Dudley Metropolitan Borough Council
Record of Processing Activities (RoPA) (Article 30)
This page provides a summary of personal data processing activities undertaken by the council. It complies with Article 30 of the UK GDPR by providing:
a) the name and contact details of the controller and the data protection officer; b) the purpose of the processing; c) a description of the categories of data subjects and of the categories of personal data; e) where applicable, transfers of personal data to a third country etc f) where possible, the envisaged time limits for erasure of the different categories of data; g) where possible, a general description of the technical and organisational security measures in place.
The Controller:
Dudley Metropolitan Borough Council The Council House Dudley West Midlands DY1 1HF
Nature of work - Unitary Authority
Further information relating to the work of the council can be obtained from our General Privacy Notice accessible at this link:
The following is a very broad description of the way Dudley MBC processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the Council has provided or published at this link: Privacy and Disclaimer Statements or contact the Council directly to ask about your personal circumstances.
We process personal information to enable us to provide a range of government services to local people and businesses which include:
• Administration and Government function • Adult education and lifelong learning function • Adult services function • Adult social care function • Advice and benefits function • Advice and welfare rights function • Alcohol and entertainment function • Alternative education provision function • Animal welfare function • Animals function • Arts and entertainment function • Asylum and immigration function • Benefits function • Building and construction function • Building control function • Business advice and support function • Business and employment function • Business grants function • Business rates function • Businesses function • Businesses and markets function • Careers and employment function • Carer and disability benefits function • Carers function • Children and families function • Children and young people social care function • Commercial activities function • Commercial property function • Commercial waste function • Communications and publicity function • Community centres and facilities function • Community grants function • Community safety function • Community transport function • Complaints and compliments function • Conservation and sustainability function • C onsultations function • Corporate Landlord function • Corporate management function • Council and community housing function • Curriculum and policy function • Cycling function • Data protection and freedom of information function • Democracy function • Democratic services function • Development control function • Disabled facilities grants function • Early years and childcare function • Educational support function • Elected members function • Emergencies function • Environmental health function • Environmental protection function • Equipment and supporting services function • Events and exhibitions function • Extra-curricular activities function • Facilities function • Family benefits function • Finance function • Food function • Footpaths, byways and bridleways function • Fostering and adoption function • Funerals and cremations function • Gambling and lottery function • Goods and services function • Grants and aid function • Grants for children and young people function • Hazardous materials function • Hazardous waste function • Health and safety at work function • Health and social care function • Health and welfare at school function • Heating and housing benefits function • Help and advice for adults function • Higher education function • Highway maintenance function • Highways function • Highways policy function • Homelessness and prevention function • Household waste function • Housing function • Housing advice function • Housing allocation function • Housing finance function • Housing grants function • Housing policy function • Housing services function • Human resources function • Improvements and repairs function • Incident response function • Information communication technology function • Internal operation function • Legal function • Leisure activities function • Leisure and culture function • Libraries function • Library membership function • Licences, permits and permissions function • Local history and heritage function • Looked after children function • Low income benefits function • Markets function • Multiple occupancy homes function • Museums and galleries function • Neighbourhood and Communities security function, including CCTV. • Parking function • Parks and open spaces function • Permissions and consents function • Planning and building control function • Planning policy function • Planning services function • Policy and performance function • Pollution control function • Procurement function • Public Health Function • Public safety function • Public transport function • Pupil development and support function • Recycling function • Reference and research function • Regeneration function • Registration function • Religion and culture function • Road safety function • Road signs and markings function • Roads and streets function • School admissions function • School and special libraries function • Schools function • Schools and education function • Special education needs function • Sports and sporting venues function • Statistics and census information function • Street care and cleaning function • Support for children and young people function • Taxation function • Taxi and private hire function • Tourism function • Trading standards function • Transport function • Transport and highways function • Transport schemes function • Volunteering and voluntary organisations function • Waste and pollution function • Waste management function • Waste policy function • Water activities function • Youth offending function
The processing for the above functions is carried out by the Council’s Directorates and service teams that sit within those Directorates. Further information on the Council’s structure is accessible at this link: Organisational Chart
We process information relevant to the above reasons/purposes which may include:
• Business activities • Case file information • Employment and education details • Family details • Financial details • Goods and services • Housing needs • Licences or permits held • Lifestyle and social circumstances • Personal details • Student and pupil records • Visual images, personal appearance, and behaviour
We also process ‘special categories’ of information, previously known as ‘sensitive data’, that may include:
• Criminal proceedings, outcomes and sentences • Genetic/biometric data • Offences (including alleged offences) • Physical or mental health details • Political affiliation/opinions • Racial or ethnic origin • Religious or other beliefs of a similar nature • Trade union membership
We process personal information about:
• Adults living in the Borough • Business owners • Carers or representatives • Children living in the Borough • Claimants • Complainants, enquirers or their representatives • Customers • Landlords • Licence and permit holders • Offenders and suspected offenders • Payers of Council Tax and/or Business Rates • People captured by CCTV images • Professional advisors and consultants • Receivers of Council Services • Recipients of benefits • Representatives of other organisations • Staff, persons contracted to provide a service • Students and pupils • Suppliers • Traders and others subject to inspection • Tenants • Witnesses
We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary, we are required to comply with all aspects of the data protection legislation. The following is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
In certain circumstances, where necessary or required by law, we may share information with:
Courts, prisons
Credit reference agencies
Current, past and prospective employers and examining bodies
Customers
Customs and excise
Data processors
Debt collection and tracing agencies
Educators and examining bodies
Family, associates or representatives of the person whose personal data we are processing
Financial organisations
Healthcare professionals
Healthcare, social and welfare organisations
Housing associations and landlords
Housing and tenants’ associations
International law enforcement agencies and bodies
Law enforcement and prosecuting authorities
Legal representatives, defence solicitors
Licensing authorities
Local and central government
Ombudsman and regulatory authorities
Partner agencies, approved organisations and individuals working with the police.
Police complaints authority
Police forces
Other police forces, non-home office police forces
Political organisations
Press and the media
Private investigators
Professional advisors and consultants
Professional bodies
Providers of goods and services
Regulatory bodies
Religious organisations
Security companies
Service providers
Students and pupils including their relatives, guardians, carers or representatives,
Survey and research organisations
The disclosure and barring service
Trade unions
Tribunals
Voluntary and charitable organisations
The Council has a robust suite of security controls in place to protect the records we hold about you (on paper and electronically). The Council meets stringent Public Sector Network (PSN) Security controls, and strict Payment Card Industry Data Security Standards (PCI-DSS). The Council has Cyber Essentials accreditation and complies with NHS Digital’s Data Security and Protection Toolkit (DSPT) standards.
Access to your records is only available to those who have a right to see them. Examples of further security include:
• Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This type of technology is applied to a number of our systems including our email system. • Access Controls, controlling access to systems and networks using multi factor authentication, allows us to stop people who are not allowed to view your personal information from getting access to it. • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong. • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (patches).
Further details and policies relating to how we look after your information can be accessed at this link: How we look after your information
There is often a legal reason for keeping your personal information for a set period of time, we try to include all of these in the Council’s retention schedule. A copy of this document is available on request from our Information Governance Team (email: information.governance@dudley.gov.uk)
For each service the schedule lists for how long your information may be kept. This ranges from months for some records to decades for more sensitive records. As services, laws and legislation change regularly, the retention schedule is constantly changing to reflect the new requirements.
In very rare circumstances, it may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the data protection legislation, for example, only with your consent if appropriate and with additional security measures in place to protect your information.
The majority of personal information is stored on systems located on the Council’s own servers in the Council’s own secure premises, although there are some occasions where your information may leave the UK in order to get to another organisation, or, if it is stored in a system that uses servers elsewhere.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data, undertaking risk assessments on systems being used to ensuring we have a robust contract in place with the third party.
We will take all practical steps to make sure your personal information is not sent to a country that is not seen as “safe” either by the UK or EU Governments.
Further information
If you have any concerns about how your personal information is handled please contact our Data Protection Officer via the details provided above.
For independent advice about data protection, privacy and data sharing issues, you can contact the regulatory body: Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK99 5AF