Privacy Notice for Financial Payments

Why we are collecting your personal data?

Wealden District Council is a data controller for the purposes of the General Data Protection Regulation 2016 and Data Protection Act 2018. We collect, hold and use your personal data in order to process payments from you in relation to the services you receive from us.

What is the legal basis for processing your personal data?

We do this as a task carried out in the public interest in order to fulfill our legal obligations to you. We will not be able to process your payments without the personal data you provide to us.

What information are we collecting?

When you make a payment to us we collect some or all of the following information: name, address, phone number, date of birth, NI number and account number within the Council. We may also obtain information about you from third parties, including third party verification services. The Council does not collect or have access to your debit or credit card details.

The Council is able to take repeat payments on your debit or credit card using a data token. The tokenisation service approved by Visa and Mastercard, protects customer data, substituting the payment account information found on a plastic card with a series of numbers that can be used to authorise payment without exposing actual account details.

Who will your personal data be shared with?

When you use our secure online payment pages, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of debit and credit card transactions.

Your debit or credit card details are held securely by Adelante Payment Services Ltd our third party payment processor. Adelante are a Payment Card Industry Data Security Standard Level 1 Service Provider, the highest level under the standards set.

We share your personal data internally for our own data matching exercise, using names, addresses and dates of birth. This helps us to ensure the personal data we hold is accurate and up to date and identify customers by a single customer record.

We may also use and check your personal data for the investigation and prevention of fraud, anti-social behaviour and criminal activity or where we are otherwise required to do so by law. This may include sharing your information with police services, credit reference agencies, governmental organisations (e.g., Department for Work and Pensions and HM Revenue and Customs) and other local authorities. We also take part in the National Fraud Initiative’s anti-fraud data matching exercise for these purposes.

We will not:

• Use your information for marketing or sales purposes without your prior explicit consent.
• Store or send your personal data to a country outside the European Economic Area (EEA).
• Make decisions about you based on automated processing of your personal data.

How long will we hold your data for?

We keep records of all financial payments for a period of six years from the end of the financial year to which they relate.