We use cookies to enhance user experience. We'd also like to use google analytics cookies to improve our site. You can read more about our cookies before you choose.

Why are we collecting your personal data?

This privacy notice outlines how the Information Governance Team at Stratford District Council collects, uses and safeguards any personal data you provide when using our services or interacting with us. We will collect only the personal data necessary to fulfil our legal obligations and to deliver services. Our services include managing and responding to Freedom of Information, Environmental Information Regulations, Data Protection and Police requests. Advising on allegations and logging data breaches.

What personal data (information) do we collect?

Personal data* (information) that is collected may vary depending on the situation. This can include:

  • Contact information: Name, contact details such as email or postal address
  • Any other personal data you provide to enable us to respond to your enquiry
  • Verification information such as a photo ID – this data is not kept once details are verified

* The term ‘personal data' relates to any data that could potentially identify a specific individual. The following are classified as ‘personal data': name, age, address, postcode, place of birth, date of birth, gender and national insurance number. Additionally, any information that can be used directly or in conjunction with other data to identify, contact or locate an individual is considered personal data.

Who uses this information?

The information is used by the Information Governance Team. It may also be shared with other Council departments or external government agencies where necessary and, only when legally permitted, to fulfil our obligations, assist in safeguarding or deliver services more effectively.

What authority does the Council have to collect and use this information?

Under the UK General Data Protection Regulation (2018), the Council collects and uses this information under powers given to local authorities (councils). We process your personal data on the following legal grounds. You have provided consent for us to process your data for specific purposes.

a) Processing is necessary for the performance of a contract with you or to take steps at your request before entering such a contract.

b) Processing is necessary for compliance with a legal obligation to which we are subject.

c) We have a vital interest in processing your personal data to protect someone's life.

d) We need it to perform a public task, which means carrying out a public function and/or exercising a power that is established by law. For example, a public task we need to perform involves assessing and reviewing all requests, identifying and locating the relevant information, and ensuring transparency while protecting personal data.

e) Processing is necessary for your legitimate interests or those of a third party (i.e. someone else or another organisation), and your rights do not override these interests. These interests can include commercial interests, individual interests or broader benefits to society. This justification cannot apply if we, as a public authority, are processing information to perform our official tasks. In circumstances where we do not have the legal authority to use your information, we will always obtain your prior consent. You can find all the relevant legislation in Appendix 1 below.

Who are we likely to share this information with?

We may sometimes share the information we have collected about you where it is necessary, lawful and fair to do so. In each case we will share only the minimum amount of information, only when it is required and with:

  • Other relevant internal departments
  • National Regulators e.g. Information Commissioner's Office, Investigatory Powers Commissioner
  • Legal representatives of other parties
  • The Police and other crime enforcement agencies.
  • Other public authorities e.g. councils, government departments (HMRC, DWP, Immigration etc.)

Note: the lists above are not exhaustive. From time to time, we may be obliged to review our data processing requirements in light of current circumstances and new legislation.

How do we keep this information secure?

Your information is stored securely on a database and document management systems. These have strict password access and usage policies and procedures.

How long do we keep this information?

We have a retention schedule which details how long we keep various types of records. Records are kept for no longer than 6 years unless there is a legal requirement to keep them for a longer period. All records are destroyed securely when we no longer require them.

What are your rights?

Under data protection law, you have rights, including the following: Right of access – You have the right to ask us for copies of your personal information.

  • Right to know – You have the right to know how we process your information.
  • Right to rectification – You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. Where possible, we will seek to comply with your request, but we may be required to hold or process information to perform our functions under the law.
  • Right to withdraw consent – You have the right to withdraw consent at any time if we rely on your consent to process your information.
  • Right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. These rights are not absolute. There may be occasions when we cannot comply with a “Rights" request. When this happens, we will usually tell you why.

Further Details and Contact Information

If you wish to make a request, please see the details in this link. If you have any concerns or questions about how your personal information is handled, please contact our Data Protection Officer at data.protection@stratford-dc.gov.uk.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. Alternatively, visit ico.org.uk or email casework@ico.org.uk. My District Privacy Notice is available on the Stratford-upon-Avon website.

Appendix 1 – Relevant Legislation

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Freedom of Information Act 2000
  • The Regulation of Investigatory Powers Act 2000
  • Common Law of Confidentiality

Version Control Information

Version Date Changes made Approved by Next review due
1 14/01/2025 Version 1 Data Protection Manager 14/01/2026

Contact: The Law & Governance team

Last updated on 12/06/2025
Back to top