Who are we and what do we do?
Middlesbrough Council operates a revenues service to collect council tax and business rates owed to us and from time to time assist with the payment of Government grants such as the Council Tax Energy Rebate.
What type of personal data do we collect and how do we collect it?
We collect personal data directly from residents and business owners and from third parties. The information that we collect may include name, address, contact details including telephone numbers and email addresses, financial information, bank details, details about your household, employer details, whether you are a student, and other information that may help us to locate and contact the persons that are liable for money owed to us. We also collect ‘special category’ data including health information.
How the Law allows us to use your personal data
We use personal data where it is needed to meet our ‘legal obligations’ and deliver our ‘public tasks’. We use special category data to help us meet our legal obligations in ‘social security’ and ‘social protection’. Some of the laws that we work to include the Local Government Finance Act 1992, the Council Tax (Administration and Enforcement) Regulations 1992, and the Localism Act 2011.
What is your personal data used for?
We use personal data to collect council tax and business rates, assess and to apply discounts, exemptions, rate relief, hardship requests, and to pay relevant grants or rebates. Sometimes we use data to the apply for legal orders to deduct your debts from your employment pay and wages. We also use this data to investigate and respond to complaints and to prevent, detect, investigate, and prosecute fraud.
Will your personal data be shared?
We share personal data with Government departments such as the Department of Work and Pensions for benefits or debt purposes, with external enforcement companies for debt collection, and with credit agencies for identity, banking, and fraud checks.
We sometimes share personal data for the prevention, detection, or investigation of crime or apprehension and prosecution of offenders with law enforcement agencies, such as the Police, Trading Standards, health organisations like the NHS Counter Fraud Authority, or immigration authorities.
In some situations, we may share data, if the law allows us, to safeguard public safety or if there is a risk of harm or in emergency situations.
How do we keep your personal data secure?
We use the following measures to ensure that your personal data is secure: data protection and security policies, information security incident reporting, data and device encryption, system and data access controls, user accounts and passwords, physical and environmental security, staff vetting practices, staff training and awareness, data back-ups, ICT network penetration testing, and business continuity and disaster recovery plans.
How long will we keep your personal data?
We will only keep your data for as long as necessary and in line with our Records Management Policy and Retention/Disposal Schedule. For Revenues Services the normal retention period is 6 years.
Is your personal data processed overseas?
We do not send your information overseas unless we are required to by law or you have requested us to do so, for example if you live abroad.
We do not use personal data by the Revenues Service for marketing, but we may send you ‘public service messages’ where the law permits this.
What are your information rights?
Your Information Rights are set out in law and, subject to some exceptions, you have the:
- Right to rectification - to ask for information to be corrected
- Right to erasure - to have your personal data deleted
- Right to object - to how your data is used
- Right to restriction - to request limits on how your data is used
- Right to portability - to request that we move your data to another organisation
- Right of subject access - to request a copy of data the Council holds about you
Making a complaint
If you have a concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office. Visit the website of the Information Commissioner's Office.