Skip to content

Privacy Notice

These notices are all about your personal data, which is information that relates to an identified or identifiable living individual.

In our privacy notices we will tell you:

  • What personal data we process
  • How we collect your data and why we have it
  • What we do with it
  • What allows us to process your personal data
  • How long we will keep your data
  • Who we will share your data with

Stroud District Council is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z6903475.

You can view our contact details on the Contact Us page.

As we provide a range of services we have provided this general privacy notice, which relates to the Council as a whole, and also specific service area notices which detail how they process personal information. You will find these service area notices in the named department sections below.

We may collect and process the following types of personal information to deliver our services:

  • Name and contact details
  • Identifiers such as account numbers, national insurance numbers or copies of ID
  • Financial information including council tax accounts, rent accounts and banking details
  • Transactional information such as the details of your enquiries, service requests and complaints
  • Social circumstances, relationships and lifestyle such as employment status and household composition
  • Contractual information about the services we provide you
  • Location data when using our website
  • Communications data such as messages, letters and emails you’ve sent us
  • Images such as CCTV recordings, photographs and video
  • Business activities
  • Licenses or permits
  • Housing needs
  • Employment details
  • We sometimes need to collect more sensitive personal data to deliver a service. These special categories are:
    • racial or ethnic origin
    • political opinions
    • religious or philosophical beliefs
    • trade union membership
    • genetic data
    • biometric data (where used for identification purposes)
    • health
    • sex life
    • sexual orientation

The personal information we process is needed to deliver the District Council services. Most personal information is given to us directly by you through forms, in writing or when you speak to us. Our services have specific reasons to use your data which can be found in the service area privacy notices.

We may also receive personal information from third parties through referrals or actions you have taken elsewhere. You will be told if your data will be shared with us when you first provide your information.

We will only process your personal information if we have a lawful basis to do so. Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • We need it to perform a public task or legal obligation

Most of the services we provide are statutory responsibilities or we are required to provide them by law as public tasks.

  • Your consent

This is only used where we have no other legal basis but it’s important to be able to deliver a service to you. If you ask us to do something, your contact will be taken as your consent.

  • We have a contractual obligation

This may be where we employ you or we have a service contract in place such as a tenancy agreement.

  • We have a vital interest

This is usually an emergency where someone is at significant risk of harm.

  • We have a legitimate interest

This is where we need to process your information for a reason that doesn’t normally fall within our statutory services but there is a balance in favour of processing your information.

The specific basis will differ depending on the reason we process your data and you can see more in the service area notices.

We will make it clear when we require your consent to use your personal data. Once given, you have the right to withdraw your consent at any time however this may affect our ability to provide certain services to you. You can remove your consent by contacting us.

Please refer to our Data Protection Policy for further information about our commitment to using your personal data in accordance with data protection legislation.

To ensure we can deliver our services and resolve your enquiries we may need to share your information across our service areas or externally with partner organisations.

Where we share information, it will only be for a specific purpose and only for as long as is necessary.

The service area notices will tell you who we share your data with. External organisations that your information may be shared with include:

  • Agents or suppliers working on our behalf
  • Other local authorities
  • NHS organisations
  • Law enforcement agencies
  • Central Government
  • Department of Work and Pensions
  • Fraud prevention agencies
  • Credit reference agencies
  • DVLA
  • Information Commissioner’s Office
  • Court service
  • Charitable/volunteer organisations providing services on behalf of the Council
  • Solicitors acting on behalf of the Council.

The Council is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for auditing or administering public funds or where we are undertaking a public function to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises. The Council participates in the Cabinet Office’s National Fraud Initiative which is a data matching exercise to assist in the prevention and detection of fraud.  We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.  It does not require the data subject’s consent under data protection legislation.

Data matching by the Cabinet Office is subject to a Code of Practice. For further information about the Cabinet Office’s legal powers and the reasons why it matches particular information, please refer to their privacy notice.

In addition to this the council will use information provided to all council departments in local data matching exercises to assist in the prevention and detection of fraud.

We may share your personal data with individuals or organisations in countries outside the European Economic Area (EEA). We will only do this to follow your instructions or to comply with a legal duty. When this happens, there will be a contract in place to make sure the recipient organisation protects your data to the same standard as those countries within the EEA.

Depending on our reason for processing your data you may have rights under data protection law including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please Contact Us if you wish to make a request.

Your personal information is securely stored. To do this we use a combination of encryption, access controls and security training.

We keep personal data for as long as is necessary to provide you with our services and for any legal and regulatory requirements. We have a general document retention schedule and each service area privacy notice will include a separate schedule setting out their own document retention.

We will not generally use entirely automated decision-making or profiling and our decisions usually involve a level of human review.

However, if a decision about you is made by entirely automated means you have right to request that we do not make our decision based on the automated score alone and you can object to an automated decision and ask that a person review it.

Where a service area of the Council uses automated-decision making or profiling, this will be set out in their individual privacy notice.

If you have any questions about our privacy notices or want to make a complaint about how we use your personal information please contact us first.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

We keep this privacy notice under regular review to comply with changes in the law and any updates will be placed on this webpage.

Share this page