- Who we are
- What is personal information?
- What types of personal information do we collect?
- How do we collect personal information?
- Why do we collect personal information?
- Who might we share your personal information with?
- How long will we keep your personal information?
- What is our legal basis for using your personal information?
- Direct marketing
- How do we keep your personal information secure?
- Is your personal information used overseas?
- What are your rights?
- Contact us
This Privacy Notice explains types of personal information we may collect about you when you interact with us. It also explains how we will store and handle that information, as well as keep it safe and secure.
We will keep our privacy notice under regular review and will advise you of any updates on our website.
This Notice was last reviewed in May 2018.
2. Who we are
For the purposes of Data Protection legislation, South Tyneside Council is the Data Controller.
As Data Controller we must:
- use your personal information fairly and lawfully
- only use your personal information for the purposes it has been provided for, unless required to by law
- only collect as much personal information as needed for the services you require
- keep your personal information accurate and up to date
- only keep your information for as long as necessary
- use your personal information in accordance with your rights
- keep your personal information safe and secure
- not transfer your personal information outside the European Economic Area unless adequate levels of protection are in place
3. What is personal information?
Personal information is defined as any information which relates to a living individual who can be identified either:
- from the information we hold, or
- from the information combined with any other information which is already in the possession of, or likely to come into the possession of, the person or organisation holding the information
Personal information also includes any expression of opinions about an individual, and any indication of the intentions of the data controller (i.e. the Council) or any other person in respect of the individual.
4. What type of personal information do we collect?
We may collect the following types of personal information:
- Personal details such as names, addresses, telephone numbers
- Personality and character references
- Family, lifestyle and social circumstances
- Education and training details
- Employment details
- Financial details
- Pension details
- Goods or services provided
- Racial or ethnic origin
- Political opinions
- Sexual life
- Physical health or mental condition
- Information relating to health and safety
- Trade union membership
- Medical information
- Offences (including alleged offences)
- Criminal proceedings, outcomes and sentences
- Political affiliation of elected members
- Complaints, accidents, incident details
- Licences or permits held
- Business activities of an individual
- Sounds and visual images (such as CCTV images)
- Data and information from hospitals
- Information collected at the registration of a birth or death, including:
- Postcode of usual residence of the deceased
- Postcode of usual residence of the mother
- Postcode of the place of birth
- NHS Number
- Date of Birth
- Date of Death
- Maiden name
- Name of certifier
- Name of coroner
- Name of informant
- Cause of death
- Place of birth
If we need to collect personal information not covered in this list you will be informed by the service collecting your personal information.
5. How do we collect personal information?
We may collect your personal information in a number of ways, for example:
- Forms you have completed and given to us
- Contact you have made with us through our website, telephone, emails or letters you have sent to us, as well as contact made through social media sites operated by the Council
- CCTV images
- When you apply for a job vacancy
- When you enter a competition
- Referrals made to us from outside organisations
- Drop-in or consultation sessions
- We may also take photographs at our events, our properties and in our communities to use for general marketing and publicity. However, photographs of individuals will only be used for these purposes with consent.
6. Why do we collect your personal information?
South Tyneside Council has notified the Information Commissioner that personal information will be held and used for the following purposes:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Property management
- Leisure and cultural services
- Assessments and collection of taxes and other revenue
- Benefits, grants and loan administrations
- Statutory and regulatory functions including, planning, licensing, environmental health, and civil registration services
- Social services and direct care
- Crime prevention and prosecution of offenders
- Corporate functions
- Other non-commercial activities
- Other commercial services
- Administration of membership records
- Provision of career advice
- Information and administration
- Pensions administration
- South Tyneside Homes - administration
- Electoral registration
- A duty to improve the health of South Tyneside
- To understand more about the nature and causes of disease and ill-health in the area
- To understand more about the health and care needs in the area
7. Who might we share your personal information with?
We obtain and share personal information with a wide variety of sources, which include but are not limited to:
- Her Majesty's Revenue and Customs (HMRC)
- Home Office
- Child Support Agency (CSA)
- Central government, government agencies and departments
- Office of National Statistics (ONS)
- The Ministry of Housing, Communities and Local Government
- General Register Office
- Other local authorities and public bodies
- Ombudsman and other regulatory authorities
- Licensing authorities
- Financial institutes
- Credit Reference Agencies
- Utility providers
- Educational, training and academic bodies
- Health and welfare service providers
- Employment services
- Law enforcement agencies including the Police, the Serious Organised Crime Agency
- Emergency services
- Department for Work and Pensions (DWP)
- Department for Education
- Voluntary and charitable agencies
- The Assets Recovery Agency
- Individuals themselves or professionals appointed by the individual to act on their behalf
- Relatives, guardians or associated people with the individual (where there is a legal duty to)
- Data processors that work on behalf of the Council
- House providers
- Care organisations
- Language translation services, where it is necessary to translate any information into or from a foreign language for you
Individual services may share your personal information with other organisations which are relevant in order to provide the service they are carrying out on your behalf. In these instances the service area should inform you who they intend to share your personal information with.
8. How long will we keep your personal information?
We will only keep your personal information for as long as necessary. The Council is required to hold certain types of information for a statutory period. In other cases the Council may keep personal information for historical, statistical or research purposes.
At the end of the retention period, or the life of a particular record, it will be reviewed and deleted, unless there is any special reason for keeping it.
When individual Council services collect your personal information they should inform you how long they will keep it for.
9. What is our legal basis for using your personal information?
To use your personal information there must be a lawful basis to do this, such as, through a contract, performing a public task or where there is a legal obligation. Most of the Council's services will be processed as a public task set out in Article 6 (1) (e) of the General Data Protection Regulation:
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Some services may require your consent to process your personal information and where necessary, services will contact you about your consent.
The GDPR sets a high standard for consent to use people's information. Consent requires a positive opt-in. Pre-ticked boxes or any other consent method by default is no longer allowed.
Whilst the majority of information you provide to us is a mandatory requirement for us to provide services to you, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice about whether you need to provide the information and how your data is used. However, if you choose not to share your personal data with us in these circumstances, this may affect our ability to improve our services and our service offer to you as a customer.
If consent is the only legal basis used to process your personal information, you can withdraw your consent at any time. Consent can be withdrawn online, by email, telephone or face-to-face.
10. Direct Marketing
The Council may occasionally want to use your name and contact details to inform you of upcoming events, offers and services. If the Council wishes to use your personal information for these purposes we will always ask for your explicit consent before doing so.
Unless you are told otherwise, this information will not be shared with third parties and you can unsubscribe at any time by phoning 0191 427 7000, emailing email@example.com or by clicking the 'unsubscribe' button on our marketing emails.
You will always be asked to opt-in to direct marketing and this should always be a clear, affirmative action, such as ticking an opt-in box.
Any information you provide us for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.
11. How do we keep your personal information secure?
We recognise the professional responsibility we have to safeguard the information of individuals. The security of your personal information is important to us and we follow a range of security policies and procedures to ensure that access to, and use of your information is controlled and appropriate.
Some examples of our security measures include:
- Controlling access to Council systems and networks preventing any unauthorised access to your personal information
- Using encryption methods such as passwords so that only people with specific access rights can view it
- Pseudonymisation, meaning that we will change some personal details such as name, date of birth etc. so that someone with access to the data will not know whose personal information it belongs to
- Our staff are regularly trained in data protection to make them aware of their responsibilities when using personal information and how and when to report if something goes wrong
- We regularly test our technology and working practices to keep up to date on the latest security update
12. Is your personal information used overseas?
In most cases the Council will not process your personal information outside of the European Economic Area (EEA). In instances where your personal information needs to be transferred to a country or territory outside the EEA that country or country or territory must ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
13. What are your rights?
Your individual rights are set out in law. Subject to some legal exemptions, you have the following rights:
Right to be informed
You have the right to know about the collection and use of your personal information, including:
- Why it is collected
- How it is used
- Who it is shared with
- How long it is kept for
Right of access
You have the right to obtain a copy of your personal information and supplementary information to understand how and why we are your information and that we are using it lawfully. This is commonly known as a Subject Access Request (SAR).
Right to rectification
You have the right to have inaccurate personal information rectified. You also have the right to have incomplete personal information completed - although this may depend on the reasons for using your personal information.
Right to erasure
In certain circumstances you have the right to have your personal information erased. This is also known as the 'right to be forgotten'. The right to erasure does not apply to all cases such as complying with a legal obligation, performing a task set out in the public interest or for the establishment, exercise or defence of legal rights.
Right to restrict processing
You have the right to request the Council to restrict using your personal information in some circumstances. This may be because you are challenging the accuracy of the information and we are verifying the accuracy of the data. In most cases we will not need to restrict using your personal information indefinitely, but will need to have the restriction in place for a certain period of time.
Right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. Individuals also have the right to request that a controller transmits this data directly to another controller - this is commonly used for banking and insurance purposes when wanting to switch providers and is not commonly used by Councils.
Right to object
You have the right to object to the Council using your personal information. The right to object only applies in certain circumstances and requests to object using personal information will be considered on an individual basis. The Council will be unable to stop using personal information if it is needed to carry out a statutory function.
Rights in relating to automated decision making and profiling
Automated individual decision-making is a decision made by automated means without any human involvement. An example of this would be an online decision to award a loan. Profiling can be used to find out about individuals' preferences, predict behaviour or make decisions about people. The Council will not make any solely automated decisions on you that have any legal or similarly significant event on you.
14. Contact us
If you would like to exercise your rights in relation to your personal information, or you feel that something has gone wrong with your personal information, you can contact our Data Protection Officer (DPO) in either of the following ways:
By email: firstname.lastname@example.org
By telephone: 0191 424 6539
South Tyneside Council
Town Hall and Civic Offices
If you feel that the Council has not handled your information correctly you can contact the Data Protection Officer at the above contact details or the Information Commissioner's Office (ICO). The ICO is the Government's Independent Body responsible for overseeing data protection. In most cases the ICO will only review cases that have exhausted the Council's internal procedures.
The ICO's contact details are as follows: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. More information can be found on the ICO's website at www.ico.org.uk