Privacy notice : Reporting a data security incident or concern

Who we are

Information Governance Department
Royal Borough of Windsor and Maidenhead
Town Hall
Maidenhead SL6 1RF

Lawful basis for processing the information

The lawful basis for processing is Article 6 GDPR:

e) Our legal bases for using your personal information are to exercise our tasks in the public interest.

How we collect information

We will use the information you have reported to us in your email to report a data security concern.

Information we collect

We will collect the information necessary in order to fully investigate your concerns and ascertain whether a breach has taken place. This can include your name, address, contact details including phone number and address, details of the incident and information around the circumstances of how the concern or incident happened.

How we use the information provided

We will use the information you have provided to fully investigate the concern and take steps to mitigate any risk to data subjects. 

Who has access to the information about you

The Data Protection Officer and information governance team.

Who we may share your information with

We will share your concerns with the relevant department involved in the concern. Details of the incident (not including your personal details) will be shared with the Senior Information Risk Owner so we can take the necessary steps to improve processes. 

How long we store your information

We keep a record of incidents for five years.

Does your service utilise automated decision making? – No.