Privacy notices

Redcar and Cleveland Borough Council privacy notices.

Guide contents

Corporate privacy notice

This Privacy Notice is designed to help you understand how and why Redcar and Cleveland Borough Council processes your personal data. This notice explains how we use and share your information. For more detailed information, please look at the privacy notice for individual services which may be given on their data collection forms, in a service leaflet or on our website. 

Who are we? 

Redcar and Cleveland Borough Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). The Council is registered with the Information Commissioner’s Office (ICO) as we collect and process data about citizens, service users and staff – Registration number Z6933517. 

There are some other services which involve Council systems and employees of Redcar and Cleveland Council. They have their own registrations with the ICO:

  • River Tees Port Health Authority (Z5678935)
  • Electoral Registration Officer and Returning Officer for Redcar and Cleveland Borough Council (Z573532X)
  • Registrar of Births, Deaths and Marriages Superintendent Registrar (Z202712X) 

What personal information do we collect?

Depending on the needs of the service and the purpose of processing, we may collect some or all of the following types of information:

  • Identity (name, date of birth, gender, passport, national insurance number, family details)
  • Contact (address, email address, telephone numbers)
  • Technical (IP address)
  • Social data (lifestyle, housing needs)
  • Financial data (bank account, payment card, transaction data, salary, benefits)
  • Business activities (employment, licences and permits held)
  • CCTV or visual images

Under certain circumstances we may need to process the following special categories of personal data:

  • Medical (physical or mental health details)
  • Race or ethnic origin
  • Trade union membership
  • Political affiliation or political opinions
  • Criminal offences (including alleged offences)
  • Religious or philosophical beliefs
  • Genetic or biometric data
  • Sexual orientation 

Why do we collect your personal information? 

We need to collect and hold information about you for the following purposes:

  • Deliver the activities and statutory functions we are required to carry out as a Council.
  • Confirm your identity and understand your needs so we can deliver services and provide support to customers and service users.
  • Make sure we meet our statutory obligations including those relating to equality and diversity.
  • Plan and manage Council services, including checking on the quality of services, developing future services and keeping track of spending.
  • Staff administration.
  • Advertising, marketing and public relations.
  • Property management.
  • Leisure and cultural services.
  • Assessment and collection of taxes, duties, levies and other revenue.
  • Administration of welfare benefits, grants and loan administration.
  • Provision of education and education support services.
  • Planning, Licencing, Registration and Regulation.
  • The provision of Social Services and Social Welfare.
  • Public Health including School Nursing and Health Visitor Services.
  • Crime prevention and detection.
  • To provide an Electoral Registration Service including the maintenance and publication of the Electoral Register and the Open Version of the Register.
  • To provide a Superintendent Registration Service.
  • To provide Port Health Services to businesses and individuals.
  • Data matching – as part of the National Fraud Initiative.
  • Other Commercial Services including insurance and claims, commercial refuse collection, sale of burial plots, provision of cemetery and crematoria services (commercial), administration of car parks, and operation of caravan sites.
  • Other Non-Commercial Services including administration of concessionary schemes, town twinning, cemetery and crematoria services (non-commercial), and maintenance of public grounds. 

Who do we share this information with or receive it from?

The Council will sometimes need to share your information with other parties that support the delivery of the service you may receive or to support the Council carry out any of its statutory functions. These providers are obliged to keep your details secure and use them only to fulfil your request. If we need to pass your sensitive or confidential information on to a third party, we will only do so where we have a lawful condition of processing. 

We may disclose information to other partners where it is necessary to comply with a legal obligation, or where permitted under the Data Protection Act (for example where disclosure is necessary for the prevention or detection of crime). We may disclose information, when necessary, to prevent risk of harm to individuals or where it is in your vital interest to do so. 

At no time will your information be passed to external organisations / partners for marketing or sales purposes or for any commercial use without your prior explicit consent. 

There are some Council services which are provided jointly with one or more local authorities within the Tees Valley (known as a shared service). For example, The Local Safeguarding Children Board, hosted by Middlesbrough Council, processes personal data in relation to the work of agencies across Middlesbrough and Redcar and Cleveland in accordance with their safeguarding responsibilities in relation to children. 

We may provide personal data or receive personal data from:

  • Customers and service users.
  • Family, associates or representatives of the person whose personal data we are processing.
  • Healthcare, social and welfare organisations.
  • Healthcare professionals.
  • Care home and care providers.
  • Local and central government bodies including the Home Office and the Department for Levelling Up, Housing and Communities.
  • Adoption agencies.
  • Housing associations and landlords.
  • Voluntary and charitable organisations.
  • Current, past and prospective employers.
  • Agency workers and contractors.
  • Consultants.
  • Trade unions.
  • Professional bodies.
  • The Disclosure and Barring Service.
  • Ombudsman and regulatory authorities.
  • Courts and tribunals.
  • Police forces.
  • Licencing authorities.
  • Lawful enforcement and prosecuting authorities.
  • MPs, Councillors and other elected representatives.

How long do we keep your information for?

The Council’s records retention and disposal schedule explains how long we normally retain different categories and types of information, including personal data. The law may also specify a minimum amount of time we have to retain certain information. 

What is our lawful basis for processing your information?

Data protection law permits us to use or share your personal data in any of the following circumstances:

  • When we have your (or your appointed representative’s) consent
  • Where we have a contract with you, or you have asked us to process your data prior to entering onto a contract.
  • When we are under a legal obligation that required us to process your personal data
  • When we are protecting your vital interests, or those of other persons.
  • Where the Council is carrying out a task or function in the public interest
  • Where we or another organisation has a legitimate interest and need to use information for a specific purpose that does not unjustifiably infringe on your rights or freedoms
  • Where it is necessary for the performance of a law enforcement task. 

Data protection law permits us to use or share special category data only in one or more of the following circumstances:

  • Where we have explicit consent
  • Where it is necessary for social care or health care purposes
  • Where it is necessary for the assessment of the working capacity of an employee
  • Where it is necessary for the vital interests of an individual and the individual is unable to consent because they are physically or legally incapable
  • Where it is necessary for employment and social security and social protection law
  • Where it is necessary for reasons of substantial public interest. 

We will also only process personal data about criminal convictions or offences when specific conditions provide lawful authority for us to process that data. 

Will personal data ever be transferred outside the United Kingdom?

In some circumstances we may need to transfer personal data (including sensitive personal data) to other organisations based outside the UK, including countries or territories which are outside the European Economic Area. When we do so we will ensure that procedures and technologies are in place to maintain the security of all personal data which is processed overseas. 

In some circumstances we may need to transfer your personal data to organisations in the USA. The EU and the USA have agreed a new Data Privacy Framework, specifying which US organisations provide adequate protection for data protection purposes. The UK – US Data Bridge permits UK organisations to transfer personal data to those organisations in the USA which have signed up to the Framework. 

If we transfer your data to US organisations which are not signed up to the Framework, we will continue to consider this a restricted transfer and ensure appropriate legal controls are in place to ensure the data transfer is safe and in keeping with UK regulatory requirements. 

How do we protect your information?

Our aim is not to be intrusive and we will not ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it cannot be seen, accessed or disclosed to anyone who should not see it. 

We have our own Information Governance Framework that includes a Data Protection Policy and a set of Information Security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly. 

We will not keep your information longer than it is needed or where the law states how long this should be kept. We will dispose of paper records or delete any electronic personal information in a secure way. 

National Fraud Initiative

To detect and prevent fraud or crime, we are required by law to protect the public funds we administer. We may use any of the information you provide us for the prevention and detection of fraud. We may also share this information with other bodies responsible for auditing or administering public funds, or where undertaking a public function, to prevent and detect fraud. This includes the Cabinet Office, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. 

Section 68 of the Serious Crime Act 2007 enables public authorities to disclose information for the purposes of preventing fraud, as a member of a specified anti-fraud organisation or otherwise in accordance with any arrangements made with such an organisation. 

Emergency Response Management 

Data matching may be used to assist the Council in responding to emergencies or major accidents by allowing the Council, in conjunction with the emergency services, to identify individuals who may need additional support in the event of, for example, an emergency evacuation. 

Customer Contact Records

We use a customer contact centre to log and co-ordinate customer telephone calls and emails to the ‘contact us’ address. Your basic customer record comprises of your name, address, date of birth, gender, contact details (telephone/email), information which can be used to confirm your identity, a summary of your contact with the Council, and indicator of the services used, and a customer reference number. This will not contain extensive details of the services you have received. 

Telephone calls, live chat and emails

We will inform you if we record or monitor any telephone calls you make to us. Calls made direct to, or from, our Customer Service Centre (01642 774 774) are recorded and kept for 12 months from the date of the call. We do not record any financial card details if you then make payments by telephone. If the call is transferred to a member of staff outside the Customer Service Centre, the recording ceases at the point of transfer. Calls are not recorded if telephoning direct to other service teams or alternative numbers. Calls are recorded for our record keeping of the transaction, for complaint investigation and for our staff training purposes.

Live chat is an alternative to the telephone. You may print or receive an email of your chat record each time. Chat is transcribed and a record kept for 12 months from the date of the recording. These records are kept for record keeping of the transaction, for complaint investigation and for our staff training purposes. 

If you email us, we may keep a record of your contact and your email address and the email for our record keeping of the transaction. We suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online forms and services. We may also use these records for complaint investigation and training purposes. 

Website 

If you are a user with general public access, our website (www.redcar-cleveland.gov.uk) does capture your personal information in the form of your computer’s IP address which is automatically recognised by the system. The system will further record personal information if you:

  • Subscribe to or apply for services that require personal information.
  • Report a fault and give your contact details for us to respond.
  • Contact us and leave your details for us to respond. 

We employ cookie technology to help log visitors to our website. A cookie is a string of information that is sent by a website and stored on your hard drive or temporarily in your computer’s memory. The information collected is used for the administration of the server and to improve the service provide by the website. No personal information is collected this way. You can reject the use of cookies, but you may be asked for information again, e.g., to participate in a survey. Further information including how to block cookies is located on our website Cookies | Redcar and Cleveland (redcar-cleveland.gov.uk)

This statement only covers the Council websites maintained by us and does not cover other websites linked from our site. 

My Account – Self Service 

We use a range of different systems, requiring a different username and password to sign in. we make sure these are kept secure in our systems, but you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computers and other applicable devices, and you agree to accept responsibility for all activities that occur under your account or password. 

Your Rights

You have a number of rights that you may exercise in relation to your personal data. Some of the rights do not apply automatically and may not be available in certain circumstances where a lawful exception applies. 

You have a right to access your personal data. You can request a copy of personal data that we hold about you and ask us to explain how we use your data. 

You have a right to object to processing of your personal data. You have an absolute right to stop your data being used for direct marketing. In other cases where the right to object applies, we may be able to continue using your data if we have a compelling reason for doing so. 

If we are relying on consent as the lawful basis to process your data you can withdraw your consent at any time, and we will stop further processing. 

  • You have a right to request the restriction or suppression of your personal data.
  • You have a right to have your personal data erased, if we no longer have a legitimate use for it. This right is sometimes called the ‘right to be forgotten’.
  • You have a right to rectification of your personal data if the information we hold in relation to you is inaccurate or incomplete. 

You have a right not to be subject to any decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. You can request human intervention or challenge any solely automated decision-making that significantly affects you. 

The Council has appointed a Data Protection Officer. Their contact details are:

Data Protection Officer

Redcar and Cleveland House

Kirkleatham Street

Redcar

TS10 1RT 

You can also contact the team by emailing InformationGovernance@redcar-cleveland.gov.uk or by calling 01642 774774

If you would like to request access to your personal data or exercise any of your other data protection rights, please contact the Information Governance Team:

Information Governance 

Redcar and Cleveland Borough Council

Redcar and Cleveland House

Kirkleatham Street

Redcar

TS10 1RT 

Email: InformationGovernance@redcar-cleveland.gov.uk 

Telephone: 01642 774 774 

You can seek advice and have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. You can contact them through the ICO website www.ico.org.uk, their helpline on 0303 123 1113, or in writing to:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF 

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice and the current version will be published on our website.