Menu
Skip to main content
Updates to North East Lincolnshire Council’s website

Data Protection and privacy

North East Lincolnshire Council processes personal and non-personal data and information in order to deliver and improve our services and meet statutory duties.

We are committed to processing data and information lawfully, fairly and transparently and keeping it protected and secure.

We are registered as a data controller with the Information Commissioner’s Office (ICO) and are fully committed to complying with our responsibilities under the Data Protection Act and UK General Data Protection Regulation (UK GDPR), which regulates how we process personal data.

This section explains how we collect and use personal data, tells you about your rights and gives contact details for help and advice. Please read our Data Protection Policy (PDF, 201KB) (including Appropriate Policy), Confidentiality Policy (PDF, 147KB) and Records Management Policy and Information Governance Framework (PDF, 856KB) .

Privacy notice

Last updated: April 2026

North East Lincolnshire Council as a data controller is committed to being transparent in its processing of personal data to meet its legal obligations and provide our services.

This privacy notice explains broadly how we collect, use and protect your personal data in accordance with the General Data Protection Regulation.

A DATA CONTROLLER is the person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

PROCESSING means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

North East Lincolnshire Borough Council is registered as a data controller with the Information Commissioner’s Office under the Registration Number Z5951373.

Separate registrations are also in place for North East Lincolnshire Borough Council Superintendent Registrars Service (Z7097889) and North East Lincolnshire Borough Council Electoral Registration Officer (Z8809111).

You can view these notifications detailing the purposes we process information for on the Information Commissioner’s website .

As a public authority we are required to have a Data Protection Officer, who is responsible for:

  • Informing and advising the council in respect to their data protection obligations;
  • Monitoring the council’s compliance with their data protection obligations;
  • Providing advise advice where requested; and
  • Acting as a point of contact and cooperating with the Information Commissioner’s Office.

Our Data Protection Officer is Paul Ellis

Email: [email protected]

Telephone: 01472 323372

Postal: North East Lincolnshire Council, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU

PERSONAL DATA means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

SPECIAL CATEGORIES OF PERSONAL DATA relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Whenever possible we will always look to use aggregated, anonymised or pseudonymised data rather than using identifiable personal data.

When processing your personal data we will at all-times comply with our obligations under the General Data Protection Regulation and other data protection law. These obligations are there to protect you and ensure that we:

  • Process your personal data lawfully, fairly and in a transparent manner;
  • Collect your personal data for a specified, explicit and legitimate purposes and do not process it for further purposes that are incompatible;
  • Ensure that the personal data we process is adequate, relevant and limited to what is necessary for the processing purpose;
  • Ensure your personal data is accurate and, where necessary, kept up to date;
  • Keep your personal data for no longer than is necessary;
  • Keep your personal data protected and secure, to do this we have put in place appropriate organisational and technical measure, to prevent its unauthorised or accidental lose or destruction and ensure it is only accessed by those authorised to do so in the performance of their duties.

We will use your personal data for the following purposes and at all times in accordance with our data protection obligations, including:

  • Where you have consented to or asked us to process of your data for a particular purpose;
  • To deliver our services effectively and efficiently to you including communicating with you and confirming your identity;
  • When you use our website please see our cookie policy and terms and conditions;
  • To meet our statutory obligations;
  • For the promotion or improvement of the economic, social or environmental well-being of North East Lincolnshire;
  • For employment purposes and duties;
  • To carry out our Public Health duties – all Local Authorities have a duty to improve the health of the population they serve. To help with this, we use data and information from a range of sources, including pseudonymised hospital data, and personal data collected at the registration of a birth or death, to understand more about the nature and causes of disease and ill-health, and about the health and care needs in the area;
  • To identify and protect those at risk of harm;
  • To respond in the event of an emergency or a major accident;
  • To carry out our enforcement functions;
  • For the prevention and detection of fraud and crime and the protection of public funds including the use of Data Matching;
  • The use of CCTV images for the purposes of public safety and the prevention and detection of crime;
  • For research and statistical purposes to provide intelligence about North East Lincolnshire and its residents and help us plan efficient and effective services for the future. These activities are normally undertaken using aggregated, anonymised or pseudonymised data; and
  • Where otherwise permitted under the Data Protection Act.
  • We may use credit reference agencies to carry out credit searches and verify information you provide. This helps us assess financial circumstances and recover debts owed to the Council. These checks may leave a footprint on your credit file but will not affect your credit score.

Services processing large amounts of personal data or special categories of personal data will have their own dedicated privacy notice to tell you how your personal data is being processed.

North East Lincolnshire Council monitors and records telephone calls it receives.

We record both your conversation and your telephone number if available. If you are making a payment over the phone, the call recording will stop when you provide your payment card details.

Monitoring and recordings of telephone calls may be used:

  • to assist quality assurance
  • to investigate and resolve a complaint
  • for the detection, investigation and prevention of crime (including fraud)

Recordings may be disclosed to third parties in accordance with data protection legislation, for example if we have a legal obligation to do so, such as for law enforcement, fraud investigations, protection of public funds, regulation and licensing, criminal prosecutions and court proceedings.

You can request that your call is not recorded, however in these circumstances you will normally be advised to contact us either in writing or by email.

Recordings are kept securely and confidentially deleted after 3 months.

We are required by law to protect the public funds we administer, and may use any of the personal information you provide to prevent and detect potential fraud and crime, by conducting data matching on our own or in conjunction with others. The other bodies responsible for auditing or administering public funds we may share information with for data matching, include the Cabinet Office, the Department for Work and Pensions, HM Revenue and Customs, the Police and other local authorities.

Data Matching involves the comparison of computer records held by one body against other computer records held by the same or another body. The data matched is usually personal information, allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can or will be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Cabinet Office requires us to take part in the National Fraud Initiative, which is a national data matching exercises to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out on the National Fraud Initiative website .

The use of data by the Cabinet Office for data matching is carried out under its powers in Part 6 of the Local Audit and Accountability Act (LAAA) 2014, and does not require the consent of the individuals concerned under the Data Protection Act 1998. The full text of the National Fraud Initiative privacy notice can be found on GOV.UK .

Data matching by the Cabinet Office is subject to a Code of Practice .

Further information about the Cabinet Offices’ legal powers and why it matches particular information can be found on the National Fraud Initiative website .

Each year the Register of Electors is updated, this is called the annual canvass and takes place, so that the Electoral Registration Officer (ERO) knows who is eligible to register to vote.

At the start of the canvass process, all EROs must complete a data matching step, this involves checking the information (e.g. name, address) held about existing electors on the register against national and local data sets. The purpose of this is to help identify properties where the residents are more likely to have changed and will inform how the property will be canvassed.

Find out more about the annual canvass.

As part of the local data matching step, the ERO under their powers provided by Regulations 23, 35 and 35A of the Representation of the People (England and Wales) Regulations 2001, can make checks with information held by the Council.

Depending on the purpose we using your personal data for will determine our legal basis for processing your personal data. Generally, the legal basis for processing will be one of the conditions set out in Articles 6 and 9 of the General Data Protection Regulation, the main ones of which are:

  1. To perform a task or provide a service carried out in the public interest (Article 6 1 (e));
  2. To comply with a legal obligation (Article 6 1 (c));
  3. The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6 1 (b));
  4. The processing or disclosure is in your vital interests or of another person (Articles 6 1 (d) and 9 2 (c));
  5. The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Article 9 2 (f)); or
  6. You have given your explicit consent (Articles 6 1 (a) and 9 2 (a)).

When processing is on the basis of consent you will be able to withdraw your consent to processing at any time. Please contact the Council’s Data Protection Officer for further details about this.

We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. 

However, where possible we will anonymise your data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely disposed of.

Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, we may share or disclose your personal data with others. For example:

  • To comply with our legal obligations or as permitted by the General Data Protection Regulation;
  • With partner organisations that support the delivery of the services you receive;
  • With organisations we have contracted to provide services on our behalf;
  • For the purpose of the prevention and / or detection of crime;
  • To protect the public funds we administer (including data matching);
  • When it is in your vital interests or that of another person; or
  • When you have asked us to do so.

We will only share your personal data if we are satisfied that the recipient has sufficient measures in place to protect your information in the same way that we do, and when sharing your information we will only share the minimum necessary.

We will not share or sell your personal data for marketing purposes.

We do not routinely store or transfer your personal data outside of the European Economic Area (EEA).

In collaboration with our partners in the Humber region we have developed the Humber Information Sharing Charter. The Charter sets out our commitment to share the information we hold about you, in a fair and transparent way.

You have the following rights in relation to your personal data:

  • Rectification – You can ask for inaccurate data to be corrected, incomplete data to be completed or a supplementary statement attached to your information.
  • Erasure – You can ask us to delete any data we hold about you, if legislation and our retention schedules no longer require us to hold it.
  • Restriction – You can ask us to temporarily stop processing your personal data in certain circumstances. For further details see Article 18.
  • Data Portability – You can ask us for copies of the data in an electronic format we hold about you in certain circumstances. For further details see Article 20.
  • Objection – You can ask us to stop processing your personal data in certain circumstances. For further details see Article 21.
  • Automated decisions / profiling – You have the right not to be subjected to a decision based solely on automated processing, including profiling, which has legal effects for you or significantly affects you.
  • Complain – You can make a complaint to the Information Commissioner’s Office if you are unhappy with how we have processed your personal data.

Exercising your rights – You can exercise any of your data subject rights, which can be found in the Your rights section of the Privacy Notice, by emailing [email protected] letters addressed to Information Governance, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU.

To help us with your request, please provide us with as much information as possible in relation to what you wish us to do.

Please be aware that in relation to rectification and erasure requests, we may not always be able to change or remove that information but we’ll correct factual inaccuracies and can include your comments in the record to show that you disagree with it.

You can ask us for the personal data we hold about you (a Subject Access Request) and for details about that data and it has been used. You can ask to see what information the Council holds about you by making a subject access request using the Subject Access Request Form (PDF, 83KB)

This includes people who have been involved with our social care services who wish to understand more about their past. To support your request you will need to provide two forms of evidence confirming your identity (i.e. photo driving licence or passport) and your address (i.e. utility bill or bank / building society letter). These can be scanned or photographed and included with your request.

Requests for the personal data of  Children and Young People

The Information Commissioner’s Office states that parents can make subject access requests on behalf of their children who are too young to make their own request.

A young person aged 12 or above is generally considered mature enough to understand what a subject access request is, however, each case will be individually considered.

Children and young people who are able to make their own informed decisions have a legal right to access their own records, and can allow or prevent access by others, including their parents.

Any parental access to a child’s records must also be in the child’s best interests. Please make sure to sign your request, before sending an email to [email protected] or letters addressed to Information Governance, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU

We do not use AI to make automated decisions.

In our processing of personal data, we may use AI tools such as Copilot to transcribe or summarise information, however a human will always review and approve any outputs from the AI tools.

Our use of AI is documented as part of our Record of Processing Activity.

Our data is not used to train AI models. 

We use data protection impact assessments (DPIAs), previously known as privacy impact assessments (PIAs), to help us identify the most effective way of complying with our data protection obligations and meeting individuals’ expectations of privacy.

Our use of DPIAs helps ensure we follow an approach of privacy by design and data minimisation. We use DPIAs to systematically analyse how a particular project will affect the privacy of individuals and to address and resolve any issues which are identified at an early stage.

You can find a summary of the DPIAs we have undertaken in the Related documents section.

More information about DPIAs can be found on the ICO’s website.

We strive to meet the highest standards when collecting and using personal data. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you wish to make a suggestion, ask a question or make a complaint (request an internal review) about how your personal data has been used, please visit Data Protection or contact the Council’s Election and Complaints.

If following this you remain dissatisfied with our handling of your personal data, you can contact the Information Commissioner’s Office for an independent review.

ICO’s Contact us page

Email: [email protected]

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

We will continually review and update this privacy notice to reflect changes in our services, feedback from you and to comply with any changes in the law.

When we make a change, we will revise the ‘last updated’ date, which can be found at the beginning of this notice.

We may disclose personal data to third parties on request, for crime and taxation purposes, or in connection with legal proceedings.

We are not obliged to comply with such requests but will consider each application in accordance with the requirements of Data Protection legislation.

To make a third party request please submit a Third Party Disclosure Form (Word, 61KB)  which must include your legal basis for requesting the information.

If you wish to report any instances where you think your personal data has been breached, you can do this by:

  • email [email protected]
  • letter addressed to Information Governance, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU

A personal data breach can come in many forms, but the most common are:

  • loss or theft of paper or other hard copy information
  • information posted or emailed to the incorrect recipient or address
  • loss or theft of equipment on which data is stored that is not appropriately encrypted
  • inappropriate sharing of data
  • hacking, malware, data corruption
  • information obtained by deception
  • unauthorised access of data
  • non-secure disposal of data

Please provide us with as much information as you can about the data breach to help us investiga

If you are not happy with how we have dealt with your data subject rights request or handled your personal data, you may complain by:

  • email [email protected]
  • letter addressed to Information Governance, Municipal Offices, Town Hall Square, Grimsby, North East Lincolnshire, DN31 1HU

Please tell us why you are unhappy with your data subject rights request or the handling of your personal data, and what we can do to resolve this.

After receiving our response, if you remain unhappy about how we have handled your personal data or your data subject rights request, you can contact the Information Commissioner for an independent review. You can find their contact details on their website http://ico.org.uk or by writing to Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact details

Related pages

Our website update
Pinned We've updated our website Our website just got an upgrade - explore our fresh new look and faster browsing experience today!
Council Plan
Pinned Council Plan Our Council Plan sets out the authority’s aims, supporting the continued borough regeneration and the growth of our people.
Local Government Reorganisation
Pinned Local Government Reorganisation Local Government Reorganisation is changing how councils work together to deliver services for residents.
Find fresh flavours, handmade treasures and local talent at the Farmers’ and Craft Market in Riverhead Square
News Post Find fresh flavours, handmade treasures and local talent at the Farmers’ and Craft Market in Riverhead Square
Fishing Heritage Centre Children’s Day: performances, crafts and everything in between!
News Post Fishing Heritage Centre Children’s Day: performances, crafts and everything in between!
“Powerful” – first of its kind photo exhibition celebrates local heroes
News Post “Powerful” – first of its kind photo exhibition celebrates local heroes