[ skip to content]

Subscribe to updates
Data Protection

Data Protection and Privacy

What is data protection and Privacy?

The General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998 on 25th May 2018 and is legislation that sets out how we should manage and protect your personal information and it also provides you with various rights in relation to this information.

Information is classed as personal if it could identify you as an individual either directly or by adding information together.

North Lincolnshire Council is committed to protecting your privacy when you use our services and our Council Privacy Notice explains how we do this and how we use your information.

In addition we have created Privacy Notices for the different teams who use personal data that will be added in due course and these provide more information about why we are collecting your personal information and how we use it.  Links to these can be found in following Team Privacy Notices section.

We have also created a Data Protection and Confidentiality Policy [PDF, 481Kb] to explain how we will comply with the GDPR. 

We have a Data Protection Officer who helps us to look after your personal information and who will answer your questions about how we look after this information. Our Data Protection Officer is Phillipa Thornley and she can be contacted at customerservice@northlincs.gov.uk or by calling 01724 297000 and asking for your query to be directed to her.

What is personal data?

Personal Information - is any information relating to a natural person who can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or genetic information. 

Special Categories of Personal Data - relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. 

What does processing mean?

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller / Data Processor

Data Controller - means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws. 

Data Processor - means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

 We must ensure we abide by the six principles of the GDPR to ensure personal information is:

• Used in a lawfulness, fair and transparent way
• Collected for specified, explicit and legitimate purposes and not used in an incompatible way
• Adequate, relevant and limited to what is necessary
• Accurate and where necessary kept up to date
• Kept so that only identifies someone for no longer than is necessary
• Used in a manner that ensures appropriate security

 We are also responsible for, and must be able to demonstrate, compliance with these principles.

 Demonstrating compliance includes:

  • Adopting and implementing Data Protection policies;
  • Taking a ‘Data Protection by Design and Default’ approach;
  • Putting written contracts in place with organisations that process personal data on our behalf;
  • Maintaining documentation of our processing activities;
  • Implementing appropriate security measures;
  • Recording and, where necessary, reporting personal data breaches;
  • Carrying out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests;
  • Appointing a Data Protection Officer; and
  • Adhering to relevant codes of conduct and signing up to certification schemes.

The GDPR provide everyone with a series of rights as shown below. The first rights means we must keep you informed about how we are processing your personal information.  We are doing this by publishing a series of Team Privacy Notices.

An important part of these Privacy Notices is identifying the legal basis for the processing of your personal information.  The legal basis will be one of the conditions set out in Articles 6 of the GDPR and also a condition from Article 9 where special categories of personal data are being processed, as follows:

Article 6

  • Performance of a contract
  • Performance of a task or provision of a service in the public interest
  • To comply with a legal obligation
  • Protection of vital interests
  • Consent
  • Legitimate interests 

Article 9

  • Reasons of substantial public interest
  • Preventative or occupational medicine
  • Employment and Social Security
  • Public interest in area of Public Health
  • To establish, exercise or defend legal claims / courts acting in judicial capacity
  • Personal data made public by the Data Subject
  • Protection of vital interests
  • Consent
  • Archiving purposes, scientific or historical research or statistical purposes
  • Legitimate activities in relation to not for profit organisations with a political, philosophical, religious or trade union aim


Economy and Growth - Registrars [PDF, 516Kb]

Human Resources - HR (Employment) [PDF, 516Kb]                

Human Resources - Welfare Services [PDF, 415Kb]

Legal and Democracy - Electoral Registration [PDF, 418Kb]   

Waste and Public Protection - Trading Standards [PDF, 434Kb]


You can ask to access the information we hold about you

This is known as making a Subject Access Request (SAR) and is about you having the right to ask for personal information we have about you and the services you receive from us.

You can make a SAR request either verbally or in writing and requests are generally free of charge.  We would prefer you to make your request in writing so that we are clear about the information you would like to access.  We have created a Subject Access Request (SAR) Form [Doc, 145Kb] that can be printed to help with your request.

Generally other people cannot access your personal information, but in certain circumstances this may be permitted, such as where you have given written permission for someone else to make a request on your behalf or where you have parental responsibility.

When we respond some information might be withheld, such as where another person is referred to or where releasing the information is likely to compromise the prevention and detection of a crime.

Before making your SAR request please read our Access to Information Policy[PDF, 567 Kb] and  Subject Access Request Guidance Notes [Doc, 26Kb] that provide further detail.

Access to adoption records

Adults who have been adopted can request access to their original adoption files. Please see our adoption file access page for more information and to access the Adoption File Request Form.

You can ask us to change information you think is inaccurate

If you disagree with something written on your file please let us know.  We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree.

You can ask us to erase information (right to be forgotten)

In some circumstances you can ask for your personal information to be erased (deleted), such as:

  • Where your personal information is no longer needed for the reason it was collected

  • Where you have withdrawn your consent for us to use your information

  • Where there is no legal reason for the use of your information

  • Where deleting your information is a legal requirement

Sometimes we will refuse to delete your information, such as where we are required by law to keep it.  If your personal information has been shared with others we will do what we can to make sure they also comply with your request for erasure.

You can ask us to restrict what we use your personal information for

You can ask us to restrict using your personal information in some circumstances, such as:

  • Where you have told us you think information about you is inaccurate whilst we verify this

  • Where we have no legal reason to use that information but you have asked us to restrict what we use it for rather than erase it

  • Where you have objected to us using your personal information, whilst we verify this 

Whilst we are restricted from using your information we will not do anything  with it other than to store it unless:

  • We have your consent;
  • To establish, exercise or defend a legal claim;
  • To protect the rights of another person;
  • It is for reasons of important public interest.

You have the right to ask us to stop using your personal information for any council service, but if this request is approved this may cause delays or prevent us delivering a service to you.

If your personal information has been shared with others we will do what we can to make sure they are also aware of your request for restriction.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.  Sometimes we will refuse to comply with your request for restriction, such as where we are required by law to use your information.

You can ask us about data portability

You have the right to ask us for your personal information to be given back to you in a structured, commonly used machine readable format so that you can take it to another organisation.  This applies only to information you have given us, that we using in an automated way (excluding paper format) and where we are using it either on the basis of consent or for the performance of a contract. 

Generally we are using your data for reasons, such as a legal reason and in these instances data portability won’t apply.

You can object to us using your personal information

In some circumstances you can object to us using your personal information.

You have the absolute right to object to the processing of their personal data if it is for direct marketing purposes.

You can also object if the processing is for:

  • A task carried out in the public interest;
  • The exercise of official authority vested in you; or
  • Your legitimate interests (or those of a third party).

Rights in relation to automated decision making and profiling

You also have rights where we are processing you personal information in an automated way without human involvement or where we are carrying out profiling.  We identify on our Team Privacy Notices where this type of processing is taking place.


If you require assistance to make your request or about any other aspect of Data Protection or the General Data Protection Regulation (GDPR) please call our Customer Contact Centre on 01724 297000 or contact one of our Local Links, where your query will either be answered or passed on to the Data Protection Officer / Information Governance Team.

What to do if you are not happy

We aim to comply with the GDPR by meeting our organisational responsibilities and by responding to requests promptly and correctly.  However, if you have an issue or would like to make a complaint, please see our Information Complaints page.

When we have investigated if you are still dissatisfied your route of Appeal is to the Information Commissioner's Office (ICO) at www.ico.org.uk by completing the web contact form, by telephoning on 0303 123 1113 or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Contact details

01724 297000

Principal Information Governance Officer
North Lincolnshire Council
Civic Centre
Ashby Road
DN16 1AB

Opening hours

Monday to Thursday: 8.30am to 4.30pm

Friday: 8.30am to 4pm

Page last updated: 25 July 2018