What is the Office of High Sheriff/the Surrey Shrievalty?
The High Sheriff of Surrey is an appointee of His Majesty The King. During what is a year-long, non-political and wholly independent appointment, the High Sheriff provides support for the Royal Family, the Judiciary, the Police and the emergency services within the County of Surrey without resort to the public purse.
The High Sheriff also offers support and encouragement to those engaged in the charity and voluntary sectors and actively encourages crime prevention. Central to his or her role is to uphold and enhance the ancient Office High Sheriff while at the same time making a meaningful contribution to the citizens, institutions and corporate bodies of the County.
Each High Sheriff appoints an Under Sheriff and a High Sheriff’s Chaplain annually. Both support the High Sheriff in the performance of his or her role. For more information visit the High Sheriffs’ Association website – www.highsheriffs.com
In this Policy, the activities undertaken by the High Sheriff are sometimes referred to as “business” but it should be noted that the work of the High Sheriff is not commercial, but is the undertaking of a public duty for the public good.
What is the purpose behind this Policy?
Pursuant to the provisions of the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) [together referred to below as GDPR], we are required to inform members of the public and website visitors (together referred to below as either an ‘individual’ or ‘individuals’) of the following:
- What personal data we collect when individuals who provide personal information about themselves or others or otherwise visit our website.
- How we use their personal data.
- How we make sure their privacy is maintained.
- About their legal rights regarding data collection, storage and deletion.
What is ‘Personal Data’?
In summary, personal data means information about a particular living individual. In the context of Shrieval business, it will include information relating not only to members of the public but also public officials. The data as such does not need to be ‘private’ information: even information which is public knowledge or is about someone’s professional life can be personal data.
For the purposes of the relevant legislation, it does not cover truly anonymous information: but if one could still identify someone from the details, or by combining it with other information, it will still count as personal data.
It only includes paper records if the holder of them files or saves them electronically or files them in an organised way.
What Personal Data do we collect?
We collect personal data if individuals fill out a contact form, email us directly or we receive and/or gather information about them for the purpose of enabling the effective conduct of the High Sheriff’s business. We are likely to receive personal data from bodies with which the High Sheriff has any business, and from people who have been High Sheriff in the past or have supported the business of a High Sheriff.
Personal data we collect may include the following:
- First Name.
- Last Name.
- Email Address.
- Date of birth.
- Phone Number.
- The role of a person and the identity of any organisation with which the person is associated, and the general nature of that organisation’s activity and where that activity is undertaken.
- Where, when and in what circumstances we met or dealt with the person.
How do we use Personal Data?
We use personal data to contact people directly vis Greenvelope an electronic invitation package about any Shrieval events, important news, information or otherwise in the furtherance of the High Sheriff’s business including the processing and storing of personal data of potential candidates for the role of High Sheriff in the future. Invitations contain an offer to unsubscribe from the database in the invitations notes section.
On what basis do we use your Personal Data?
The lawful basis on which we rely for use of personal data is that we have a legitimate interest in its use. We have completed a Legitimate Interests Assessment and have concluded that the High Sheriff can rely on legitimate interests for processing data for marketing information about events he/she will hold during their Shrieval year. The High sheriff will keep this LIA under review and refresh it if there is a significant change in the purpose, nature or context of the processing.
Do we share your Personal Data with third parties?
We do not share individuals’ details with third parties for any purpose other than to provide them with assistance or otherwise in ways that we judge are necessary to further the work of the Surrey Shrievalty to good and positive effect. We may pass personal data to successor High Sheriffs and to those who support them in their business.
Data security – protecting your privacy
We protect personal data with appropriate security. All our data stored on computers is protected by technical security such as firewalls, anti-virus software and passwords.
We understand the importance of data security and what procedures should be followed in case of a data security breach. Our website has an SSL certificate and security software to protect and secure an individual’s connection.
We keep personal data only for our length of term in office as High Sheriff plus such reasonable time thereafter to delete it. In passing it to a successor High Sheriff or any persons supporting them in their business, we will inform them of the year of office in which it was collected and that it should be reviewed as to continuing relevance (in terms of the legitimate interests of the High Sheriff) not later than three years of office later than the time when it was first collected.
Personal data is gathered and retained during each High Sheriff’s year of office and thereafter for the use of successor High Sheriffs, the Under Sheriff and any other person supporting them in the business. Periodically its continuing relevance or otherwise will be reviewed and assessed, in terms of the legitimate interests of the High Sheriff. When personal data is judged to be no longer relevant and/or required, it will be destroyed if in paper form or alternatively deleted from the business’s electronic records and systems.
Security breaches – our security procedures
Under GDPR, if personal data has been put at risk, we are required to report this, or any known breach of the Regulations, to the Information Commissioner’s Office within 72 hours. Certain types of data breach do not need to be reported if they are considered harmless and pose no risk to an individual’s data.
If a breach is considered high-risk, we will inform all individuals who are affected immediately. We will do this via direct email or telephone depending on their contact preferences (if known), or otherwise in a way which is judged to be both practical and expeditious.
Your legal rights regarding data collection, storage and deletion
The GDPR includes the following rights for individuals or ‘data subjects’:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
Requests for amendments, copies or deletion
If an individual would like us to update or delete any details we hold about them, or would like a copy of their personal data, they should please request the same by email to PA@highsheriffofsurrey.com
In accordance with the GDPR, any requests for amendments, deletion or copies of data will be met within 30 days.
The data controller of this website is: The High Sheriff of Surrey.
Contact us by email to the High Sheriff at PA@highsheriffofsurrey.com or the Under Sheriff at firstname.lastname@example.org
Contact us by post to the High Sheriff or Under Sheriff at the Estate Office, Loseley Park, Guildford, Surrey GU3 1HS
Contact us by telephone on 0208 541 9127
© Copyright High Sheriff of Surrey 2023