Who are we and what do we do?
Middlesbrough Council are responsible for improving the health and wellbeing of the local population of South Tees and for commissioning some public health services.
What type of personal data do we collect and how do we collect it?
We collect personal data such as name, date of birth and address, characteristics such as gender and lifestyle information, and we use verbal or written quotes, and or photographs. We also collect ‘special category data including ethnicity and disability. We often obtain this on a voluntary basis through electronic surveys, registration forms at events,
How the Law allows us to use your personal data
We collect and process individual’s personal data for ‘public tasks’ where we have a legal power. We use special category data where there is a ‘substantial public interest’ for ‘statutory or government purposes’. The law that supports this work is the National Health Service Act 2006.
What is your personal data used for?
Information gathered from surveys is used to evidence the need for public health interventions aimed at improving the health and well-being of the public. Some of this information is use to create campaigns or publicity about health improvement initiatives. It may also be used to inform anonymous stories or case studies and for evidence in electronic reports and presentations.
Will your personal data be shared?
Information gathered through electronic surveys is used anonymously to contribute to the bigger public health picture locally often contributing to reports and presentations. Data will not be shared with third party individuals or groups.
How do we keep your personal data secure?
We use the following measures to ensure that your personal data is secure: data protection and security policies, information security incident reporting, data and device encryption, system and data access controls, user accounts and passwords, physical and environmental security, staff vetting practices, staff training and awareness, data back-ups, ICT network penetration testing, and business continuity and disaster recovery plans.
How long will we keep your personal data?
Individuals’ personal data is kept no longer than is necessary for the purposes for which it is being processed. It will be held in line with the Council’s Records Retention Policy which is available on our website.
Is your personal data processed overseas?
No personal data collected by us is transferred overseas.
We will only send information to you that you consent to receiving, such as newsletters via email. In most instances we will direct you to support services that you can choose to engage with.
What are your information rights?
Your Information Rights are set out in law and, subject to some exceptions, you have the:
- Right to rectification - to ask for information to be corrected
- Right to erasure - to have your personal data deleted
- Right to object - to how your data is used
- Right to restriction - to request limits on how your data is used
- Right to portability - to request that we move your data to another organisation
- Right of subject access - to request a copy of data the Council holds about you
Making a complaint
If you have a concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office. Visit the website of the Information Commissioner's Office.