on the SIGOMA website link to reputable sources, we are not responsible for the security of those sites nor for any personal information you may choose to disclose whilst using them.