The laws that give you the right to access information held by public bodies like us. On this page
Freedom of Information (FOI) Act
The Freedom of Information Act 2000 provides public access to information held by public authorities.
It does this in two ways:
- public authorities are obliged to publish certain information about their activities; and
- members of the public are entitled to request information from public authorities.
The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland.
Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.
The Act does not give you access to your own personal data (information about yourself) such as your health records or credit reference file. If you want to see information that Cherwell District Council holds about you, you should make a data protection subject access request.
How we deal with your requests
Our Freedom of Information Act Policy sets out how we will respond to information requests under the FOI Act.
We publish information on this website as part of normal business practice. The publication scheme sets out what information this includes. The aim is to help people better understand how the council works.
Information we may not release
We do our best to give you what you requested, but it may not be possible as some information is exempt. For example, where it would reveal personal details about someone.
We may refuse a request if the cost for us to provide the information would cost more than the information is worth.
What to do if you are unhappy with the information provided
We try our best to answer the question(s) you raised as fully and accurately as we can. If you have any concerns about the way we have done this, we have a review process to look into such concerns.
If you wish to use this, please write to: Information Governance Manager, Cherwell District Council, Bodicote House, Bodicote, Banbury. Oxforshire. OX15 4AA or email firstname.lastname@example.org setting out your concerns and what action you think we ought to take. If you are still unhappy at the end of this process, you can contact the independent Information Commissioner at the following address:
Information Commissioner, Wycliffe House, Water Lane, Wimslow, Cheshire, SK9 5AF.
Find out more about Freedom of Information at the Information Commissioner's website.
Environmental Information Regulations (EIR)
The Environmental Information Regulations 2004 are similar to the Freedom of Information Act but are limited specifically to information regarding the environment.
- The EIR grant a right for any person to request access to environmental information held by public authorities and for public authorities to take steps to proactively make environmental information available to the public.
- The EIR interpret 'environmental information' widely, with the scope to include information such as health and safety policies or details about recycling.
We may charge you a fee for providing the information. If we need to charge you for the information, we will tell you first so that you can choose whether to proceed or not.
General Data Protection Regulation (GDPR)
The GDPR gives you the right to request and amend the personal information Cherwell District Council holds about you.
Data subject rights
The General Data Protection Regulation (GDPR) gives individuals several rights regarding their personal information. You have the right to request and amend the personal information Cherwell District Council holds about you.
Please note: You will not always be able to exercise all the rights set out in the GDPR as they vary depending on why we collected the personal information. There are also some circumstances where your rights cannot be exercised because exemptions will apply. We will explain this in our response to you.
1. To be informed
You have the right to be informed about the collection and use of your personal data. A privacy notice will be provided to you at the time your personal data is collected and will explain simply and clearly how and why we intend to process your data. This information will be on the website and on the form you complete.
2.Change inaccurate information
You have a right to rectification of inaccurate personal information and to update incomplete personal information.
If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.
Rectification can be achieved by adding to the record or creating a supplementary record. Even if we decide that the information is correct, we will place a statement from you on the record with the data you believe to be correct or stating your dispute.
3. Request the council to delete your information
You have a right to request that we delete your personal information.
You may request that we delete your personal information if you believe that:
- We no longer need to process your information for the purposes for which it was provided
- We have requested your permission to process your personal information and you wish to withdraw your consent
4. Request the council to restrict the processing of your information
You have a right to request the council to restrict the processing of your personal information.
You may request the council to restrict processing your personal information if you believe that:
- Any of the information that we hold about you is inaccurate
- We no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims
5. Request personal information provided in a portable format
You have a right to data portability.
Where we have requested your permission to process your personal information, you have a right to receive the personal information you provided to us in a portable format.
You may also request the council to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your information, which will be governed by their agreement with you and any privacy statement they provide to you.
Please note that this right only applies to data that is being processed electronically.
6. Object to the processing of your personal information
You have a right to object to the processing of your personal information.
You must tell us your circumstances justifying your objection to processing. Please be aware that we can still process personal information where there are compelling grounds, or it is necessary for legal claims.
You can also object separately to your data being used for direct marketing and for research. Your objection to your data being processed for a research purpose may be overridden if the council has public interest justification for this.
7. Rights in relation to automated decision making and profiling
Automated individual decision making is a decision made without human involvement. Examples of this include an online decision to award a loan, or a recruitment aptitude test which uses pre-programmed algorithms and criteria. Automated decision making does not have to involve profiling, although it may do.
Automated decision making and profiling can lead to a quicker and more consistent decision, but if used irresponsibly there are significant risks for individuals.
The General Data Protection Regulation (GDPR) restricts organisations from making solely automated decisions (no human contact), including those based on profiling, that have a legal or similarly significant effect on individuals.
These restrictions can be lifted in certain circumstances; namely, if the decision is:
- necessary for entering into or performance of a contract between the organisation and the data subject
- authorised by law (for example, purpose of fraud or tax evasion), or
- based on the individuals ‘explicit’ consent
As this type of processing is high risk, the GDPR requires that a Data Protection Impact Assessment is completed to demonstrate that the organisation has identified and assessed the risks and how these will be addressed.
The GDPR also requires organisations to:
- give individuals specific information about the processing
- take steps to prevent errors, bias and discrimination, and
- give individuals rights to challenge and request a review of the decision
These provisions are designed to increase individuals understanding of how the organisation might be using their personal data.
8. Withdraw consent
You have a right to withdraw your consent.
Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
Please be aware that you will not be able to withdraw your consent if we do not rely on your permission to process your personal information ie: to use a service we are required to provide by law.
9. Subject access request
A person (the Data Subject) has the right to request a copy of any personal information held by an organisation (the Data Controller); this is known as a Subject Access Request (SAR).
It is important to remember that not all personal information is covered and there are ‘exemptions’ which may allow an organisation to refuse to comply with your subject access request in certain circumstances.
Schedule 2 Disclosure Form (not for general public use)
Schedule 2 Part 1 Para. 2 or Para. 5 Data Protection Act 2018
(previously S29 Data Protection Act 1998)
Law Enforcement Authorities, Competent Authorities and Environment Agencies can request access to personal information held by Local Authorities for specified purposes. These types of requests include Schedule 2 Part 1 Para. 2 or Para. 5 Data Protection Act 2018
A law enforcement authority is known under data protection law as a “competent authority”. This means any of the authorities listed in Schedule 7 of the DPA 2018 including the police, courts and prisons.
Competent authorities can also be any other organisation or person with statutory law enforcement functions, such as local authorities detecting trading standards offences or the Environment Agency when investigating environmental offences. For ease of reference, we use the term “law enforcement authority”.
Part 3 of the DPA 2018 sets out separate data protection rules for authorities with law enforcement functions when they are processing for “law enforcement purposes”.
The law enforcement purposes are defined in section 31 of the DPA 2018 as:
- the prevention, investigation, detection or prosecution of criminal offences; or
- the execution of criminal penalties, including safeguarding against and prevention of threats to public security; or
- assessment or collection of tax, duty or imposition of a similar nature.
- does not give an automatic right of access to information
- states that public bodies can assess the merits of requests and decide whether or not to apply the exemption
See the Information Commissioners Office guidance about exemptions, It includes reasons we must take into consideration when deciding whether to release information to relevant authorities.
Make a Schedule 2 Part 1 Para. 2 or Para. 5 Data Protection Act 2018 request
For Law Enforcement Authorities, Competent Authorities and Environment Agencies only.
Please email your request to email@example.com