Corporate Privacy Notice
Who we are and what we do
Gateshead Council is a data controller under the Data Protection Act. We collect personal information to provide services and to meet our statutory obligations. This could be when you apply for or receive our services, live in or visit the borough, use our website or conduct business with the council.
Gateshead Council commits to protecting and respecting your privacy. This Privacy Notice explains the following:
- when and how we collect personal data
- what type of information is collected about you
- why we need your information
- who your information may be shared with
- how we process and use your personal information
- how we hold and keep personal information secure
- your rights in line with personal data protection regulations
Each service that we provide or you engage with also has its own Privacy Notice. These explain in detail how services use your information and the legal basis for this use.
We may change this Privacy Notice from time to time. Please keep checking this page to ensure that you're happy with any changes.
Please send your questions about our privacy practices by email to:
You can also write to:
Data Protection Officer
The council collects various types of your personal data. This depends on the services you receive and your contact with the council. Information collected can include:
- business activities
- contact details, including name, address, email address, telephone number
- date of birth
- employment details (when you apply for jobs)
- financial details for purposes of receiving or making payments
- housing information relating to your council tenancy
- information about your family
- IP address and information about what pages you access and when
- licences or permits held
- lifestyle, social and personal circumstances
- national identifiers such as NHS number and NI numbers
- proof of identity
- services you receive
- visual images, personal appearance and behaviour
We may also collect sensitive personal data that may include:
- criminal offences, proceedings, outcomes and sentences
- gender and sexual orientation
- offences (including alleged offences)
- physical or mental health details
- political affiliation and opinions
- racial or ethnic origin
- religious or other beliefs of a similar nature
- trade union membership
We may also record and monitor calls to our contact centre for quality and training purposes.
You can see more information on how we collection web usage information on our cookies page.
We need personal information for council services you apply for or agree to receive. In the case of some services, we have to use this information to meet our statutory obligations. We will only collect personal data when necessary. This collecting will conform with Data Protection legislation and our other statutory obligations.
We process your information for the following services and purposes:
- adults and children's social care services
- analysing council performance and service improvement and development
- bins, recycling and waste collection
- births, marriages and deaths
- blue badges
- building control applications
- business rates
- Council Tax
- crime and public safety
- health and wellbeing
- housing benefits
- information requests under Freedom of Information legislation, the Environmental Information Regulations, the General Data Protection Regulation and Data Protection Act
- landlord licensing
- parking permits
- planning applications
- school admissions and education services
- social housing needs
- voting and elections
- youth services
We also may use your information for the purposes of protecting council assets such as equipment, buildings or staff.
The lawful basis for the collection of personal information can be found in the service specific privacy notice. Most processing carried out for the purposes of the council's functions such as business administration or service development is processed on the basis of legitimate interest.
We have statutory obligations to collect, process and share personal or sensitive information. We can send information without consent to the following partners:
- central government, including DWP, HMRC, Home Office, Department of Education, Department of Health
- Disclosure and Barring Service
- housing associations
- HM Courts and Tribunals Service
- law enforcement agencies, including the Police and Crown Prosecution Service
- NHS (GPs, Hospital, Mental Health, ICBs)
- Office for National Statistics
- other councils
- voluntary sector
We send this information for the following purposes:
- assessment of any tax or duty
- collection of debt
- criminal or civil prosecution of offender
- delivering national government programmes and initiatives such as the Troubled Families programme
- health and wellbeing and public health
- improving services we deliver, or providing the services you agreed to receive
- national security
- prevention and detection of crime
- prevention of fraud
- protection, administration and management of public funds and public grant schemes
- protecting you or other individuals from serious harm
- public safety and law enforcement
- safeguarding of vulnerable adults and children
- supporting the national fraud initiative
- when required to do so by any court of law
We will do so where there is a lawful basis under the conditions set out in Data Protection legislation.
We also share your information with third-party service providers working on our behalf. These include data processors such as IT specialists, software and communications providers.
We only disclose personal information to third-party providers if necessary to service delivery. Our contracts ensure they keep your information secure and do not use it for any other purposes. This conforms to the Data Protection Act 2018 and General Data Protection Regulation (UK GDPR).
We never disclose personal information to third parties for marketing purposes without permission.
We may analyse personal information to improve services and for the following purposes:
- analysing our performance at delivering services to you
- analysing our service costs, to ensure better and more efficient use of public funds
- evaluating the health of Gateshead's population and so protecting and improving public health
- understanding what we can do for you and informing you of other relevant services and benefits
- understanding your needs and planning services accordingly
- undertaking statutory functions efficiently and effectively
Gateshead Council commits to use pseudonymised or anonymised information where practical. In most cases this is the default position.
Pseudonymisation replaces fields within personal data with one or more artificial identifiers. There can be a pseudonym for a collection of replaced fields or one per replaced field.
Anonymisation removes details (especially from medical test results) for statistical or other purposes.
Profiling and automated decision-making
Profiling is the processing of personal data to analyse or predict certain characteristics. For example, a person's economic and health situation, reliability, personal preferences or interests.
Automated decision-making is profiling carried out without any element of human review. For example, carrying out credit checks and searches to detect and reduce fraud.
We may use information from different services you engage with to create a single profile of you. This will help us understand your specific needs and ensure we provide correct and efficient services. This accurate record of personal data across all council services can include:
- date of birth
- email address
- changes in circumstances
We will use profiling only when necessary and where the law allows. This will be to provide the service you have agreed to receive or where there is a statutory obligation. However, we will notify you about profiling and where required we will seek your consent.
Marketing and e-newsletters
Your choices direct the method and type of communications from Gateshead Council. When you sign up for one of our newsletters, we will send emails informing you of our activities, news and events.
We may use tools to improve the effectiveness of our communications with you. This includes tracking if you open the emails we send and which links within a message you click. We can then refine future campaigns to ensure our emails are as relevant and useful as possible.
You can choose if you wish to receive information from us or not. If you no longer want to receive e-newsletters, there is an 'unsubscribe' link at the bottom of our emails. You can find out more on our e-newsletters page.
Upon visiting our websites, we will use third party service providers to collect technical information from your device including standard internet log information such as the Internet Protocol (IP) address, your browser type and version, and certain page interaction information.
We use Hotjar to better understand our users' needs and to optimise the website. Hotjar is a technology service that helps us understand our users' experience. For example, how much time they spend on which pages, which links they select, what users do and don't like. This enables us to build and maintain our service with user feedback.
- browser information
- ndevice IP address (captured and stored only in anonymised form)
- device screen size
- device type (unique device identifiers)
- geographic location (country only)
- preferred language used to display our website
You can opt out of user profile creation, Hotjar's storing of data about your usage of our site and Hotjar's use of tracking cookies on other websites. Follow this opt-out link.
How long we keep your information
We review our retention periods of the information we hold about you on a regular basis. We must hold some types of personal information to fulfil our statutory obligations.
We will hold your personal information on our systems as long as is necessary for the activity or service provided, or as required by law. See individual services' Privacy Notices to learn how long they hold your information.
How we protect your personal information
Any information held by the council about individuals is held securely and in compliance with the Data Protection Act 2018 and GDPR. Information is held electronically on secure servers and cloud storage solutions. Paper records are stored securely in accordance with council policies and procedures.
Gateshead Council is committed to protecting its service users' personal data. Our data measures ensure best practice for staff, service providers, partners and suppliers. Measures are lawful and follow rules and practices known as Information Governance (IG).
The information security measures we've put in place include:
- encrypting all our electronic devices and sensitive information that is transmitted
- following good IG practice and the law for collecting, handling and giving access to information
- holding information for no longer than required and disposing of it securely
- permitting access to your information only to those who need to know and where it is necessary
- putting processes in place to ensure good IG practices for information we collect, hold or handle in both manual and electronic forms
- training staff in their data protection responsibilities
The UK GDPR provides the following rights for individuals:
1. The right to be informed
You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the UK GDPR. This includes our purposes for processing your personal data, our data retention periods, and who we share it with. We must provide privacy information to you at the time we collect your personal data.
2. The right of access
You have the right to access and receive a copy of your personal data, and other supplementary information. This is commonly referred to as a subject access request or 'SAR'. Individuals can make SARs verbally or in writing.
3. The right to rectification
You have the right to have inaccurate personal data rectified, or completed if incomplete. You can make a request for rectification verbally or in writing. In certain circumstances we can refuse a request for rectification. This right is closely linked to the controller's obligations under the accuracy principle of the UK GDPR (Article (5)(1)(d)).
4. The right to erasure
You have the right to have personal data erased. This is also known as 'the right to be forgotten'. The right is not absolute and only applies in certain circumstances. Individuals can make a request for erasure verbally or in writing.
5. The right to restrict processing
You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing.
6. The right to data portability
You have the right to obtain and reuse your personal data for your own purposes. It allows you to move, copy or transfer personal data. Safe and secure transfer from one IT environment to another enables use of other applications and services. For example, to find you a better deal or help you understand your spending habits. The right only applies to information an individual has provided to a controller.
7. The right to object
You have the right to refuse the processing of your personal data in certain circumstances. You have an absolute right to stop use of your data for direct marketing. You can make an objection verbally or in writing. You may not be able to object to the holding, using or sharing of your information under certain circumstances. Examples include:
- where we have a duty to safeguard a vulnerable adult or a child
- where data is required for the prevention and detection of crime
- where we are required to fulfil our statutory obligations
8. Rights in relation to automated decision-making and profiling
The UK GDPR also has provisions on:
- automated decision-making - decisions made solely by automated means without any human involvement
- profiling - automated processing of personal data to evaluate certain things about an individual (can be part of an automated decision-making process)
Article 22 of the UK GDPR also has rules protecting you from legal or significant effects of solely automated decision-making.
If you would like to exercise your information rights or need any more information about them, please contact:
Data Protection Officer
DPOcouncil@gateshead.gov.uk 0191 433 3000
Information Commissioner's Office
The Information Commissioner is the UK's independent body set up to uphold information rights.
For privacy practices or data protection rights concerns, contact the Information Commissioner's Office:
Information Commissioner's Office
0303 123 1113 or 01625 545 745
How you can update your information
Our delivery of relevant and efficient services depends on the accuracy of your information.
please inform the service you are accessing of any changes to the following:
- postal address
- email address
- personal circumstances
- any of the other information we hold
The terms of this Privacy Notice may change, so please recheck periodically.
Last modified September 2023