Skip to main content

Privacy Notice Information and your rights

Your privacy is important to us and we are committed to handling your personal data in line with both the General Data Protection Regulation and Data Protection Act.

We collect, store and use your personal data in many different ways. This depends on how you interact with the council. 

Redditch Borough Council has an overarching shared service agreement in place with Bromsgrove District Council.

The personal data we collect

What is personal data?

Personal information can be anything that identifies and relates to a living person, including separate pieces of information that, when put together, can identify a person.

Some information is categorised as ‘special’ and needs more protection due to its sensitivity.  It’s often information you would not want widely known and is very personal to you. Special category data relate to sexuality, sexual health, religious or philosophical beliefs, ethnicity, physical or mental health, trade union membership, political opinion, genetic and biometric data and criminal history.

Why we collect this data

We collect and use your personal data in many different ways, depending on how you interact with the council. 

Each council service area will collect, share and store your information in a unique way in order to best deliver a service to you. 

Legal reasons for collecting personal data

There are a number of legal reasons why we need collect and process your data. These include:

  • Performing our public functions as a local authority.
  • Assisting other government organisations with performing their public functions.
  • Carrying out our legal and contractual obligations, and continuously improve the quality of our services.
  • Carrying out our employment obligations.
  • Protecting public health.
  • Protecting the vital interests of individuals such as the safeguarding of adults or children.

What we do with your data

How long do we keep your data? 

There’s often a legal reason for keeping your personal information for a set period of time.  This is mentioned in the privacy notice for each service.

Who do we share your data with?

We legitimately share information with different government organisations, charities, companies and partners if they are using it to perform public functions, fulfil a legislated obligation or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law. We may also use the services of data processors, for example cfhdocmail, when sending letters.

When using personal data for research purposes, the data will be anonymised to avoid the identification of an individual, unless consent has been given for the use of the personal data.

We do not sell personal information to any other organisation for the purposes of direct marketing. 

Our legal duties and obligations

We may also share your personal information when we have a legal duty and feel there is a good reason and one that is more important than protecting your confidentiality. This does not happen often, but we may share your information for the following reasons:

  • for the detection and prevention of crime/fraudulent activity; or
  • if there are serious risks to the public, our staff or to other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

For all of these reasons the risk must be serious before we can override your right to privacy. We will make sure that we record what information we share and our reasons for doing so.

How we protect your data

We’ll do what we can to make sure we hold records about you - on paper and electronically - in a secure way, and we’ll only make them available to those people who have a right to see them.

Examples of our security measures include:

  • We make every effort to keep all the personal data we hold secure, whether held electronically or as paper copies. We also ensure that only members of staff with a legitimate reason to access your information have permission to do so.
  • All employees are provided with relevant training in the correct use of information processing facilities and security procedures, including monitoring for and responding to data security incidents and weaknesses.
  • IT facilities and support infrastructures are physically protected from unauthorised access, theft, damage and interference.

Where is your data stored?

The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK, either in order to get to another organisation or if it’s stored in a system outside of the EU. We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as safe either by the UK or EU Governments.

Privacy and security on this website

This website has been developed to ensure your visits to it are as secure as possible. 

To make our online services easy to use and reliable, we sometimes need to place small amounts of information on your device, including small files known as cookies. These cannot be used to identify you personally.

We also use secure-server software which encrypts all personal information, including your credit or debit card number, name and address. This software converts the characters you type into bits of code which are then securely transmitted via the internet.

When you complete a form on the website, that form is sent to the relevant department within the council. A copy of that form is saved on the webservers for 28 days in an encrypted form and then deleted.

Find out more about how we use and secure your data when you visit this website here

Help & Advice

Contact Us

Redditch borough Council Data Protection Officer is Mark Hanwell who oversees the Information Management team. To contact the DPO or the information management team, email

Independent Advice

For independent advice about data protection, privacy and data sharing issues, or to lodge a complaint if you think your data has been mishandled, you can contact the Information Commissioners Office (ICO) at:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: Helpline 0303 123 1113 or text service 01625 545 745.

Data protection and personal information complaints tool | ICO

Alternatively, visit

Feedback & Share