Data Protection

How does the council protect information about you?

The Data Protection Act and UK General Data Protection Regulation (GDPR) tell us how to ensure that the information we create, use and hold about you is processed lawfully, fairly, transparently and in accordance with your individual rights.

The Act places a legal responsibility on the council to make sure that all data collected, obtained and processed receives the right level of protection and is protected from loss and unauthorised use or disclosure.

Your Rights

The Data Protection Act and UK GDPR gives members of the public rights in relation to their personal information including:

1.     The right to know what information the council holds about you, for what purpose, on what legal basis

This Privacy Notice describes, in general terms, how we use your personal data.  You can also find details on how each service uses your personal data.

2.     The right to request access to your information; this is known as a Subject Access Request (SAR)

3.     The right to ask the council to correct inaccurate data or change the way we use it

4.     Under certain circumstances, the right to raise an objection to how your data is being processed

5.     Under certain circumstances, the right to have your personal data erased

Subject Access Requests

You can make a SAR by speaking to a Council Officer, telephoning the Council's Customer Service Network on 0191 520 5555, emailing access.files@sunderland.gov.uk or filling in and submitting this online form to Request information Sunderland City Council hold about you.  Using the online form helps us to find your data and understand your request more effectively.

The more specific you are about your request and what information it relates to, the quicker we will be able to locate it and provide you with our response. When making your request, please also specify what format you want to receive it in - electronic or hard copy.

Please note that SARs can take up to a calendar month to process, or three months if the request is deemed complex.

Under GDPR, the Council is required to be fair and transparent at all times when processing your information, so all service areas are expected to consider disclosing your information to you on a regular, routine basis as part of their day-to-day business processes. Before making a SAR, it will usually be worth checking with the service area if they can provide you with a particular document or piece of information.

Please also note the following regarding SARs

• The Council is entitled to verify the identity of a requester where it may have reasonable doubts as to the authenticity of a SAR. You may be asked to provide proof of identity if the Council if we do not have an established relationship with you, or we don't contact details for you.
• A SAR generally only allows access to your own information; information on any third parties will not usually be disclosed to you as it is exempt.
• There are a range of other exemptions from SARs set out in the Data Protection Act, including around safeguarding, health data, criminal activity, legal professional privilege, court documents and information that has been provided in confidence.
• Exemptions do not allow the Council to withhold all the information in your SAR, but we will need to remove or redact those records/parts of records which are covered by the exemptions. The remainder of your information will be made available to you.
• Any data held about a child is still their own personal data and does not belong to anyone else, including a parent. It is the child who has the right of access to information held about them, even though, in the case of younger children their rights can usually be exercised for them by people with parental responsibility.
• Certain information requests are prohibited under the Data Protection Act because there is already an access channel under alternative laws e.g. Adoption Records, and any information relating to Education Health and Care Plans. In such cases you will need to contact the Adoption Service or SEND Team in Together for Children directly: Together For Children - Together for Children
• The UK GDPR, and therefore Subject Access, only applies to identifiable living individuals. Requests for access to records of deceased persons must be made under the Freedom of Information Act 2000: Freedom of Information - Sunderland City Council

Further Information

If you have any queries or concerns regarding your rights or how the Council handles your personal data please contact the Data Protection Office at Data.Protection@sunderland.gov.uk or on 0191 520 5555

The Information Commissioner oversees use of personal data in England and Wales.