Corporate Privacy Notice
Learn how and why Gateshead Council collect data and how we keep it safe.
Gateshead Council is a data controller under the Data Protection Act as we collect and process personal information about you in order to provide public services and meet our statutory obligations. Please see below 'Why we need your information', for a full description of the public services in which we may use your personal data.
Gateshead Council is committed to protecting and respecting your privacy. Through this Privacy Notice we have sought to be as transparent as possible to fully explain how your personal data is held and processed.
This Privacy Notice explains when and why we collect personal information about people who engage or come into contact with us, whether via applying or receiving our services, living or visiting the borough or our website. Upon visiting our websites, we will use third party service providers to collect technical information from your device including standard internet log information such as the Internet Protocol (IP) address, your browser type and version, and certain page interaction information.
This notice explains how we collect, use and share your information and how long we keep it, and how we keep it secure.
Each service that we provide or you engage with also has its own Privacy Notice to explain in more details how they use your information and the legal basis for using the information.
We may change this Privacy Notice from time to time so please check this page regularly to ensure that you're happy with any changes.
Any questions regarding our privacy practices should be sent by email to:
Data Protection Officer
0191 433 3000
What type of information is collected about you
The council may collect various types of personal data about individuals depending on the services you receive and your contact with the Council, such as your:
- contact details; including name, address, email address, telephone number.
- date of birth
- proof of identity
- national identifiers such as; NHS number and NI numbers
- information about your family
- IP address and information regarding what pages are accessed and when
- lifestyle, social and personal circumstances
- the services you receive
- financial details for purposes of receiving or making payments
- employment details (when you apply for jobs)
- housing information relating your Council tenancy
- visual images, personal appearance and behaviour
- licenses or permits held
- business activities
We may also collect sensitive personal data that may include:
- physical or mental health details
- racial or ethnic origin
- gender and sexual orientation
- trade union membership
- political affiliation and opinions
- offences (including alleged offences
- religious or other beliefs of a similar nature
- criminal proceedings, outcomes and sentences
We may also record and monitor telephone calls to our Contact Centre for quality and training purposes.
Upon visiting our website, cookies are used to collect information about website usage.
You can see more information on how we collection web usage information on our cookies page.
Why we need your information
We need your personal data in order to provide you with Council services that you apply for or receive from us and also for where we are required to use information in order to meet our statutory obligations. We will only collect personal data that is absolutely necessary and any information we collect about you will be strictly in accordance with the Data Protection legislation and other statutory obligations which we are bound by.
We process your information for the following services:
- council tax
- business rates
- housing benefits
- social housing needs
- parking permit
- blue badge
- adults and children's social care services
- planning applications
- building control applications
- landlord licensing
- voting and elections
- school admissions and education services
- youth services
- birth, marriages and deaths
- health and wellbeing
- bins, recycling and waste collection
- crime and public safety
In most cases the information will be collected and used where we have statutory obligations to collect use or share your information or where you have consented or agreed to receive a service.
You will be advised of any additional purposes or uses at the time the information is collected or used.
Who your information may be shared with
The Council has statutory obligations to collect, process and share personal or sensitive personal information without consent, with our partners such as the NHS, housing associations, schools, central government, such as DWP, HMRC, Home Office, Department of Education, Department of Health, other councils and law enforcement agencies such as the Police and the Crown prosecution service, for the following purposes:
- health and wellbeing and public health
- safeguarding of vulnerable adults and children
- the prevention and detection of crime
- the assessment of any tax or duty
- collection of debt
- if we are required to do so by any court or law
- prevention of fraud
- the national fraud initiative
- protect you or other individuals from serious harm
- protect public funds
- public safety and law enforcement
- criminal or civil prosecution of offender
- national security
We may also share your information with our partners to deliver national government programmes and initiatives such as the Troubled Families programme, or improving services we deliver, or provide the services you agreed to receive. We may share with:
- NHS (GPs, Hospital, Mental Health, ICBs)
- voluntary sectors
- central government
- other council
- housing associations
In most cases this will be done where there is a lawful basis under the conditions set out in the Data Protection Legislation.
We may also share your information with third party service providers working on our behalf for the purposes of completing tasks and providing services to you on our behalf (for example; domiciliary care providers). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure, as required by the Data Protection Act 2018 and General Data Protection Regulation (UK GDPR), and not to use it for any other purposes.
We will never use or share your personal information to third parties for marketing purposes without your permission.
How long we keep your information
We review our retention periods of the information we hold about you on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations.
We will hold your personal information on our systems for as long as it is necessary for the relevant activity or service that we provide to you, or as required by law. Please see the individual service Privacy Notices to find out more about how long your information is held by each service.
Marketing and e-newsletters
Gateshead Council always acts upon your choices around what type of communications you want to receive and how you want to receive them. Where you have signed up for one of our newsletters, we use email newsletters to inform you of what we're doing, news and events.
Tools may be used to help us improve the effectiveness of our communications with you, including tracking whether the emails we send are opened and which links are clicked within a message. This helps us to improve and refine future email marketing around our campaigns and make sure all our emails are relevant and as useful as possible.
You have a choice about whether or not you wish to receive information from us. If you no longer want to receive our e-newsletters, then you can do this by clicking the unsubscribe link on every email. You can find out more on our e-newsletters page.
Business intelligence, profiling and automated decision making
We may analyse your personal information to improve services and for the following purposes:
- undertake statutory functions efficiently and effectively
- service planning by understanding your needs to provide the services that you request
- understanding what we can do for you and inform you of other relevant services and benefits
- help us to build up a picture of how we are performing at delivering services to you and what services the people of Gateshead need
- analysis of costs and spend of services we provide so that we can ensure better and efficient use of public funds
- evaluating, monitoring health of the Gateshead population and protecting and improving public health
The Council is however committed to using pseudonymised or anonymised information as much as is practical, and in many cases this will be the default position.
Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.
Anonymisation is the process of removing identifying particulars or details from (something, especially medical test results) for statistical or other purposes.
Profiling and automated decision making
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, to analyse or predict aspects concerning that person's economic and health situation, reliability, personal preferences and interests..
Automated-decision making means any processing that is carried out by automated means without any human review element in the decision-making. For example, carrying out credit checks searches to detect and reduce fraud.
We may use your information from the different services that you engage with to create a single view and profile of you, which will help us to better understand your specific needs and ensure we are providing the right and efficient services to you in accordance with your needs as well as ensure that we hold one accurate record of your basic personal data across all our Council services; such as your name, date of birth, address, email address, or change in circumstances.
Profiling will be carried out only when it is necessary in order to provide you with the service you have agreed to receive or where the Council has a statutory obligation or where the law allows. However, we will notify you where we would do this and where required we will seek your consent.
You can opt-out of the creation of a user profile, Hotjar's storing of data about your usage of our site and Hotjar's use of tracking cookies on other websites by following this opt-out link.
Protecting your information
Any information held by the council about individuals is held securely and in compliance with the Data Protection Act 2018 and GDPR.
Gateshead Council is committed to protecting its service user's personal data. We have put measures in place to ensure that our staff, service providers, partners and suppliers all look after your information in line with good practice and the law. These follow the rules and practices known as Information Governance (IG).
The information security measures we've put in place include:
- following good Information Governance practice and the law when it comes to collecting, handling and giving access to information
- training staff in their data protection responsibilities
- putting processes in place to ensure good Information Governance practices for information we collect, hold or handle in both manual and electronic forms
- access to your information is only given to those who need to know and where it is necessary
- information will not be held for longer than required and will be disposed of securely
- we encrypt all our electronic devices and sensitive information that is transmitted is encrypted
How you can update your information
The accuracy of your information is important to us to be able to provide relevant services more quickly. If you change your address or email address, or if any of your circumstances change or any of the other information we hold is out of date, please inform the service you are receiving services from.
Your information rights
The UK GDPR provides the following rights for individuals:
1. The right to be informed
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR. This 'privacy information' includes our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with. We must provide privacy information to individuals at the time we collect their personal data from them.
2. The right of access
Individuals have the right to access and receive a copy of their personal data, and other supplementary information. This is commonly referred to as a subject access request or 'SAR'. Individuals can make SARs verbally or in writing.
3. The right to rectification
The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. An individual can make a request for rectification verbally or in writing. In certain circumstances we can refuse a request for rectification. This right is closely linked to the controller's obligations under the accuracy principle of the UK GDPR (Article (5)(1)(d)).
4. The right to erasure
The UK GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as 'the right to be forgotten'. The right is not absolute and only applies in certain circumstances. Individuals can make a request for erasure verbally or in writing.
5. The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing.
6. The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits. The right only applies to information an individual has provided to a controller.
7. The right to object
The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. An individual can make an objection verbally or in writing. You may not be able to object to your information being used, held, or shared under certain circumstances. For example, where we have a duty to safeguard a vulnerable adult or a child, or the prevention and detection of crime, or where we are required to fulfil our statutory obligations.
8. Rights in relation to automated decision making and profiling.
The UK GDPR has provisions on:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
Article 22 of the UK GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.
Where you would like to exercise your information rights or require any more information about your rights please contact:
Data Protection Officer
0191 433 3000
Information Commissioner's Office
The Information Commissioner is the UK's independent body set up to uphold information rights.
If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner's website.If you have any concerns regarding our privacy practices or about exercising your Data Protection rights, you may contact the Information Commissioner's Office:
Information Commissioner's Office
0303 123 1113 or 01625 545 745
The terms of this Privacy Notice may change, so please recheck periodically.
Last modified February 2023