Privacy Policy

Privacy Notice, GDPR and Data Protection

In the UK, data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data protection legislation controls how your personal information is used by organisations, including businesses and government departments.

Edenbridge Town Council is committed to safeguarding and preserving your privacy. Our Privacy Notice explains what happens to any personal data you provide to us, or we collect from you when you contact us, or whilst you visit our websites or social media.

If you have any questions about this Privacy Notice or the personal data we hold about you, or if you wish to exercise your rights, ask questions, or make a complaint, please contact the Data Controller at Edenbridge Town Council by emailing: townclerk@edenbridgetowncouncil.gov.uk

Data protection 

Assertion 10 of the Annual Governance and Accountability Return (AGAR) requires the Council to confirm that it has “complied with the requirements of data protection legislation.”

In 2026, the Council has undertaken a comprehensive review of its information governance framework. As a result, the Council has:

• Adopted updated Privacy Notices, ensuring transparency and clarity of lawful bases for processing;
• Reviewed and refreshed its Retention and Disposal Policy, including a detailed Retention Schedule;
• Adopted a Data Protection Policy providing overarching governance and accountability;
• Implemented a Subject Access Request (SAR) Procedure to ensure individual rights are upheld within statutory timescales;
• Updated its Freedom of Information and Publication Scheme arrangements;
• Reviewed arrangements for recordings of meetings and their disposal in accordance with Standing Orders;
• Confirmed appropriate technical and organisational security measures are in place, including secure systems and controlled access;
• Begun reviewing and updating written agreements with service providers where data processing occurs on the Council’s behalf.

The Council recognises and upholds the eight individual rights under UK GDPR and has procedures in place to manage data breaches, including reporting to the Information Commissioner’s Office where required.

View Council’s data protection policies.

The Council has also adopted updated Digital IT and Cyber Security and Digital Communications and Social Media policies (March 2025).

Compliance with Practitioners’ Guide (SAPPP 1.47–1.54)

In accordance with the Smaller Authorities Proper Practices Panel (SAPPP) Practitioners’ Guide, the Council confirms that:

• It operates a generic email account hosted on an authority-owned domain (.gov.uk).
• Its website complies with applicable legal requirements and accessibility standards, including Web Content Accessibility Guidelines (WCAG) 2.2 AA and the Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018.
• It processes personal data in accordance with UK GDPR and the Data Protection Act 2018.
• It recognises its role as a data controller and, where applicable, engages data processors under appropriate written agreements.
• It maintains an IT and Cyber Security Policy governing the secure use of authority-owned and personal equipment for Council business.