Privacy Policy

Last updated: April 2026

Introduction

As part of the Council’s operations, the Council collects and process personal data. The Council is aware of its obligations under the General Data Protection Regulation (GDPR) and current data protection legislation, is committed to processing your data securely and transparently. This privacy notice sets out, in line with data protection obligations, the type of data that the Council collect and hold on you. It also sets out how the Council use that information, how long the Council keeps it for and other relevant information about your data.

This notice applies to prospective, current and former employees, workers, volunteers and apprentices. It may also apply to consultants or contractors directly engaged by the Council. Customers, allotment tenants, service users, partners, and tenants.

Data Controller Details

The Council is a data controller, meaning that it determines the purposes and processes to be used when using your personal data. The Council’s contact details are as follows:
Address: Truro City Council, Municipal Buildings, Boscawen Street, Truro, TR1 2NE
Telephone: 01872 274766
Email: info@truro.gov.uk

Data Protection Principles

In relation to your personal data, the Council will:

  • process it fairly, lawfully and in a clear, transparent way;
  • collect your data only for reasons that the Council find proper for the course of the recruitment process in ways that have been explained to you;
  • only use it in the way that the Council have told you about;
  • ensure it is correct and up to date;
  • keep your data for only as long as the Council need it; and
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed.

How the Council Define Personal Data

‘Personal data’ is information that relates to an identifiable person who can be directly or indirectly identified from that information. For example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

Types of Data the Council Process

The Council could hold many types of data about you, including:

  • your personal details including your name, address and contact details, date of birth, email address, phone numbers;
  • your photograph;
  • gender;
  • marital status;
  • dependants, next of kin and their contact numbers;
  • medical or health information including whether or not you have a disability;
  • information used for equal opportunities monitoring about your sexual orientation, religion or belief and ethnic origin;
  • information included on your CV including references, education history and employment history;
  • documentation relating to your right to work in the UK;
  • driving licence and details of any penalties or endorsements;
  • bank details;
  • National Insurance Number
  • current and previous job titles, job descriptions, pay grades, including entitlement to benefits such as pensions or insurance cover, hours of work and other terms and conditions relating to your employment or engagement with the Council;
  • letters of concern, formal warnings and other documentation with regard to any disciplinary proceedings or, in the case of workers, confirmation of other discussions about your conduct;
  • internal performance information including measurements against targets, formal warnings and related documentation with regard to capability procedures, appraisal forms, or, in the case of workers, confirmation of other discussions about your performance;
  • leave records including annual leave, family leave, sickness absence etc;
  • details of your criminal record;
  • training details;
  • CCTV footage;
  • building entry card records.
  • Personal contact details that allow us to contact you directly such as name, title, email addresses, company details, website addresses and telephone numbers;
  • Records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
  • Any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;
  • Use of and movements through our online portal, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information;
  • Records of your attendance at any events hosted by us;
  • Details of any relevant memberships, such as the Market Trade Association, Showman’s Guild etc;
  • Copies of your business or organisations insurance documents;
  • Copies of your employees or member qualifications;
  • Copies of your business or organisations risk assessments;
  • Records related to burial plot ownership, interment rights, and service arrangements;
  • Information provided for memorials, inscriptions, or genealogical requests
  • Referees’ contact information which you may have provided to support your business credentials;
  • Records of relevant qualifications or standards, such as Food Hygiene Ratings.
  • Grant project details, budget, evidence, and quotes;
  • Religious preferences relevant to burial rites;
  • Family relationships for record-keeping;
  • Booking dates, times and locations;
  • Details of the facility or resource booked;
  • Attendance numbers and booking notes;
  • System access logs;
  • Cookie and usage data (where applicable);
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. Please see our cookie policy for further details;
  • Profile Data includes purchases or orders made by you, your interests, preferences (including details about your personal likes and dislikes as identified during your visits to our premises), feedback and survey responses;
  • Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences;
  • Business/organisational information (bank account details, statutory accounts, business plans and cashflow forecasts, etc) collected as part of grant applications.

The Council may not collect all the above types of personal information about you. The Council will process the above personal data for the purpose of properly administering any activity you may have with the council.

How the Council Collects Your Data

Recruitment

The Council collect data about you in a variety of ways including the information you would normally include in a CV or a job application cover letter, application forms or notes made by our recruiting officers during a recruitment interview or other forms of assessment. Further information will be collected directly from you when you complete forms at the start of your employment, for example, your bank and next of kin details. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence.

In some cases, the Council will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies. The Council will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.

Personal data is kept in personnel files or within the Council’s HR and IT systems (which may include our email system).

Employees

The Council collect data about you in a variety of ways, and this will usually start when it undertakes a recruitment exercise where it will collect the data from you directly. This includes the information you would normally include in a CV or a recruitment cover letter, application forms or notes made by the Council’s recruiting officers during a recruitment interview or other forms of assessment. Further information will be collected directly from you when you complete forms at the start of your employment or engagement, for example, your bank and next of kin details. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence.

In some cases, the Council will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.

Personal data is kept in personnel files of within the Council’s HR and IT systems including its email system.

Events

The Council collect data about you, relating to events, in various ways, including:

  • Online event surveys – for the purpose of obtaining feedback about our events, allowing us to improve them.
  • Event entry forms – to allow you to participate in prize draws at our events, and so the ‘winner’ can be rightfully contacted.
  • Lemon Booking – for hire of space on Lemon Quay and in Truro Community Library. Further information can be found in the Lemon Booking Privacy Policy.
  • Exchanging risk assessments, insurance documents and any other relevant compliance

Personal data is kept in files within the Council’s IT systems (which may include our email system). It is also kept in physical secure folders.

If the Council is informed of an incident or personal injury at an event during the retention period as stated above, the information may be retained for a longer period. Where the Council has a potential liability as the owner of the venue/premises of the event, this period will be determined under the Limitation Act 1980 depending on the circumstances of the liability.

Grants

The Council will collect data via its grant application form and any other documents you submit in conjunction.

Personal data is kept in files within the Council’s IT systems (which may include our email system). It is also kept in physical secure folders.

Burials

The Council will collect data via its grant application form and any other documents you submit in conjunction.

Personal data is kept in files within the Council’s IT systems (which may include our email system). It is also kept in physical secure folders.

Online

Direct interactions. You may provide us with your personal data by filling in forms or by corresponding with us by post, phone, messaging service, email or otherwise. This includes personal data you provide when you:

  • apply for or subscribe to our services;
  • request marketing to be sent to you;
  • enter a promotion or survey; or
  • give us feedback or otherwise contact us.

Automated technologies or interactions. As you interact with our website, we will automatically collect your personal data relating to your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

Why the Council Processes Your Data

Recruitment

The Council needs to process data to take steps at your request prior to entering into a contract of employment with you. The law on data protection allows the Council to process your data for certain reasons only:

  • in order to perform the employment contract that the Council are party to;
  • in order to carry out legally required duties;
  • in order for the Council to carry out our legitimate interests;
  • to protect your interests; and
  • where something is done in the public interest.

All of the processing carried out by the Council falls into one of the permitted reasons. Generally, the Council will rely on the first three reasons set out above to process your data.

The Council need to collect your data to ensure it is complying with legal requirements such as:

  • carrying out checks in relation to your right to work in the UK; and
  • making reasonable adjustments for disabled employees.

The Council also collect data so that it can carry out activities which are in the legitimate interests of the Council. The Council have set these out below:

  • making decisions about who to offer employment to;
  • making decisions about salary and other benefits;
  • assessing training needs; and
  • dealing with legal claims made against the Council.

If you are unsuccessful in obtaining employment, the Council may seek your consent to retaining your data in case other suitable job vacancies arise in the Council for which the Council think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.

Employees

The law on data protection allows the Council to process your data for certain reasons only:

  • in order to perform the employment contract that the Council are party to;
  • in order to carry out legally required duties;
  • in order for the Council to carry out its legitimate interests;
  • to protect your interests, and;
  • where something is done in the public interest;
  • where the Council have your consent.

All of the processing carried out by the Council falls into one of the permitted reasons. Generally, the Council will rely on the first three reasons set out above to process your data. For example, the Council need to collect your personal data in order to:

  • carry out the contract that they have entered into with you;
  • ensure you are paid; and
  • administer benefits, such as pension and insurance entitlements.

The Council also need to collect your data to ensure it is complying with legal requirements such as:

  • ensuring tax and National Insurance is paid;
  • to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled;
  • carrying out checks in relation to your right to work in the UK; and
  • making reasonable adjustments for disabled individuals.

The Council also collect data so that it can carry out activities which are in the legitimate interests of the Council. The Council have set these out below:

  • making decisions about who to offer initial employment or engagement to, and subsequent internal appointments, promotions etc;
  • making decisions about salary and other benefits;
  • providing contractual benefits to you;
  • maintaining comprehensive up to date personnel records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained;
  • if you are an employee, effectively monitoring both your conduct and your performance and to undertake procedures with regard to both of these if the need arises;
  • if you are an employee, offering a method of recourse for you against decisions made about you via a grievance procedure;
  • assessing training needs;
  • implementing an effective sickness absence management system including monitoring the amount of leave and subsequent actions to be taken including the making of reasonable adjustments;
  • gaining expert medical opinion when making decisions about your fitness for work;
  • managing statutory and other types of leave and pay systems (including maternity, paternity, adoption, parental and shared parental leave, and bereavement leave);
  • business planning and restructuring exercises;
  • dealing with legal claims made against the Council;
  • preventing fraud;
  • ensuring the Council’s administrative and IT systems are secure and robust against unauthorised access; and
  • to comply with employment law, immigration law, health & safety law, tax law and other laws which affect the Council
  • provide references on request for current or former employees.

Events

The Council needs to process data to take steps at your request prior to entering into a hire agreement with you, to understand the demographic of event attendees, and in the case of a prize draw, to ensure the correct person is rightfully contacted. The law on data protection allows the Council to process your data for certain reasons only:

  • in order to perform the employment contract that the Council are party to;
  • in order to carry out legally required duties;
  • in order for the Council to carry out our legitimate interests (Article 6);
  • to protect your interests; and
  • where something is done in the public interest.

All of the processing carried out by the Council falls into one of the permitted reasons. Generally, the Council will rely on the first three reasons set out above to process your data.

The Council also collect data so that it can carry out activities which are in the legitimate interests of the Council. The Council have set these out below:

  • making decisions about event development;
  • making decisions about hire of space;
  • dealing with legal claims made against the Council.

Grants

The Council also collect data so that it can carry out activities which are in the legitimate interests of the Council. The Council have set these out below:

  • assess applications;
  • verify eligibility;
  • contact applicants;
  • issue grant payments;
  • monitor funded projects.

The Council also need to collect your data to ensure it is complying with legal requirements such as;

  • prevent fraud;
  • satisfy public transparency.

Burials

Truro City Council use personal information to:

  • Provide burial, memorial, and cemetery management services
  • Maintain accurate cemetery and interment records
  • Communicate with plot owners, families, and visitors
  • Process payments and manage accounts
  • Ensure the security and safety of cemetery grounds
  • Comply with legal, regulatory, and historical record-keeping obligations
  • Maintain genealogical and archival records

Truro City Council process personal information on the following bases:

  • Consent
  • Performance of a contract
  • Legal obligations
  • Legitimate interests (historical record-keeping, site security, service management)

Bookings

The Council uses your personal data to:

  • Process and administer bookings
  • Communicate with you regarding your booking
  • Manage access to facilities and services
  • Issue invoices and process payments
  • Maintain financial and audit records
  • Monitor and improve service delivery
  • Ensure system security and prevent misuse

The Council processes your personal data under the following lawful bases:

  • Contract – to fulfil your booking agreement
  • Legal obligation – for financial reporting, audit and compliance
  • Public task – providing community facilities and services
  • Legitimate interests – for system administration, security and service improvement

Your data is securely stored within the Lemon Booking system, which is hosted on secure UK-based servers (Amazon Web Services, London region).

Both Truro City Council and Lemon Booking implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse or disclosure.

Access to your data is restricted to authorised personnel on a role-based basis

Online

We use information held about you to:

  • carry out our obligations arising from any contracts entered into between you and us and provide our services, including any third party services we make available to you;
  • carry out feedback and research on our services; and
  • notify you about changes to our services.

Special Categories of Data

‘Special categories of personal data’ are types of personal data consisting of information as to:

  • your racial or ethnic origin;
  • your political opinions;
  • your religious or philosophical beliefs;
  • your trade union membership;
  • your genetic or biometric data;
  • your health;
  • your sex life and sexual orientation; and
  • any criminal convictions and offences.

The Council must process special categories of data in accordance with more stringent guidelines. Most commonly, it will process special categories of data when the following applies:

  • you have given explicit consent to the processing;
  • the Council must process the data in order to carry out our legal obligations;
  • the Council must process data for reasons of substantial public interest;
  • you have already made the data public.

The Council will use your special category data:

  • for the purpose of equal opportunities monitoring;
  • to monitor recruitment statistics.

The Council do not need your consent if it uses special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, the Council may ask for your consent to allow it to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

Criminal Conviction Data

During recruitment the Council will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits it. This data will usually be collected at the recruitment stage, however, may also be collected during your employment should you be successful in obtaining employment.

The Council use criminal conviction data in the following ways:

  • to assess suitability to work in a role that fits the main provisions of regulated activity;
  • to carry out its obligations and exercise specific rights in relation to employment and safer recruitment practices.

The Council rely on the lawful basis of the following reasons to process this data:

  • in order to perform the employment contract that the Council are party to;
  • in order to carry out legally required duties;
  • in order for the Council to carry out the Council’s legitimate interests.

If You Do Not Provide Your Data to the Council

One of the reasons for processing your data is to allow the Council to carry out its activities. Whilst you are under no statutory or contractual obligation to provide the Council with your data, the Council may not be able to process, or continue with (as appropriate) your activities with the council.

Sharing Your Data

Your data will be shared with colleagues within the Council where it is necessary for them to undertake their duties.

Your data may be shared securely with the Council’s outsourced HR provider who advise and assist on the Council’s HR and recruitment practices.

In some cases, the Council will collect data about you from third parties, such as employment agencies. Your data will be shared with third parties if you are successful in your job application. In these circumstances, the Council will share your data to obtain references as part of the recruitment process.

The Council do not share your data with bodies outside of the European Economic Area.

The Council are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. The Council have implemented processes to guard against such.

Where the Council share your data with third parties, it provides written instructions to them to ensure that your data are held securely and in line with data protection requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

This may include:

  • Lemon Booking (system provider acting as Data Processor)
  • Payment service providers (such as Stripe, GoCardless or SumUp)
  • IT service providers supporting system operation
  • Redruth Town Council for public space CCTV

All third parties are required to process your data securely and only in accordance with the Council’s instructions.

The Council does not sell your personal data.
The booking system may contain links to third-party services, including payment providers. These organisations operate their own privacy policies, and you are encouraged to review them.

Truro City Council is not responsible for the privacy practices of external services.

How Long the Council Keep Your Data For

In line with data protection principles, the Council will only keep your data for as long as it needs, is required to do so by legislation, or where appropriate for historical archives.

Automated Decision Making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

Your Rights in Relation to Your Data

The law on data protection gives you (the data subject) certain rights in relation to the data the Council hold on you. These are:

  • The right to be informed. This means that the Council must tell you how it uses your data, and this is the purpose of this privacy notice;
  • The right of access. You have the right to access the data that the Council hold on you. To do so, you should make a subject access request.
  • The right for any inaccuracies to be corrected. If any data that the Council hold about you is incomplete or inaccurate, you are able to require the Council to correct it;
  • The right to have information deleted. If you would like the Council to stop processing your data, you have the right to ask to delete it from the Council’s systems where you believe there is no reason for it to continue processing it;
  • The right to restrict the processing of the data. For example, if you believe the data the Council hold is incorrect, it will stop processing the data (whilst still holding it) until it has ensured that the data is correct;
  • The right to portability. You may transfer the data that the Council hold on you for your own purposes;
  • The right to object to the inclusion of any information. You have the right to object to the way the Council use your data where the Council are using it for its legitimate interests;
  • The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.

Where you have provided consent to the Council’s use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that the Council will stop processing the data that you had previously given it consent to use. There will be no consequences for withdrawing your consent. However, in some cases, the Council may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact the Data Protection Lead.

Making a Complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been breached in any way by the Council, you are able to make a complaint to the ICO.

Data Protection Officer

Parish Councils are not required to appoint a Data Protection Officer. The Council’s Data Protection Lead is Esther Greig, Deputy Town Clerk who can be contacted on esther@truro.gov.uk or 07946 477049.