We may need to collect your personal data to provide the services that you want. We also collect personal data for purposes like Council Tax or Electoral Registration, because the law says that we must. What we can and can't do with your data is set out in the Data Protection Act 2018 and the General Data Protection Regulation, which came into force on 25 May 2018.
Sometimes we collect personal data for one council service and need to use it to give you another service. We may also use it for prevention and detection of fraud.
We will keep your personal data safe and secure. We will not share it with other organisations without your knowledge, unless we are required by law to do so.
Gateshead Council is a data controller and we are required to register as such. To view our registration entry, please visit the Information Commissioner's Office (ICO) Data Protection Register and enter Z4824725.
The Data Protection Principles
The Act is based on six legally enforceable principles that organisations and individuals must apply when they process your personal data. The Act states that all personal data must:
- be processed fairly and lawfully
- only be obtained and processed for specified and lawful purposes
- be limited to only what is required for the purpose for which it is being collected
- be accurate and, where necessary, kept up to date
- not be kept longer than necessary
- be kept secure
What personal data is
Personal data is any data which, on its own or referenced against other data held by the organisation, can be used to identify a living individual. It now also includes biometric data and IP addresses.
This includes all the obvious details the council might hold about you like name, address, Council Tax reference number or rent payment records. It might also include expressions of opinion about you and the council's intentions towards you. Some data can be personal even if it refers to more than one individual, like joint tenancies or Council Tax assessment records.
The Act recognises that some types of personal data are more sensitive than others. There are extra rules for processing data about your ethnic origin, religious beliefs, trade union membership, party political opinions, sexuality, health, biometric and genetic data and involvement in court proceedings.
What processing personal data means
Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. The amount of personal data we have about you and how we process it depends on which council services you use.
Sometimes we collect personal data for one council service and need to use it to give you another service. We will always try to tell you if we share your personal data between different council services.
We often take photographs of people attending public events like athletic events at Gateshead International Stadium to use in publications like Council News or our popular series of free postcards.
Occasionally we take photographs of people using our services, for promotional leaflets or other publicity purposes. If you can be identified from this type of photograph we will explain why we want it and ask for your consent beforehand.
We may use the information you give us when you use council services for research or statistical purposes and to help us plan for the future, but we will not include any personal data in our reports and plans.
Who processes your personal data
Council members and employees can access and process your personal data for their official council duties, but only the data needed for a specific purpose. They must not disclose your personal data to anyone else without your knowledge, unless they are legally obliged to do so.
If you make a complaint about council services or sign a petition that is presented to the council your personal data may be shared with your local Ward Councillors, Cabinet members and council employees working in the service concerned.
You can write and ask us to stop processing your personal data at any time. You must explain what processing you want us to stop and why. We must reply within 21 days to let you know what we have done about your request. However this is not an absolute right and in some circumstances we are required to process your data even if you may not want us to for example safeguarding or child protection.
How to access your personal data
The Data Protection Act gives you a general right of access to personal data that relates to you. Access requests must include enough information to locate the data requested and proof that you are the data subject.
You do not have to make the request in writing but we do provide a subject access form, which is available by clicking the link at the bottom of the page. This form is designed to help you give us the information we need to find your personal data but you do not have to use it. You can make a request by telephone or send a letter, or e-mail to the council's Information Rights Officer if you prefer.
Data controllers like the council must respond within a calendar month confirming:
- a description of the personal data
- why the data is held
- who else the data might have been given to
- a copy of the data
- an explanation of any technical terms or abbreviations
- any information about the original source of the data
This timescale can be extended by another two months, but if that is the case we have to tell you within one month that we are extending the timescale.
We can withhold some data if it refers to other people who have not consented to disclosure, if disclosure might cause serious harm to you or anyone else or might prejudice crime prevention or court proceedings. Even if we cannot provide you with copies of the data, we will confirm what type of data we hold and why we hold it.
Other people's personal data
You only have the right to access your own personal data. You do not have the right to access personal data about other members of your family, your friends or your neighbours unless:
- you are a parent asking to see your child's education or social services records
- you have written proof of your authority to act on behalf of someone else
Even if you meet these requirements we may need to ask you for more information before we reply or refuse access because of our duty to keep personal data confidential.
Obtaining personal data from council sources for an unauthorised purpose or unauthorised disclosure to a third party are offences under the Act.
How to be sure your data is accurate
The best way to be sure is to let us know about any changes in your circumstances that might affect the services we provide to you.
Under the Data Protection Act the council must try to keep your personal data accurate and up to date. If you think that your personal data is incorrect you can write telling us why and asking us to correct the data. We must reply within one month to let you know what we have done about your request, we can extend this by another two months but we have to tell you within one month.
If we agree that your personal data is incorrect we will put this right. If we do not agree we will add a note to your file that you disagree with our version of the data.
We can also add a note to any file containing data about you (including opinions or accusations) received from a third party if you think it is incorrect or inaccurate.
The regulations provide you with a number of new rights for details of what these new rights are and how to exercise those rights please see the information leaflet at the bottom of this page.
If you have any questions about your rights under the Data Protection Act 2018 or want to make a subject access request please contact the Council's Information Rights Officer.
You can also get information leaflets from the Information Commissioner's web site at www.gov.uk/data-protection or by telephone on 01625 545745.
Information Rights Officer
0191 433 3000