This privacy notice explains how Ards and North Down Borough Council, (as a Data Controller), collects, uses and protects personal data that it holds.
Your personal data - what is it?
Personal data is any information relating to a living individual. An individual can be identified either directly through the information alone or in conjunction with any other information in the Council's possession or likely to come into its possession. The processing of personal data is governed by The Data Protection Act (DPA) 2018 ,UK GDPR (General Data Protection Regulation) and the Data Use and Access Act 2025 (DUAA) and the principles set out in them.
Who are we?
Ards and North Down Borough Council is the data controller for the purposes of this notice. This means it decides how your personal data is processed and for what purposes. More information about Council services can be found on this website.
How does the Council process your personal data?
The Council complies with its obligations under the UK GDPR, the principles of the DPA and the DUAA 2025, by:
Keeping personal data up to date;
Storing and destroying it securely;
Not collecting or retaining excessive amounts of data;
Protecting personal data from loss, misuse, unauthorised access and disclosure Ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA and GDPR, the Council has a legal duty to protect any personal data it collects. It will take all reasonable steps, including using technologies, to safeguard your data and keep strict security standards to prevent any unauthorised access to it.
What is the legal basis for processing your personal data?
The purpose for which the Council processes your personal data determines the lawful basis on which it relies. As a public authority, the Council will generally process personal data on one or more of the following lawful bases:
- Public task - where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Council, including the delivery of services or functions required by statute
- (Article 6(1)(e) UK GDPR)
- Legal obligation - where processing is necessary for the Council to comply with a legal obligation to which it is subject
- (Article 6(1)(c) UK GDPR)
- Contract - where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract
- (Article 6(1)(b) UK GDPR)
- Vital interests - where processing is necessary to protect your vital interests or those of another person, for example in a life‑threatening situation
- (Article 6(1)(d) UK GDPR)
- Consent - where you have given clear and explicit consent for the processing of your personal data. Explicit consent will be obtained where required for the processing of special category personal data
- (Articles 6(1)(a) and 9(2)(a) UK GDPR)
In limited circumstances, the Council may process your personal information where it is in your legitimate interests as a lawful basis for processing, however, this does not apply where the processing relates to the Council's statutory functions.
Where the purpose for processing your personal data changes, and the Council intends to rely on a different legal basis, you will be contacted by us in accordance with data protection legislation. Where applicable, you will be advised at the point of collection or within one month of the Council receiving information of the legal basis for the processing of your personal information.
Where processing is based on consent, you may be able to withdraw your consent to processing at any time. Please contact the Council's Data Protection Officer (contact details provided below), who will explain if your consent can or cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which your personal data was originally obtained, and the use to which it is to be put, it may be shared with other organisations. Personal data may be shared, where necessary, with other organisations that provide services on our behalf, for example, contractors who print and post events brochures.
In such cases, the personal data provided to that party is only the minimum necessary to enable them to provide services to you.
Personal data will only be disclosed to third parties where there is a lawful basis for doing so under data protection legislation. This may include:
- where the individual has given their explicit consent, including by way of written permission or a signed Third‑Party Authorisation Form (see Appendix 5);
- where disclosure is necessary for compliance with a legal obligation to which the organisation is subject;
- where disclosure is necessary for the performance of a contract with the individual, or to take steps at the individual's request prior to entering into a contract;
- where disclosure is necessary for the purposes of the organisation's legitimate interests, provided such interests are not overridden by the rights and freedoms of the individual.
How long do we keep your personal data?
The Council will only keep your personal data for as long as is necessary and for the purpose for which it is being processed, unless there is a legitimate reason for keeping it longer, for example, any legal requirement to keep data for a set time period. Where the Council does not need to continue to process your personal data, it will be securely destroyed, in line with the Council's Retention and Disposal Schedule.
Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data to:
- request a copy of the personal data which is held about you
- request that the Council corrects any personal data if it is found to be inaccurate or out of date
- request that your personal data be erased where it is no longer necessary for the Council to retain such data
- withdraw your consent to the processing
- request that the Council provides you with your personal data or ask that it be forwarded directly to another controller
- request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data
- object to the processing of personal data (where applicable)
- lodge a complaint with the ICO
You can access the personal information that is held about you by submitting a Data Subject Access Request (DSAR) to the Council. This request must be in writing and clearly specify the information you require and be made to the Data Protection Officer (contact details below).
Section 75 of the Northern Ireland Act 1998
1.1 Section 75 of the Northern Ireland Act 1998 (the Act) requires the Council to comply with two statutory duties:
Section 75 (1)
In carrying out our functions relating to Northern Ireland we are required to have due regard to the need to promote equality of opportunity between
- persons of different religious belief, political opinion, racial group, age, marital status or sexual orientation
- men and women generally
- persons with a disability and persons without
- persons with dependents and persons without.
Section 75 (2)
In addition, without prejudice to the obligations above, in carrying out our functions in relation to Northern Ireland we are required to have regard to the desirability of promoting good relations between persons of different religious belief, political opinion or racial group.
Complaints
The Council is committed to protecting your personal data and takes concerns about data protection seriously. How we handle your complaint depends on the issue raised.
Data Protection Complaints
If you believe the Council is using your personal data unfairly or unlawfully — for example, if it is inaccurate, retained for longer than necessary, shared inappropriately or processed without a lawful basis, you have the right to raise a complaint with the Council under the Data Protection Complaints Process. The Council will investigate your complaint and take action where necessary.
If your complaint relates to how we handled a Data Subject Access Request or another data subject rights request — such as delays or missing information — you may use the Data Protection Complaints process and an Internal Review will be convened. Details on how to do this will be provided in our response.
The Data Protection Complaint Process is here.
If you remain dissatisfied with the outcome, you can contact the Information Commissioner's Office (ICO).
Conduct of Data Protection staff
If your complaint is about the conduct or communication of a member of the Data Protection Team, it will be handled through the Council's Complaints Procedure.
Contacting the ICO
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: +44 (0)303 123 1113
Website: www.ico.org.uk
Privacy in relation to Planning
For information on how the Planning section look after your personal data please refer to the planning section of the website at Planning Privacy Policy
Household Recycling Centre Booking System Privacy Notice
For information on how the Household Recycling Centre (HRC) Booking System uses you personal date please read the HRC Booking System Privacy Notice
Social Media - Terms of Use
Ards and North Down Borough Council uses social media platforms as a means to communicate with residents within the Borough as well as promoting the area to those outside of it. Social media is monitored during office hours and House Rules apply to comments. Terms of Use/House Rules for Council social media channels
Books of Condolence
All comments on Books of Condolence will be subject to moderation, read more: Book of Condolence : Moderation Process
Data Protection Officer
You may contact the Data Protection Officer as follows.
By email at dataprotection@ardsandnorthdown.gov.uk
Phone: 0300 013 3333
Letter: The Data Protection Officer, Ards and North Down Borough Council, City Hall, The Castle, Bangor, BT20 4BT
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
You can choose to accept or decline cookies. You can usually modify your browser setting to decline cookies if you prefer. To find out more about cookies, including how to see what cookies have been set, visit About Cookies or All About Cookies | Online Privacy and Digital Security
Find out how to manage cookies on popular browsers:
Google Chrome
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer
Opera
Apple Safari
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics Opt-out Browser Add-on Download Page
Necessary
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
| Cookie | Duration | Description |
|---|---|---|
| PHPSESSID | session | This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. |
| exp_csrf_token | 2 hours | This cookie is used for the purpose of website security that is Cross-Site-Request forgery prevention. It is used to identify the trusted web traffic. |
| JSESSIONID | session | New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application. |
| ARRAffinitySameSite | session | This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. |
| ARRAffinity | session | ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user. |
| ASP.NET_SessionId | session | Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit. |
| __RequestVerificationToken | session | This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks. |
| cookieyes-consent | 1 year | CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. |
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
| Cookie | Duration | Description |
|---|---|---|
| exp_last_visit | 1 year | This cookie is used by the website Content Management System. This cookie is used to store the last visit date of the registered users. |
| exp_last_activity | 1 year | This cookie is used by the website Content Management System. This cookie is used to record the time of last page load. |
| exp_tracker | session | This cookie is used by the website Content Management System. This is a temporary cookie which expires when the visitor close the browser window. This cookie stores the last five pages viewed by the visitor for form or error message returns. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
| _gat_UA-* | 1 minute | Google Analytics sets this cookie for user behaviour tracking. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
Advertisement
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
| Cookie | Duration | Description |
|---|---|---|
| YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
| VISITOR_INFO1_LIVE | 6 months | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
| yt-remote-device-id | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt-remote-connected-devices | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt.innertube::requests | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
| yt.innertube::nextId | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
Uncategorised
Other uncategorised cookies are those that are being analysed and have not been classified into a category as yet.
| Cookie | Duration | Description |
|---|---|---|
| machine | session | No description available. |
| SERVERUSED | session | No description available. |
| VISITOR_PRIVACY_METADATA | 6 months | Description is currently not available. |
| session | session | No description available. |
