Under the Data Protection Act, we have a legal duty to protect any information collected from you. Only the minimum appropriate personal data is requested and held, and it's only kept as long as it's needed for the purpose. We won't pass personal information to other companies or individuals unless we are required by law.

You can request information on data held about you or, in certain circumstances, on behalf of a third party. A data access request is free of charge. If you want to find out what is held about you, complete a data subject access request form.

To help protect your information, you will be asked to create a customer account before making an online subject access request.

Subject access request form

Personal data

Personal data is defined as that which relates to a living individual who can be identified:

  • from those data, or
  • from those data and other information which is in the possession of, or likely to come into the possession of, the data controller,

It covers basic details such as name, address, telephone number, and date of birth, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Sensitive personal data

Examples include:

  • racial or ethnic origin
  • political opinions
  • religious or other beliefs of a similar nature
  • trade union membership
  • physical or mental health or condition
  • sexual life
  • offences (including alleged offences), and sentencing

Consent is required for the processing of both types of personal data, but it must be explicitly given in the case of sensitive data. Where we're asking you for sensitive personal data we will always tell you why and how it will be used.

Why we need to collect and store personal data

Simply put, to provide you with a service we need to collect personal data for correspondence purposes and/or detailed service provision. In any event, we're committed to ensuring that the information we collect and use is “fit for purpose” and doesn't constitute an invasion of your privacy. If we want to pass your sensitive personal data onto a third party, we'll only do so after we've obtained your consent, unless we're legally required to do so.

Sharing basic details across council services

To co-ordinate what we do for you properly, we aim to improve our centralised customer database, so that it acts as an intelligence hub for our services. This means, for example, that the system will report any change of address to other services in the council, so you won't have to repeat it every time you phone us up. Over time, we aim to have one master record containing your basic details, together with information about the nature of your transactions. You'll always have the right not provide the information. But remember that we're only collecting it to improve the services on offer to you.

Fraud prevention

We're required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

If you'd like to know more, or have any concerns about how your information is being processed, contact dataprotection@harrogate.gov.uk

Information on our privacy notice