Skip to content

Privacy Notice

These notices are all about your personal data, which is information that relates to an identified or identifiable living individual.

Stroud District Council is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z6903475.

Stroud District Council has a Data Protection Officer (DPO) who can be contacted using the contact us page or by emailing data.protection@stroud.gov.uk

As we provide a range of services this general privacy notice relates to the Council as a whole. You can find additional information about how specific service areas process your personal information in the 'Service Area Notices' section below.

We have published a copy of our retention schedule in PDF format and the raw data is available in a spreadsheet version.

We may collect and process the following types of personal information to deliver our services:

  • Name and contact details
  • Identifiers such as account numbers, national insurance numbers or copies of ID
  • Financial information including council tax accounts, rent accounts and banking details
  • Transactional information such as the details of your enquiries, service requests and complaints
  • Social circumstances, relationships and lifestyle such as employment status and household composition
  • Contractual information about the services we provide you
  • Location data when using our website
  • Communications data such as messages, letters and emails you’ve sent us
  • Images such as CCTV recordings, photographs and video
  • Business activities
  • Licenses or permits
  • Housing needs
  • Employment details
  • We sometimes need to collect more sensitive personal data to deliver a service. These special categories are:
    • racial or ethnic origin
    • political opinions
    • religious or philosophical beliefs
    • trade union membership
    • genetic data
    • biometric data (where used for identification purposes)
    • health
    • sex life
    • sexual orientation

The personal information we process is needed to deliver the District Council services. Most personal information is given to us directly by you through forms, in writing or when you speak to us. Our services have specific reasons to use your data which can be found in the service area privacy notices.

We may also receive personal information from third parties through referrals or actions you have taken elsewhere. You will be told if your data will be shared with us when you first provide your information.

We may need to process data across council departments where it is required to deliver our services and for research and development purposes (e.g. process improvement and the sharing of best practice). Where a complaint is made, information will be processed in line with these privacy notices and may need to be shared responsibly with involved third parties to ensure full understanding and accurate resolution. For more information see our complaints policy.

We will only process your personal information if we have a lawful basis to do so. Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • We need it to perform a public task or legal obligation

Most of the services we provide are specific tasks carried out in the public interest or exercised in our official authority and laid down by law.

  • Your consent

This is only used where we have no other legal basis but it’s important to be able to deliver a service to you. If you ask us to do something, your contact will be taken as your consent.

  • We have a contractual obligation

This may be where we employ you or we have a service contract in place such as a tenancy agreement.

  • We have a vital interest

This is usually a situation where someone is at significant risk of harm and we must take action to protect them, such as Safeguarding.

  • We have a legitimate interest

This is where we need to process your information for a reason that doesn’t normally fall within our statutory services but there is a balance in favour of processing your information.

We have a legitimate interest in using some personal data for testing and training purposes. This is to ensure system upgrades function correctly and that our staff have the best training experience to provide you with good service. This data will be kept separate from our live systems and only for as long as necessary.

The specific basis will differ depending on the reason we process your data and you can see more in the service area notices.

We will make it clear when we require your consent to use your personal data. Once given, you have the right to withdraw your consent at any time however this may affect our ability to provide certain services to you. You can remove your consent by contacting us.

Please refer to our Data Protection Policy for further information about our commitment to using your personal data in accordance with data protection legislation.

To ensure we can deliver our services and resolve your enquiries we may need to share your information across our service areas or externally with partner organisations.

Where we share information, it will only be for a specific purpose and only for as long as is necessary.

The service area notices will tell you who we share your data with. External organisations that your information may be shared with include:

  • Agents or suppliers working on our behalf
  • Other local authorities and social care providers
  • NHS organisations
  • Law enforcement agencies
  • Central Government
  • Department of Work and Pensions
  • Fraud prevention agencies
  • Credit reference agencies
  • DVLA
  • Information Commissioner’s Office
  • Court service
  • Charitable/volunteer organisations providing services on behalf of the Council
  • Solicitors acting on behalf of the Council
  • Utility providers and Landlords

Wherever possible we will only process your data within the UK or the European Economic Area (EEA) as both rely on GDPR. Occasionally, due to the global nature of technology, your personal data may be processed outside of these jurisdictions. We will only do this to follow your instructions or to comply with a legal duty. When this happens, there will be a contract in place to make sure the recipient organisation protects your data to the same standard as those within the UK/EEA.

Depending on our reason for processing your data you may have rights under data protection law including:

Your right of access - You have the right to ask us for copies of your personal information. You always have this right.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. You always have this right.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please Contact Us if you wish to make a request.

Your personal information is securely stored. To do this we use a combination of encryption, access controls and security training.

We keep personal data for as long as is necessary to provide you with our services and for any legal and regulatory requirements. We have a general document retention schedule and each service area privacy notice will include a separate schedule setting out their own document retention.

Information is mainly kept in digital format. Some historic and legal documents may be kept in paper format. Forms, notes and statements completed on paper are usually saved in a digital format by scanning them or writing them up; after which the originals are destroyed.

Our decisions usually involve a level of human review and we will not generally use entirely automated decision-making or profiling.

However, if a decision about you is made by entirely automated means you have right to request that we do not make our decision based on the automated score alone and you can object to an automated decision and ask that a person review it.

Where a service area of the Council uses automated-decision making or profiling, this will be set out in their individual privacy notice.

If you have any questions about our privacy notices or want to make a complaint about how we use your personal information please contact us first.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

We keep this privacy notice under regular review to comply with changes in the law and any updates will be placed on this webpage.

Last reviewed:
Next Service area notices