Toggle menu

Privacy notice - Sunderland City Council

Data controller

Sunderland City Council

City Hall

Plater Way



Public Authority under the Freedom of Information Act 2000.

This privacy notice describes, in general terms, the personal data being processed by SUNDERLAND CITY COUNCIL

Description of Processing

The Council processes personal information in the following ways. To understand in more detail how your own personal information is processed you may also want to refer to any personal communications you have received, check any privacy notices the Council has provided or contact the Council or its Data Protection Officer directly to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide a range of government services to local people and businesses which include:

  • maintaining our own accounts and records
  • supporting and managing our employees
  • promoting the services we provide
  • marketing our local tourism
  • carrying out health and public awareness campaigns
  • managing our property
  • providing leisure and cultural services
  • provision of education
  • carrying out surveys
  • administering the assessment and collection of taxes and other revenue including benefits and grants
  • licensing and regulatory activities
  • local fraud initiatives
  • the planning, provision and review of services
  • crime prevention and prosecution of offenders including the use of CCTV
  • corporate administration and all activities we are required to carry out as a data controller and public authority
  • undertaking research including needs analyses
  • the provision of commercial services including the administration and enforcement of parking regulations and restrictions
  • the provision of non-commercial activities including refuse collections from residential properties,
  • internal financial support and corporate functions
  • managing archived records for historical and research reasons
  • data matching under local and national fraud initiatives

We also process information with the data subject's consent.

Legal basis for processing

We process personal information where there is a relevant legal basis to do so in data protection law.

These legal grounds include where;

  • processing is necessary to perform or take preparatory steps for a contract with the data subject
  • processing is necessary to comply with one of the Council's legal obligations
  • processing is necessary to protect the vital interests of the data subject or another person
  • processing is necessary to carry out a task in the public interest or the exercise of the Council's official authority
  • processing is necessary for the purposes of legitimate interests a third party or the Council is pursuing, where those purposes do not form part of the Council's public task.
  • the data subject has given consent to the processing for the specific purposes

Type/Classes of information processed

We process information relevant to the above reasons/purposes which may include:

  • personal details
  • family details
  • lifestyle and social circumstances (including needs / vulnerabilities)
  • goods and services
  • financial details
  • employment and education details
  • housing needs
  • visual images, personal appearance and behaviourlicenses or permits held
  • student and pupil records
  • business activities
  • case file information
  • NHS Digital Health data
  • Mortality data
  • Births data

We also process special categories of information that may include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic and biometric data
  • information about health and wellbeing
  • information about criminal convictions and offences
  • NHS Digital Health data
  • Mortality data
  • Births data

Information in the special categories is processed in specific circumstances allowed by law.

Who information is processed about

We process personal information about:

  • customers (incl prospective customers) and their representatives
  • suppliers
  • persons contracted to provide a service
  • employees, former employees and prospective employees
  • claimants
  • complainants, enquirers and / or their representatives
  • survey and consultation respondents
  • professional advisers and consultants
  • students and pupils
  • carers or representatives
  • landlords
  • recipients of benefits
  • witnesses
  • offenders and suspected offenders
  • license and permit holders
  • traders and others subject to inspection
  • people captured by CCTV images
  • representatives of other organisations

Who information may be received from or shared with

We sometimes need to receive information from, or share it with, the individuals we process information about and other organisations. Where this is necessary, we are required to comply with all aspects of data protection law. What follows is a description of the types of organisations we may need to receive information from or share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • customers
  • family, associates or representatives of the person whose personal data we are processing
  • current past and prospective employees and employers
  • healthcare, social and welfare organisations
  • educators and examining bodies
  • providers of goods and services
  • financial organisations
  • debt collection and tracing agencies
  • private investigators
  • service providers
  • local and central government
  • ombudsman and regulatory authorities
  • press and the media
  • professional advisers and consultants
  • courts and tribunals
  • trade unions
  • political organisations
  • professional advisers
  • credit reference agencies
  • professional bodies
  • survey and research organisations
  • police forces
  • housing associations and landlords
  • voluntary and charitable organisations
  • religious organisations
  • students and pupils including their relatives, guardians, carers or representatives
  • data processors and sub-processors
  • other police forces, non-home office police forces
  • regulatory bodies
  • courts, prisons
  • Her Majesty's customs and excise, Department of Work and Pensions, Pensions Scheme Administrators, BACS
  • local and central government
  • international law enforcement agencies and bodies
  • security companies
  • partner agencies, approved organisations and individuals working with the police,
  • licensing authorities
  • service providers
  • press and the media
  • healthcare professionals
  • examining bodies
  • law enforcement and prosecuting authorities
  • legal representatives, defence solicitors
  • police complaints authority
  • the disclosure and barring service
  • healthcare professionals

We may also obtain data from publicly accessible sources such as public registers.


It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with data protection law.

Keeping your information safe

The Council takes your privacy very seriously and designs its services to keep your personal information secure. We also have arrangements to make sure your personal data is securely destroyed when it is no longer needed. The Council has agreed retention periods which set out the period of time personal data will be retained. These are available on our website at

Individual Rights

Your information rights are set out in data protection law.

Where the Council is processing your data with your consent you have the right at any time to withdraw that consent.

You also have the right to ask to;

  • have inaccuracies corrected
  • have your personal data erased (the right to be forgotten)
  • place a restriction on our processing of your data
  • object to processing
  • request your data to be transferred to another data controller (data portability)
  • not to be subject to a decision based solely on automated decision making and profiling

When the Council processes NHS digital data this will not be used for any automated decision making and any profiling will be anonymised.

Your information rights are subject to some legal exceptions. We will advise you if these apply.

You can read more about these rights on the Information Commissioner's website -

To exercise any of these rights please contact the relevant service in the first instance, or seek assistance from the Data Protection Office.

A complaint can be made to the Data Protection Officer (see contact details below). If you remain dissatisfied with the outcome of your complaint you are entitled to escalate your concerns to the Information Commissioner.

You also have the right to ask for a copy of the personal information we hold about you. You can ask by using this link, or by contacting the Data Protection Officer.

Data Protection Officer

The Council's Data Protection Officer can be contacted at;

Postal address;

Data Protection Office,

City Hall,

Plater Way,




Telephone: 0191 561 1023

You can also contact the Information Commissioner's office

Information Commissioner's Office

Wycliffe House

Water Lane




Telephone 0303 123 1113 (local rate) or 01625 545 745

Fax 01625 524 510

Changes to the privacy notice

We may make changes to this privacy notice from time to time. This privacy notice was last reviewed on 07 July 2022.

Share this page

Share on Facebook Share on Twitter Share by email