Dudley Metropolitan Borough Council is committed to protecting your privacy when you use our services.
Data Protection and Your Privacy
Our principal activity is: Local Government
Organisation Name: Dudley Metropolitan Borough Council
Address: Council House, Priory Road,
Town: Dudley, DY1 1HF
County: West Midlands
Data Controller: Dudley MBC
The Privacy Notice below explains how we use information about you and how we protect your privacy.
As a data controller, we must:
- only keep your data that we need to provide services and do what the law says we must
- keep your records safe and accurate
- only keep your data as long as we have to
- collect, store and use your data in a way that does not break any data protection laws.
You can help us to make sure we get things right by:
- telling us when any of your details change; and
- telling us if any of the information we hold on you is wrong
The Council has a Data Protection Officer who ensures that the Council respects your rights under Data Protection Law and carries out regular checks on the Council to ensure that it follows the law properly. If you have any concerns or questions about how the Council looks after your personal information, please contact:
Personal information means any information that relates to an identifiable living person who can be directly or indirectly identified by the information. This could be your name and contact details, but it can include other things that when put together can also identify you such as written letters, emails, photographs, audio recordings and video recordings.
Some information is "special" and needs more protection due to its sensitivity. It is often information that you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- sexuality and sexual health
- religious or philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic/biometric data
- criminal history
We may need to use some information about you to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- check the quality of services
- help with research and planning of new services
There are a number of legal reasons why we need to collect and use your personal information.
Each privacy notice published on the Council's website will explain for each service which legal reason is being used. The main ones for the Council are the Local Government Acts and the Localism Act 2011, but there are many more. The Government put together a list of all the Legal reasons in 2011, a document containing this information can be seen at this link:
Some new ones have been introduced since this list was created and others updated, where this is the case the new or updated laws will be mentioned in the service specific Privacy Notices.
Generally we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- it is necessary to deliver health or social care services
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
In many cases there is a law that says we must or we can process your data and we can do so without your consent or permission.
If we do need to have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact email@example.com and tell us which service you’re using so we can deal with your request.
Where we can, we will only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example in a survey we may not need your contact details we will only collect your survey responses.
If we use your personal information for research and analysis, we will always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We do not sell your personal information to anyone else.
Sometimes we request equalities information from you, most often about ‘Protected Characteristics’, as defined by the Equality Act 2010. These include ethnicity, age, religion, gender, marital status, sexual orientation, maternity status and disability status.
If this information isn’t required for the service we are providing you then we ask for it because the Equality Act requires public authorities to show that they have given ‘due regard’ to equalities as they plan and deliver services and when they consult service users.
We may use this information to find out;
- Who is using our services
- Who is not using our Services
- What are the experiences of different groups of customers
- Are services reaching the people who need them most?
This information helps us improve our services for all to better plan for the future and to ensure no one is disadvantaged.
You are not required to provide this information to use our Services. We will make it clear that it is voluntary when it is requested and include a ‘prefer not to say’ option if you do not want to provide it.
The law gives you a number of rights to control what personal information is used by us and how it is used by us.
You can ask for access to the information we hold on you
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services.
However, you also have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you, most of the time we must give you access to everything we have recorded about you.
However, we cannot let you see any parts of your record which contain:
- Confidential information about other people
- Information a professional (such as a Social Worker) thinks will cause serious harm to your or someone else’s physical or mental wellbeing
- If we think that giving you the information may stop us from preventing or detecting a crime
This applies to personal information that is in both paper and electronic records. If you give us permission, we will also let others see your information (except if one of the points above applies), for example a Councillor or Solicitor acting on your behalf.
You should let us know if you disagree with something written on your file.
We may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place
- Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
Where your personal information has been shared with others, we will do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we’re required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for, scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims
You have the right to ask us to restrict what we use your personal information for where:
- you have identified inaccurate information, and have told us of it
- where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of the UK.
Where restriction of use has been granted, we will inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we will seek to comply with your request, but we may need to hold or use information because we are required to by law.
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we are using your personal information with consent (not if we’re required to by law) or processing your information for the performance of a contract to which you are a party and if decisions were made by a computer and not a human being.
It is likely that data portability will not apply to most of the services you receive from the Council.
You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.
You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If and when Dudley Council uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed.
If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we using your information.
We share your data between services within the council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. For example, if you tell the housing team you have moved, they will pass this information on to other parts of the council such as the council tax team. Staff can only see your data if they need it to do their job.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement or contract in place to make sure that the organisation complies with data protection law.
We also share information with other key organisations so that we can provide you with consistent and joined up services. This is particularly the case with Health and Social Care organisation, for example the Black Country and West Birmingham initiative One Health and Care. Information about your health and care is recorded across NHS organisations and local authorities. When you contact organisations involved in your care as a patient or service user, information is collected about you and records maintained about the care and services that have been provided. Further information is available about One Health and Care in their Privacy Notice.
At times we will process information using Adobe Sign, an electronic system, to validate and ensure agreements and documents are legally binding through an e-signature solution.
This requires some information to be collected and stored with our third party cloud-hosted supplier in a safe and secure manner.
A number of Council Service Areas utilise an outsourced printing and mailing service. The Council is contracted with APS through the Crown Commercial Services framework for the provision of these services. The Council is the Data Controller of the personal data processed during these activities and APS Group is acting as a “Processor” on behalf of the Council.
We will often complete a Data Protection Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including:
- if we take a child into care
- if the court orders that we provide the information
- if someone is taken into care under mental health law
We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy. This does not happen often, but we may share your information:
- in order to find and stop crime and fraud, or if there are serious risks to the public, our staff or to
- other professionals
- to protect a child or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can override your right to privacy.
If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). Council equipment, such as laptops, uses this so no one can access the data other than the member of staff using it.
- Pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
The Council has to comply with strict security controls set out by the Government, NHS Digital and the Payment Card Industry. Our security controls are regularly tested by external assessors to ensure that they are robust enough to protect your information.
The majority of your personal information is stored on the systems in the Councils own secure data centres. But there are some occasions where we do use systems that store information on servers managed by our partners. We always ensure that these partners have strict security controls in place and our agreements or contracts detail how they should look after the information.
We will take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.
There is often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.
For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.
The Freedom of Information Act, Environmental Information Regulations and INSPIRE Regulations give you rights to access official information that we hold. For further information on how you should go about asking for this information please see the details at this link:
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Cheshire SK9 5AF
Our Web site enables you to communicate with other visitors or to post information to be accessed by others. When you do so, other visitors may collect your data. Our Web site also enables you to use online forms for certain services. Your attention is drawn to the fact that not all services currently provide a fully secure method of submitting your information. Any information is submitted at your own risk.
Our Web site does include links to external sites. These have been added for the convenience of users. Dudley council is not responsible for the content of these sites and accepts no liability for material or services within them. When following links to external sites, you are leaving Dudley Metropolitan Borough Council's website.
Please note that communications with the Local Authority (including online transactions) will be subject to monitoring and recording for the purposes permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 in order to prevent or detect a crime, or investigate or detect the unauthorised use of the service.
In some parts of the council we routinely record telephone calls for the following purposes:
• To monitor the quality of call handling and customer service
• Staff training, coaching and support
• The verification of what was said if there is a dispute or complaint
• To protect staff from abusive behaviour
• To verify the customers agreement during certain service requests
If it is likely that your call will be recorded, then reasonable efforts will be made to ensure you are aware of this fact. This will usually be achieved by playing a notification of recording at the start of your call.
Where there is a need to verify something you have said (e.g. that the information you have provided in support of an application is true and accurate) you will be reminded that the conversation is being recorded.
An organisation would have to evidence specific conditions in order to process information that relies solely on automated and/or profiling techniques to process.
An organisation can only carry out this type of decision-making where the decision is:
- Necessary for the entry into or performance of a contract, or
- Authorised by Union or Member state law applicable to the controller, or
- Based on the individual’s explicit consent
Last updated 24/01/2023