Photo of Marshals Sports Field Pavilion
  1. Home
  2.  » 
  3. Policy
  4.  » General Data Protection Regulations (GDPR) Policies and Procedures

General Data Protection Regulations (GDPR) Policies and Procedures

Download Policy

Adopted by Council – 1 December 2020


To be reviewed – December 2021
Tom Clay
Town Clerk

Document includes:

  1. Data Protection Policy
  2. General Privacy Notice
  3. Privacy Notice for Staff, Councillors and Role Holders*
  4. Privacy Policy
  5. Subject Access Request Policy
  6. Data Breach Policy
  7. Document Retention Policy
  8. Template Data Consent Form

Document History

  1. Data Protection Policy
  2. Introduction
    1.1 The Town Council recognises its responsibility to comply with the General Data Protection Regulations (GDPR) 2018 which regulates the use of personal data. This does not have to be sensitive data; it can be as little as a name and address.
  3. General Data Protection Regulations (GDPR)
    2.1 The GDPR sets out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used.
    2.2 The GDPR applies to anyone holding personal information about people, electronically or on paper. The Town Council has also notified the Information Commissioner that it holds personal data about individuals.
    2.3 When dealing with personal data, Town Council staff and members must ensure that:
    • Data is processed fairly, lawfully and in a transparent manner. This means that personal information should only be collected from individuals if staff have been open and honest about why they want the personal information.
    • Data is processed for specified purposes only. This means that data is collected for specific, explicit and legitimate purposes only.
    • Data is relevant to what it is needed for. Data will be monitored so that too much or too little is not kept; only data that is needed should be held.
    • Data is accurate and kept up to date and is not kept longer than it is needed. Personal data should be accurate, if it is not it should be corrected. Data no longer needed will be shredded or securely disposed of.
    • Data is processed in accordance with the rights of individuals. Individuals must be informed, upon request, of all the personal information held about them.
    • Data is kept securely. There should be protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  4. Storing and accessing data
    3.1 The Town Council recognises its responsibility to be open with people when taking personal details from them. This means that staff must be honest about why they want a particular piece of personal information.
    3.2 The Town Council may hold personal information about individuals such as their names, addresses, email addresses and telephone numbers. These will be securely kept at the Town Council Office and are not available for public access.
    3.3 All data stored on the Town Council Office computers are password protected. Once data is not needed any more, is out of date or has served its use and falls outside the minimum retention time of Councils document retention policy, it will be shredded or securely deleted from the computer.
    3.4 The Town Council is aware that people have the right to access any personal information that is held about them. Subject Access Requests (SARs) must be submitted in writing (this can be done in hard copy, email or social media). If a person requests to see any data that is being held about them, the SAR response must detail:
    • How and to what purpose personal data is processed
    • The period the Town Council intends to process it for
    • Anyone who has access to the personal data
    3.5 The response must be sent within 30 days and should be free of charge.
    3.6 If a SAR includes personal data of other individuals, the Town Council must not disclose the personal information of the other individual. That individual’s personal information may either be redacted, or the individual may be contacted to give permission for their information to be shared with the Subject.
    3.7 Individuals have the right to have their data rectified if it is incorrect, the right to request erasure of the data, the right to request restriction of processing of the data and the right to object to data processing, although rules do apply to those requests.
    3.8 Please see “Subject Access Request Procedure” for more details.
  5. Confidentiality
    4.1 The Town Council members and staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise. When handling personal data, this must also remain confidential
  6. General Privacy Notice

Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual (e.g. a list of staff may contain personnel ID numbers rather than names but if you use a separate list of the ID numbers which give the corresponding names to identify the staff in the first list then the first list will also be treated as personal data). The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
Who are we?
This Privacy Notice is provided to you by the Gainsborough Town Council which is the data controller for your data.
Other data controllers the council works with:
• Gainsborough Town Council
• Community groups
• Charities
• Other not for profit entities
• Contractors
We may need to share your personal data we hold with them so that they can carry out their responsibilities to the council. If we and the other data controllers listed above are processing your data jointly for the same purposes, then the council and the other data controllers may be “joint data controllers” which mean we are all collectively responsible to you for your data. Where each of the parties listed above are processing your data for their own independent purposes then each of us will be independently responsible to you and if you have any questions, wish to exercise any of your rights (see below) or wish to raise a complaint, you should do so directly to the relevant data controller.
A description of what personal data the council processes and for what purposes is set out in this Privacy Notice.
The council will process some or all of the following personal data where necessary to perform its tasks:
• Names, titles, and aliases, photographs;
• Contact details such as telephone numbers, addresses, and email addresses;
• Where they are relevant to the services provided by a council, or where you provide them to us, we may process information such as gender, age, marital status, nationality, education/work history, academic/professional qualifications, hobbies, family composition, and dependants;
• Where you pay for activities such as use of a council hall, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers;
• The personal data we process may include sensitive or other special categories of personal data such as criminal convictions, racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received, political beliefs, trade union affiliation, genetic data, biometric data, data concerning and sexual life or orientation.
How we use sensitive personal data
• We may process sensitive personal data including, as appropriate:
­ information about your physical or mental health or condition in order to monitor sick leave and take decisions on your fitness for work;
­ your racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation;
­ in order to comply with legal requirements and obligations to third parties.
• These types of data are described in the GDPR as “Special categories of data” and require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.
• We may process special categories of personal data in the following circumstances:
­ In limited circumstances, with your explicit written consent.
­ Where we need to carry out our legal obligations.
­ Where it is needed in the public interest.
• Less commonly, we may process this type of personal data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Do we need your consent to process your sensitive personal data?
• In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
The council will comply with data protection law. This says that the personal data we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.

We use your personal data for some or all of the following purposes:
• To deliver public services including to understand your needs to provide the services that you request and to understand what we can do for you and inform you of other relevant services;
• To confirm your identity to provide some services;
• To contact you by post, email, telephone or using social media (e.g., Facebook, Twitter, WhatsApp);
• To help us to build up a picture of how we are performing;
• To prevent and detect fraud and corruption in the use of public funds and where necessary for the law enforcement functions;
• To enable us to meet all legal and statutory obligations and powers including any delegated functions;
• To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments and generally as necessary to protect individuals from harm or injury;
• To promote the interests of the council;
• To maintain our own accounts and records;
• To seek your views, opinions or comments;
• To notify you of changes to our facilities, services, events and staff, councillors and other role holders;
• To send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other new projects or initiatives;
• To process relevant financial transactions including grants and payments for goods and services supplied to the council, and;
• To allow the statistical analysis of data so we can plan the provision of services.
Our processing may also include the use of CCTV systems for the prevention and prosecution of crime.
What is the legal basis for processing your personal data?
The council is a public authority and has certain powers and obligations. Most of your personal data is processed for compliance with a legal obligation which includes the discharge of the council’s statutory functions and powers. Sometimes when exercising these powers or duties it is necessary to process personal data of residents or people using the council’s services. We will always take into account your interests and rights. This Privacy Notice sets out your rights and the council’s obligations to you.
We may process personal data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the use of sports facilities, or the acceptance of an allotment garden tenancy
Sometimes the use of your personal data requires your consent. We will first obtain your consent to that use.
Sharing your personal data
This section provides information about the third parties with whom the council may share your personal data. These third parties have an obligation to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data. It is likely that we will need to share your data with some or all of the following (but only where necessary):
• The data controllers listed above under the heading “Other data controllers the council works with”;
• Our agents, suppliers and contractors. For example, we may ask a commercial provider to publish or distribute newsletters on our behalf, or to maintain our database software;
• On occasion, other local authorities or not for profit bodies with which we are carrying out joint ventures e.g. in relation to facilities or events for the community.
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is currently best practice to keep financial records for a minimum period of 8 years to support HMRC audits or provide tax information. We may have legal obligations to retain some data in connection with our statutory obligations as a public authority. The council is permitted to retain data in order to defend or pursue claims. In some cases the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
1) The right to access personal data we hold on you
• At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month.
• There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2) The right to correct and update the personal data we hold on you
• If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
3) The right to have your personal data erased
• If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
• When we receive your request, we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
4) The right to object to processing of your personal data or to restrict it to certain purposes only
• You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request, we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
5) The right to data portability
• You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
• You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
7) The right to lodge a complaint with the Information Commissioner’s Office.
• You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Transfer of Data Abroad
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.

Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on our website parishes.lincolnshire.gov.uk/gainsborough/
Contact Details
Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints to The Data Controller, Tom Clay, in the following ways:
Address: Richmond House, Richmond Park, Morton Terrace, Gainsborough, Lincolnshire, DN21 2RJ
Telephone: 01427 811573
Email: parishes.lincolnshire.gov.uk/gainsborough/

  1. Privacy Notice for Staff, Councillors and Role Holders*
  • “Staff” means employees, workers, agency staff and those retained on a temporary or permanent basis.
    ** “Role Holders” includes, volunteers, contractors, agents, and other role holders within the council including former staff*and former councillors. This also includes applicants or candidates for any of these roles.
    Your personal data – what is it?
    “Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photograph, video, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual (e.g. a list of staff may contain personnel ID numbers rather than names but if you use a separate list of the ID numbers which give the corresponding names to identify the staff in the first list then the first list will also be treated as personal data). The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act.
    Who are we?
    This Privacy Notice is provided to you by Gainsborough Town Council which is the data controller for your data.
    The council works together with:
    • Other data controllers, such as local authorities, public authorities, central government and agencies such as HMRC and DVLA
    • Staff pension providers
    • Former and prospective employers
    • DBS services suppliers
    • Payroll services providers
    • Recruitment Agencies
    • Credit reference agencies
    We may need to share personal data we hold with them so that they can carry out their responsibilities to the council and our community. The organisations referred to above will sometimes be “joint data controllers”. This means we are all responsible to you for how we process your data where for example two or more data controllers are working together for a joint purpose. If there is no joint purpose or collaboration, then the data controllers will be independent and will be individually responsible to you.
    The council will comply with data protection law. This says that the personal data we hold about you must be:
    • Used lawfully, fairly and in a transparent way.
    • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    • Relevant to the purposes we have told you about and limited only to those purposes.
    • Accurate and kept up to date.
    • Kept only as long as necessary for the purposes we have told you about.
    • Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
    What data do we process?
    • Names, titles, and aliases, photographs.
    • Start date / leaving date
    • Contact details such as telephone numbers, addresses, and email addresses.
    • Where they are relevant to our legal obligations, or where you provide them to us, we may process information such as gender, age, date of birth, marital status, nationality, education/work history, academic/professional qualifications, employment details, hobbies, family composition, and dependants.
    • Non-financial identifiers such as passport numbers, driving licence numbers, vehicle registration numbers, taxpayer identification numbers, staff identification numbers, tax reference codes, and national insurance numbers.
    • Financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers.
    • Financial information such as National Insurance number, pay and pay records, tax code, tax and benefits contributions, expenses claimed.
    • Other operational personal data created, obtained, or otherwise processed in the course of carrying out our activities, including but not limited to, CCTV footage, recordings of telephone conversations, IP addresses and website visit histories, logs of visitors, and logs of accidents, injuries and insurance claims.
    • Next of kin and emergency contact information
    • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process and referral source (e.g. agency, staff referral))
    • Location of employment or workplace.
    • Other staff data (not covered above) including; level, performance management information, languages and proficiency; licences/certificates, immigration status; employment status; information for disciplinary and grievance proceedings; and personal biographies.
    • CCTV footage and other information obtained through electronic means such as swipecard records.
    • Information about your use of our information and communications systems.
    We use your personal data for some or all of the following purposes: –
    Please note: We need all the categories of personal data in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.
    • Making a decision about your recruitment or appointment.
    • Determining the terms on which you work for us.
    • Checking you are legally entitled to work in the UK.
    • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
    • Providing any contractual benefits to you
    • Liaising with your pension provider.
    • Administering the contract, we have entered into with you.
    • Management and planning, including accounting and auditing.
    • Conducting performance reviews, managing performance and determining performance requirements.
    • Making decisions about salary reviews and compensation.
    • Assessing qualifications for a particular job or task, including decisions about promotions.
    • Conducting grievance or disciplinary proceedings.
    • Making decisions about your continued employment or engagement.
    • Making arrangements for the termination of our working relationship.
    • Education, training and development requirements.
    • Dealing with legal disputes involving you, including accidents at work.
    • Ascertaining your fitness to work.
    • Managing sickness absence.
    • Complying with health and safety obligations.
    • To prevent fraud.
    • To monitor your use of our information and communication systems to ensure compliance with our IT policies.
    • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
    • To conduct data analytics studies to review and better understand employee retention and attrition rates.
    • Equal opportunities monitoring.
    • To undertake activity consistent with our statutory functions and powers including any delegated functions.
    • To maintain our own accounts and records;
    • To seek your views or comments;
    • To process a job application;
    • To administer councillors’ interests
    • To provide a reference.
    Our processing may also include the use of CCTV systems for monitoring purposes.
    Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
    • Where we need to perform the contract we have entered into with you.
    • Where we need to comply with a legal obligation.
    We may also use your personal data in the following situations, which are likely to be rare:
    • Where we need to protect your interests (or someone else’s interests).
    • Where it is needed in the public interest or for official purposes.
    How we use sensitive personal data
    • We may process sensitive personal data relating to staff, councillors and role holders including, as appropriate:
    ­ information about your physical or mental health or condition in order to monitor sick leave and take decisions on your fitness for work;
    ­ your racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation;
    ­ in order to comply with legal requirements and obligations to third parties.
    • These types of data are described in the GDPR as “Special categories of data” and require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.
    • We may process special categories of personal data in the following circumstances:
    ­ In limited circumstances, with your explicit written consent.
    ­ Where we need to carry out our legal obligations.
    ­ Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our pension scheme.
    ­ Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
    • Less commonly, we may process this type of personal data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
    Do we need your consent to process your sensitive personal data?
    • We do not need your consent if we use your sensitive personal data in accordance with our rights and obligations in the field of employment and social security law.
    • In limited circumstances, we may approach you for your written consent to allow us to process certain sensitive personal data. If we do so, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
    • You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
    Information about criminal convictions
    • We may only use personal data relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.
    • Less commonly, we may use personal data relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
    • We will only collect personal data about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.
    • Where appropriate, we will collect personal data about criminal convictions as part of the recruitment process or we may be notified of such personal data directly by you in the course of you working for us.
    What is the legal basis for processing your personal data?
    Some of our processing is necessary for compliance with a legal obligation.
    We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract.
    We will also process your data in order to assist you in fulfilling your role in the council including administrative support or if processing is necessary for compliance with a legal obligation.
    Sharing your personal data
    Your personal data will only be shared with third parties including other data controllers where it is necessary for the performance of the data controllers’ tasks or where you first give us your prior consent. It is likely that we will need to share your data with:
    • Our agents, suppliers and contractors. For example, we may ask a commercial provider to manage our HR/ payroll functions, or to maintain our database software;
    • Other persons or organisations operating within local community.
    • Other data controllers, such as local authorities, public authorities, central government and agencies such as HMRC and DVLA
    • Staff pension providers
    • Former and prospective employers
    • DBS services suppliers
    • Payroll services providers
    • Recruitment Agencies
    • Credit reference agencies
    • Professional advisors
    • Trade unions or employee representatives

How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is currently best practice to keep financial records for a minimum period of 8 years to support HMRC audits or provide tax information. We may have legal obligations to retain some data in connection with our statutory obligations as a public authority. The council is permitted to retain data in order to defend or pursue claims. In some cases, the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Your responsibilities
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
Your rights in connection with personal data
You have the following rights with respect to your personal data: –
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.

  1. The right to access personal data we hold on you
    • At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month.
    • There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
  2. The right to correct and update the personal data we hold on you
    • If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
  3. The right to have your personal data erased
    • If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
    • When we receive your request, we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
  4. The right to object to processing of your personal data or to restrict it to certain purposes only
    • You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request, we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
  5. The right to data portability
    • You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
  6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
    • You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
  7. The right to lodge a complaint with the Information Commissioner’s Office
    • You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
    Transfer of Data Abroad
    Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.
    Further processing
    If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing, if we start to use your personal data for a purpose not mentioned in this notice.
    Changes to this notice
    We keep this Privacy Notice under regular review and we will place any updates on our website parishes.lincolnshire.gov.uk/gainsborough/.
    Contact Details
    Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints to The Data Controller, Tom Clay, in the following ways:
    Address: Richmond House, Richmond Park, Morton Terrace, Gainsborough, Lincolnshire, DN21 2RJ
    Telephone: 01427 811573
    Email: parishes.lincolnshire.gov.uk/gainsborough/
  8. Privacy Policy

Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the personal data alone or in conjunction with any other personal data. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other local legislation relating to personal data and rights such as the Human Rights Act.
Council information
This Privacy Policy is provided to you by Gainsborough Town Council which is the data controller for your data.
• parishes.lincolnshire.gov.uk/gainsborough/
• Richmond House, Richmond Park, Morton Terrace, Gainsborough, Lincolnshire, DN21 2RJ
Who are the data controllers?
• Gainsborough Town Council
• Community groups
• Contractors
What personal is collected?
• Names, titles, and aliases, photographs;
• Contact details such as telephone numbers, addresses, and email addresses;
• Where they are relevant to the services provided by a council, or where you provide them to us, we may process demographic information such as gender, age, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants;
• Where you pay for activities such as use of a council hall, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers;
• The data we process may include sensitive personal data or other special categories of data such as racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received, political beliefs, trade union affiliation, genetic data, biometric data, data concerning and sex life or sexual orientation.
• Website data;
­ Information from syncing with other software or services
­ Interaction with social media
­ Information about payments
­ Access to social media profiles
­ Demographic information
• Information collected automatically from use of the service;
­ Device information (nature of device and/ or identifiers)
­ Log information (including IP address)
­ Location information
­ Device sensor information
­ Site visited before arriving
­ Browser type and or OS
­ Interaction with email messages
• Information from other sources;
­ Referral or recommendation programmes
­ Publicly accessible sources
• Information from cookies or similar technologies;
­ Essential login/authentication or navigation
­ Functionality – remember settings
­ Performance & Analytics – user behaviour
­ Advertising/retargeting
­ Any third-party software served on users
• Nature of any outbound communications with website users;
­ Email
­ Telephone (voice)
The council will comply with data protection law. This says that the personal data we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
We use your personal data for some or all of the following purposes:
• To deliver public services including to understand your needs to provide the services that you request and to understand what we can do for you and inform you of other relevant services;
• To confirm your identity to provide some services;
• To contact you by post, email, telephone or using social media (e.g., Facebook, Twitter, WhatsApp);
• To help us to build up a picture of how we are performing;
• To prevent and detect fraud and corruption in the use of public funds and where necessary for the law enforcement functions;
• To enable us to meet all legal and statutory obligations and powers including any delegated functions;
• To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments and generally as necessary to protect individuals from harm or injury;
• To promote the interests of the council;
• To maintain our own accounts and records;
• To seek your views, opinions or comments;
• To notify you of changes to our facilities, services, events and staff, councillors and role holders;
• To send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other new projects or initiatives;
• To process relevant financial transactions including grants and payments for goods and services supplied to the council, and;
• To allow the statistical analysis of data so we can plan the provision of services.
Our processing may also include the use of CCTV systems for the prevention and prosecution of crime.
What is the legal basis for processing your personal data?
The council is a public authority and has certain powers and duties. Most of your personal data is processed for compliance with a legal obligation which includes the discharge of the council’s statutory functions and powers. Sometime when exercising these powers or duties it is necessary to process personal data of residents or people using the council’s services. We will always take into account your interests and rights. This Privacy Policy sets out your rights and the council’s obligations to you in detail.
We may also process personal data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the use of sports facilities, or the acceptance of an allotment garden tenancy.
Sometimes the use of your personal data requires your consent. We will first obtain your consent to that use.
Sharing your personal data
The council will implement appropriate security measures to protect your personal data. This section of the Privacy Policy provides information about the third parties with whom the council will share your personal data. These third parties also have an obligation to put in place appropriate security measures and will be responsible to you directly for the manner in which they process and protect your personal data. It is likely that we will need to share your data with some or all of the following (but only where necessary):
• Our agents, suppliers and contractors. For example, we may ask a commercial provider to publish or distribute newsletters on our behalf, or to maintain our database software;
• On occasion, other local authorities or not for profit bodies with which we are carrying out joint ventures e.g. in relation to facilities or events for the community.
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 8 years to support HMRC audits or provide tax information. We may have legal obligations to retain some data in connection with our statutory obligations as a public authority. The council is permitted to retain data in order to defend or pursue claims. In some cases, the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
(i) The right to access personal data we hold on you
(ii) The right to correct and update the personal data we hold on you
(iii) The right to have your personal data erased
(iv) The right to object to processing of your personal data or to restrict it to certain purposes only
(v) The right to data portability
(vi) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
(vii) The right to lodge a complaint with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Transfer of Data Abroad
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a Privacy Notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this policy
We keep this Privacy Policy under regular review and we will place any updates on our website parishes.lincolnshire.gov.uk/gainsborough/.
Contact Details
Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints to The Data Controller, Tom Clay, in the following ways:
Address: Richmond House, Richmond Park, Morton Terrace, Gainsborough, Lincolnshire, DN21 2RJ
Telephone: 01427 811573
Email: parishes.lincolnshire.gov.uk/gainsborough/

  1. Subject Access Request Policy

What must I do?

  1. MUST: On receipt of a subject access request you must forward it immediately to the Town Clerk who is the Data Controller.
  2. MUST: We must correctly identify whether a request has been made under the Data Protection legislation.
  3. MUST: A member of staff, and as appropriate, councillor, who receives a request to locate and supply personal data relating to a SAR must make a full exhaustive search of the records to which they have access.
  4. MUST: All the personal data that has been requested must be provided unless an exemption can be applied.
  5. MUST: We must respond within one calendar month after accepting the request as valid.
  6. MUST: Subject Access Requests must be undertaken free of charge to the requestor unless the legislation permits reasonable fees to be charged.
  7. MUST: Councillors and managers must ensure that the staff they manage are aware of and follow this guidance.
  8. MUST: Where a requestor is not satisfied with a response to a SAR, the council must manage this as a complaint.
    How must I do it?
  9. Notify the Town Clerk who is the Data Controller upon receipt of a request.
  10. We must ensure a request has been received in writing where a data subject is asking for sufficiently well-defined personal data held by the council relating to the data subject. You should clarify with the requestor what personal data they need. They must supply their address and valid evidence to prove their identity. The council accepts the following forms of identification (* These documents must be dated in the past 12 months, +These documents must be dated in the past 3 months):
    o Current UK/EEA Passport
    o UK Photocard Driving Licence (Full or Provisional)
    o Firearms Licence / Shotgun Certificate
    o EEA National Identity Card
    o Full UK Paper Driving Licence
    o State Benefits Entitlement Document*
    o State Pension Entitlement Document*
    o HMRC Tax Credit Document*
    o Local Authority Benefit Document*
    o State/Local Authority Educational Grant Document*
    o HMRC Tax Notification Document
    o Disabled Driver’s Pass
    o Financial Statement issued by bank, building society or credit card company+
    o Judiciary Document such as a Notice of Hearing, Summons or Court Order
    o Utility bill for supply of gas, electric, water or telephone landline+
    o Most recent Mortgage Statement
    o Most recent council Tax Bill/Demand or Statement
    o Tenancy Agreement
    • Building Society Passbook which shows a transaction in the last 3 months and your address
  11. Depending on the degree to which personal data is organised and structured, you will need to search emails (including archived emails and those that have been deleted but are still recoverable), Word documents, spreadsheets, databases, systems, removable media (for example, memory sticks, floppy disks, CDs), tape recordings, paper records in relevant filing systems etc. which your area is responsible for or owns.
  12. You must not withhold personal data because you believe it will be misunderstood; instead, you should provide an explanation with the personal data. You must provide the personal data in an “intelligible form”, which includes giving an explanation of any codes, acronyms and complex terms. The personal data must be supplied in a permanent form except where the person agrees or where it is impossible or would involve undue effort. You may be able to agree with the requester that they will view the personal data on screen or inspect files on our premises. You must redact any exempt personal data from the released documents and explain why that personal data is being withheld.
  13. Make this clear on forms and on the council website.
  14. You should do this through the use of induction, my performance and training, as well as through establishing and maintaining appropriate day to day working practices.
  15. A database is maintained allowing the council to report on the volume of requests and compliance against the statutory timescale.
  16. When responding to a complaint, we must advise the requestor that they may complain to the Information Commissioners Office (“ICO”) if they remain unhappy with the outcome.
    Sample letters
    All letters must include the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom personal data has been or will be disclosed, in particular in third countries or international organisations, including any appropriate safeguards for transfer of data, such as Binding Corporate Rules or EU model clauses ;
    • where possible, the envisaged period for which personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • the right to lodge a complaint with the Information Commissioners Office (“ICO”);
    • if the data has not been collected from the data subject: the source of such data;
    • the existence of any automated decision-making, including profiling and any meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
    Replying to a subject access request providing the requested personal data
    “[Name] [Address]
    [Date]
    Dear [Name of data subject]
    Data Protection subject access request
    Thank you for your letter of [date] making a data subject access request for [subject]. We are pleased to enclose the personal data you requested.
    Include 1(a) to (h) above.
    Copyright in the personal data you have been given belongs to the council or to another party. Copyright material must not be copied, distributed, modified, reproduced, transmitted, published or otherwise made available in whole or in part without the prior written consent of the copyright holder.
    Yours sincerely”
    Release of part of the personal data, when the remainder is covered by an exemption
    “[Name] [Address]

[Date]

Dear [Name of data subject]

Data Protection subject access request

Thank you for your letter of [date] making a data subject access request for [subject]. To answer your request, we asked the following areas to search their records for personal data relating to you:

• [List the areas]
I am pleased to enclose [some/most] of the personal data you requested. [If any personal data has been removed] We have removed any obvious duplicate personal data that we noticed as we processed your request, as well as any personal data that is not about you. You will notice that [if there are gaps in the document] parts of the document(s) have been blacked out. [OR if there are fewer documents enclose] I have not enclosed all of the personal data you requested. This is because [explain why it is exempt].

Include 1(a) to (h) above.

Copyright in the personal data you have been given belongs to the council or to another party. Copyright material must not be copied, distributed, modified, reproduced, transmitted, published, or otherwise made available in whole or in part without the prior written consent of the copyright holder.

Yours sincerely”

Replying to a subject access request explaining why you cannot provide any of the requested personal data
“[Name] [Address]
[Date]
Dear [Name of data subject]
Data Protection subject access request
Thank you for your letter of [date] making a data subject access request for [subject].
I regret that we cannot provide the personal data you requested. This is because [explanation where appropriate].
[Examples include where one of the exemptions under the data protection legislation applies. For example, the personal data might include personal data is ‘legally privileged’ because it is contained within legal advice provided to the council or relevant to on-going or preparation for litigation. Other exemptions include where the personal data identifies another living individual or relates to negotiations with the data subject. Council staff will be able to advise if a relevant exemption applies and if the council is going to rely on the exemption to withhold or redact the data disclosed to the individual, then in this section of the letter the council should set out the reason why some of the data has been excluded.]
Yours sincerely”

  1. Data Breach Policy

GDPR defines a personal data breach as “a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”. Examples include:
• Access by an unauthorised third party
• Deliberate or accidental action (or inaction) by a controller or processor
• Sending personal data to an incorrect recipient
• Computing devices containing personal data being lost or stolen
• Alteration of personal data without permission
• Loss of availability of personal data

The Town Council takes the security of personal data seriously, computers are password protected and hard copy files are kept in locked cabinets.
Consequences of a personal data breach
A breach of personal data may result in a loss of control of personal data, discrimination, identity theft or fraud, financial loss, damage to reputation, loss of confidentiality of personal data, damage to property or social disadvantage. Therefore a breach, depending on the circumstances of the breach, can have a range of effects on individuals.
The Town Council’s duty to report a breach
If the data breach is likely to result in a risk to the rights and freedoms of the individual, the breach must be reported to the individual and ICO without undue delay and, where feasible, not later than 72 hours after having become aware of the breach.
If the ICO is not informed within 72 hours, the Town Council must give reasons for the delay when they report the breach.
When notifying the ICO of a breach, the Town Council must:
i. Describe the nature of the breach including the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned
ii. Communicate the name and contact details of the key contact
iii. Describe the likely consequences of the breach
iv. Describe the measures taken or proposed to be taken to address the personal data breach including, measures to mitigate its possible adverse affects.

When notifying the individual affected by the breach, the Town Council must provide the individual with (ii)-(iv) above.
The Town Council would not need to communicate with an individual if the following applies:
• It has implemented appropriate technical and organisational measures (i.e.encryption) so those measures have rendered the personal data unintelligible to any person not authorised to access it;
• It has taken subsequent measures to ensure that the high risk to rights and freedoms of individuals is no longer likely to materialise, or
• It would involve a disproportionate effort
However, the ICO must still be informed even if the above measures are in place.
Data processors duty to inform the Town Council
If a data processor (i.e. payroll provider) becomes aware of a personal data breach, it must notify the Town Council without undue delay. It is then the Town Council’s responsibility to inform the ICO, it is not the data processors responsibility to notify the ICO.
Records of data breaches
All data breaches must be recorded whether or not they are reported to individuals. This record will help to identify system failures and should be used as a way to improve the security of personal data.
Record of Data Breaches
Date of breach Type of breach Number of individuals affected Date reported to ICO/individual Actions to prevent breach recurring

To report a data breach use the ICO online system: https://ico.org.uk/for-organisations/report-a-breach/

  1. Document Retention Policy
    Introduction
    The Town Council recognises that the efficient management of its records is necessary to comply with its legal and regulatory obligations and to contribute to the effective overall management of the association. This document provides the policy framework through which this effective management can be achieved and audited. It covers:
    • Scope
    • Responsibilities
    • Retention Schedule

Scope
This policy applies to all records created, received or maintained by the Town Council in the course of carrying out its functions.
Records are defined as all those documents which facilitate the business carried out by the Town Council and which are thereafter retained (for a set period) to provide evidence of its transactions or activities.
These records may be created, received or maintained in hard copy or electronically.
A small percentage of the Town Council records may be selected for permanent preservation as part of the Councils archives and for historical research.

Responsibilities
The Town Council has a corporate responsibility to maintain its records and record management systems in accordance with the regulatory environment.
The person with overall responsibility for this policy is the Town Clerk & RFO. The person responsible for records management will give guidance for good records management practice and will promote compliance with this policy so that information will be retrieved easily, appropriately and timely.
Individual staff and employees must ensure that records for which they are responsible are accurate, and are maintained and disposed of in accordance with the Town Council’s records management guidelines.

Administrative Minimum Retention period Action Reason
Minute books Indefinite Preserve Archive
Signed council and committee minutes Indefinite. Preserve Common practice
Draft minutes Until the date of confirmation of the minutes Destroy Operational
Agendas Until there is no longer an administrative requirement. Review Operational
Reports and other documents circulated with agendas Until there is no longer an administrative requirement. Review Common practice
Councillors’ declarations of office and contact information 4 years or until they vacate office Destroy Operational
Register of electors Until there is no longer an administrative requirement Destroy Copies already in existence
Byelaws and orders Preserve one of each copy and transfer to local Archive once they become inactive Preserve Common practice
Policy documents Until there is no longer an administrative requirement. Destroy old versions. Review Operational
Title deeds more than 100 years old Indefinite.
Transfer to local Archive once they become inactive.
Preserve Audit/Management Common practice
Title deeds less than 100 years old Indefinite.
Transfer to local Archive for review once they become inactive.
Review Audit/Management Common practice
Property registers Indefinite.
Transfer to local Archive once they become inactive. Preserve Common practice
Maps, plans, and surveys of property owned by the council
Indefinite.
Transfer to local Archive once they become inactive Preserve Common practice
General correspondence and emails At end of useful life
Destroy Operational
Complaints 6 Years after resolution of complaint Destroy Operational
Planning applications and related papers One copy as long as required Review with the view to destroy Operational
Leases, agreements, contracts and wayleaves Indefinite Preserve Audit/Management
Parish council newsletter Indefinite.
Preserve Common practice
Routine internal correspondence and papers Until there is no longer an administrative requirement Review with the view to destroy Operational
Scale of fees and charges 6 years Destroy Operational
Employers’ liability insurance policies 40 years after expiry date Destroy Employers’ Liability
Act 1969
Employers’ Liability
Regulations 1998
Risk assessments Once superseded by a new risk assessment or once inactive Destroy Operational
Personnel Retention period Action Reason
Personnel files 6 Years after termination of service Destroy Management
Staff payroll information 3 years Destroy Management
Recruitment data

Successful

Unsuccessful

Add to personnel file

6 months after recruitment finalised plus current year Destroy Equalities Act
Financial Retention period Action Reason
Contracts 6 years after end of contract Destroy Limitation Act 1980
Scales of fees and charges 6 years Destroy Management
Receipt and payment accounts 6 years Archive VAT
Annual audited accounts
6 years. Archive Council financial regulations
Receipt books of all kinds 6 years Archive Council financial regulations
Bank statements including deposit/saving accounts 6 years Archive Council financial regulations
Bank paying-in books Last completed Audit year Destroy Council financial regulations
Cheque book stubs Last completed Audit year Destroy Council financial regulations
Paid invoices 6 years Destroy VAT
Council financial regulations
Paid cheques 6 years Destroy Limitation Act 1980
(as amended)
Council financial regulations
VAT records 6 years Destroy VAT Act 1994
VAT claims 6 years Destroy VAT Act 1994
Time sheets Last completed Audit year Destroy Council financial regulations
Wage books 12 years Destroy Superannuation &
Limitation Act 1980 (as amended)
Quotations and tenders (successful) 6 years after contract ends Destroy Limitation Act 1980
Quotations and tenders (unsuccessful) 2 years Destroy Operational
Insurance policies 6 years after policy ends Destroy Operational
Certificate for Insurance against liability for employees 40 years from date on which insurance commenced or was renewed. Preserve The Employers’
Liability (Compulsory Insurance)
Regulations 1998 (SI.
2753), Management
Investments Indefinite Preserve Audit, Management
Rooms, sports grounds and facilities Retention period Action Reason
Records relating to applications to:
• Hire;
• Letting diaries;
• Copies of bills to hirers;
• Records of tickets issued. 6 years Review with the view to destroy VAT
Council financial regulations
Allotments Retention period Action Reason
Register & Plans Indefinite Preserve Audit, Management
Burial Grounds Retention period Action Reason
• Register of fees collected;
• Register of Burials;
• Register of Purchased Graves;
• Register/plan of Grave Spaces;
• Register of Memorials;
• Applications for interment;
• Applications for right to erect memorials;
• Disposal certificates;
• Copy certificates of Grant of Exclusive Right of Burial. Indefinite Preserve Archives, Local
Authorities
Cemetery Order
1977 (SI. 204)
Miscellaneous Retention period Action Reason
Charity papers Until there is no longer an administrative requirement Review Operational
Photographs Until there is no longer an administrative requirement Review Operational
Any records predating the establishment of Parish Councils (1894), e.g. poor law, surveyors of the highway, tithe maps and apportionments, enclosure awards etc. Transfer to local Archive as soon as possible Preserve Common practice
Records of other bodies such as burial boards, charities, fire brigades, Home Guard unit, local society or ad hoc committee Transfer to local Archive once they become inactive Preserve Common practice
Reports, guides, handbooks etc received from other organisations Until there is no longer an administrative requirement Review with the view to destroy Operational

  1. Template Data Consent Form
    Your privacy is important to us and we would like to communicate with you about the council and its activities. To do so we need your consent. Please fill in your name and address and other contact information below and confirm your consent by ticking the boxes below.
    If you are aged 13 or under your parent or guardian should fill in their details below to confirm their consent
    Name
    Address

Signature
Date
Please confirm your consent below. You can grant consent to any or all of the purposes listed. You can find out more about how we use your data from our “Privacy Notice” which is available from our website or from the Council Offices (see header).
You can withdraw or change your consent at any time by contacting the council office.
• We may contact you to keep you informed about what is going on in the Council‘s area or other local authority areas including news, events, meetings, clubs, groups and activities. These communications may also sometimes appear on our website, or in printed or electronic form (including social media).
• We may contact you about groups and activities you may be interested in.
• We may use your name and photo in our newsletters, bulletins or on our website, or our social media accounts (for example Facebook or Twitter).
Keeping in touch:
• Yes please, I would like to receive communications by email.
• Yes please, I would like to receive communications by telephone.
• Yes please, I would like to receive communications by mobile phone (including texts).
• Yes please, I would like to receive communications by social media.
• Yes please, I would like to receive communications by post.

Frequently Asked Questions

Other Services

Key Services

Upcoming Meetings

Finances and Precept

Council Services

Policies and Procedures

Grants

Contact Us