Toggle Mobile Menu Visibility
Toggle Search Controls Visibility
Toggle search control visibility
Search Site

Privacy Notice

You have a right to know how, when and why the Council will collect and use your personal data. The Council must process your data in accordance with the General Data Protection Regulation (GDPR).

Personal data is information about a living person that means we can work out who they are such as name, address, telephone number, date of birth, bank details etc. This can include written letters, emails, photographs, audio recordings and video recordings.

Some data is called special category data which is more sensitive, and we have to look after it more carefully. This includes details of ethnic origin, religious beliefs, sexual orientation, trade union membership, health data, and biometric (e.g. fingerprints, facial recognition) and genetic (e.g. DNA) data. 

Data Controller

When we use your personal data, High Peak Borough Council is what we call the data controller.

As the data controller, we must:

  • only keep your data that we need to provide services and do what the law says we must
  • keep your records safe and accurate
  • only keep your data as long as we have to
  • collect, store and use your data in a way that does not break any data protection laws.

Things you can do to help us:

  • tell us when any of your details change; and
  • tell us if any of the information we hold on you is wrong

Our Data Protection Officer

If you wish to contact our Data Protection Officer then you can do so by:


Or by post: Data Protection Officer, Buxton Town Hall, Market Place, BUXTON SK17 6EL

Why we collect and store personal data

For some of our services, we need to use your personal data so we can get in touch, or provide the service. We can use your personal data under many different laws. The main ones for the Council are the Local Government Acts and the Localism Act 2011, but there are hundreds more. The Government put together a list of all of these in 2011 which can be found here. 

Some of these laws may have been updated since then, and new ones added.

In many cases there is a law that says we must or we can process your data and we can do so without your consent or permission.

For some services we process your data under a contract. This may include, for example, membership of a leisure centre or some pest control services

Where we do not directly provide the service, we may need to pass your personal data onto the organisations that do. These providers are under contract and have to keep your details safe and secure, and use them only to provide the service.

Using your personal data

We will use your data to:

  • provide council services and anything we must do by law.
  • carry out our regulatory, licensing and enforcement roles which we have to do by law.
  • make payments, grants and benefits and spot fraud.
  • check the quality of services and investigate any worries or complaints you have about your services.
  • research and plan new ways of delivering services.
  • tell you about council services.

We participate in the Cabinet Office's National Fraud Initiative, which seeks to prevent and detect fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office. You can find more information here.

Joined-up services within the council

We share your data between services within the council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. For example, if you tell the housing team you have moved, they will pass this information on to other parts of the council such as the council tax team. Staff can only see your data if they need it to do their job.

Fair and Transparent Processing

How long we keep data

The Council must not keep your data for longer than is required for the purpose for which it was collected. The length of time that we will keep your data will vary according to the reason it was collected.

The Council has produced a document retention policy that sets out how long we need to keep different type of information.

Most information will be kept for up to 3 years. However, certain financial, tenancy or regulatory information will be kept longer and typically for up to 7 years.

Your rights

The GDPR provides individuals with a number of rights:

1.The right to be informed

2.The right of access

3.The right to rectification

4.The right to erasure

5.The right to restrict processing

6.The right to data portability

7.The right to object

8.Rights in relation to automated decision making and profiling.

More information about the rights of individuals can be found on the Information Commissioner's website.

Raising Concerns

If you are concerned about the way that we are handling your information then you should contact our Data Protection Officer. Contact details are provided at the top of this notice.

We will investigate your concerns and respond to you within 28 calendar days.

If you are still unhappy after receiving our response then you can raise your concerns with the Information Commissioner's Office (ICO). More information about raising concerns, including how to contact the ICO, is provided on the ICO website.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice is v3.0 and was last updated on 21 January 2020.

Planning and Planning Policy

More details on how we use information when considering planning applications and developing planning policy can be found on the web pages for those services

Councillors Privacy Notice

This privacy notice is with regards to how councillors use your personal information, why they collect and store it, how and when they can process your data, sharing your personal information and how long they can keep it.