Home chevron_right Data protection and privacy chevron_right Privacy notices chevron_right Privacy notice - Creditors and Debtors

Privacy notice - Creditors and Debtors

Who are we and what do we do?


Middlesbrough Council provides a wide range of services which involves the purchase of goods and services for which we owe monies to creditors, and also collection of taxes, benefits overpayments, business rates, commercial and other rents, various fees and charges, and fines from our debtors.

What type of personal data do we collect and how do we collect it?


We collect personal data directly from you and from other organisations including names, addresses, contact information, bank details and account information, unincorporated business status e.g. sole trader, identity of employer, other financial information such as Council wide debts owed or account credits, credit agency checks, and information about commercial tenancy applications. We also collect non-personal data about incorporated businesses.

How the Law allows us to use your personal data


We use personal data to meet our ‘legal obligations’ and to carry out our ‘public tasks’. The table at the end of this privacy notice sets out the laws that allow us to use personal data in this way.

What is your personal data used for?


We use personal data to make payments, manage credits, collect Council wide debts, evaluate financial risks from potential tenants, publish spending information, analyse and improve our business processes, and to prevent and detect fraud.

Will your personal data be shared?


We may share information across Council teams, with our suppliers and contractors, financial institutions and regulatory bodies, credit agencies, Government departments including the Cabinet Office (National Fraud Initiative), Department of Work and Pensions and HM Revenue and Customs, Police and the Courts, and enforcement agents and bodies.

How do we keep your personal data secure?


We use the following measures to ensure that your personal data is secure: data protection and security policies, information security incident reporting, data and device encryption, system and data access controls, user accounts and passwords, physical and environmental security, staff vetting practices, staff training and awareness, data back-ups, ICT network penetration testing, and business continuity and disaster recovery plans.

How long will we keep your personal data?


We will only keep your data for as long as necessary and in line with our retention and disposal procedures.

Is your personal data processed overseas?


We may send some data overseas when we work with banks and other financial institutions and credit agencies, but we ensure that appropriate security measures are in place before doing so.



We do not use information gathered from creditor or debtors for direct marketing purposes. From time to time we may send you ‘public service messages’ where we have a legal duty or power to do so.

What are your information rights?


Your Information Rights are set out in law and, subject to some exceptions, you have the:

  • Right to rectification - to ask for information to be corrected
  • Right to erasure - to have your personal data deleted
  • Right to object - to how your data is used
  • Right to restriction - to request limits on how your data is used
  • Right to portability - to request that we move your data to another organisation
  • Right of subject access - to request a copy of data the Council holds about you

Making a complaint


If you have a concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office. Visit the website of the Information Commissioner's Office.



If you would like to discuss anything in this privacy notice or your information rights, please contact:

The Data Protection Officer
Middlesbrough Council
PO Box 500, Middlesbrough, TS1 9FT
Phone: 01642 245432
Email: dataprotection@middlesbrough.gov.uk