Privacy Notice

Last updated: 15th January 2026
Controller: Borough Council of Pendle, Town Hall, Market Street, Nelson BB9 7LG
Telephone: 01282 661661
Data Protection Officer (DPO): Howard Culshaw 
Email: howard.culshaw@pendle.gov.uk, 
Telephone: 01282 661637

1) Who we are and how to contact us

The Borough Council of Pendle (“we”, “us”, “the Council”) is the data controller for personal information we collect and use to deliver our services and carry out our functions. Our contact details and DPO details are above.

For some services we act jointly with partners (e.g., county council, NHS) or as processor for another controller. Where that applies, the service‑specific privacy notice explains who is responsible and how to exercise your rights.

2) What personal information we collect

We only collect information we need. Depending on the service, this may include:

• Basic identifiers: name, address, date of birth, contact details, Council Tax account numbers, property identifiers (UPRN), business rates account numbers.
• Household and service details: tenancy and housing information, benefits/discounts/exemptions, planning applications/representations, environmental health case files, licensing details, parking permits.
• Financial information: bank details (for payments/refunds), income/arrears, benefit eligibility evidence.
• Correspondence and evidence: application forms, emails/letters, call recordings, documents and photographs you provide.
• CCTV and body‑worn video: for safety, prevention and detection of crime, and to protect public assets.
• Special category data (only where necessary): health information (e.g., adaptations, safeguarding), ethnicity, religious or philosophical beliefs (rare), biometric data for ID checks (rare).
• Criminal convictions/offences data (only where necessary): e.g., licensing, anti‑social behaviour, fraud, safeguarding.
• Sources: We collect directly from you and your household, and also from third parties where lawful—e.g., other councils, government departments (HMRC/DWP/Home Office), police, NHS, schools, landlords, credit reference agencies, contractors, and publicly available sources (e.g., Land Registry, Companies House, planning portal).

3) Why we use your information (purposes)

We use your information to:

• Deliver statutory and discretionary council services (e.g., Council Tax and Business Rates administration, benefits and reliefs, housing services, planning and building control, environmental health, waste and recycling, licensing, parking, community safety).
• Maintain public registers (e.g., planning, licensing) and consult on local plans.
• Manage accounts and payments, provide customer support, and handle complaints and Member enquiries.
• Prevent and detect crime and fraud (including the Cabinet Office National Fraud Initiative), protect public funds, and ensure the security of our staff, customers, and assets.
• Safeguard children and adults at risk and respond to emergencies.
• Undertake statutory reporting, research, and service planning (using anonymisation or pseudonymisation where possible).
• Meet legal obligations (e.g., equality monitoring, health & safety, transparency).

4) Our lawful bases for processing

We rely on one or more of the following UK GDPR bases, depending on the service:

• Public task (Article 6(1)(e)) – processing necessary to perform our tasks in the public interest or under official authority (most council activities).
• Legal obligation (Article 6(1)(c)) – to comply with laws (e.g., Local Government Finance Act, Housing Act, Planning Acts, Licensing Acts, Environmental Protection Act, Data Protection Act 2018).
• Contract (Article 6(1)(b)) – to provide services you have requested or agreements you enter (e.g., paid services, tenancies where applicable).
• Consent (Article 6(1)(a)) – only where we rely on it (e.g., optional newsletters). You can withdraw consent at any time.
• Vital interests (Article 6(1)(d)) – to protect life (rare, e.g., emergencies).
• Legitimate interests (Article 6(1)(f)) – limited circumstances where appropriate for a public authority (e.g., security of our digital platforms) and where it does not override your rights.

Special category & criminal convictions data
Where we process special category data (Article 9) or criminal convictions/offences data (Article 10), we do so only where necessary and with an appropriate legal condition, for example:

• Substantial public interest (Data Protection Act 2018, Sch. 1, e.g., preventing or detecting unlawful acts, safeguarding, regulatory requirements, equality of opportunity monitoring).
• Social security and social protection, health or social care, or vital interests where applicable.
• Explicit consent where no other condition applies (rare).

5) Who we share your information with

We may share information, where lawful and necessary, with:

• Other public bodies (e.g., county council, other districts, police, fire service, NHS, DWP, HMRC, Home Office, Valuation Office Agency, Valuation Tribunal).
• Central government departments and regulators (e.g., Cabinet Office for the National Fraud Initiative; Department for Levelling Up, Housing and Communities).
• Our contractors and service providers (e.g., IT hosting, mailing, payment processors, waste contractors) under data processing agreements.
• Courts, tribunals, and legal advisers.
• Landlords, housing associations, voluntary and community sector partners, and multi‑agency safeguarding partners.
• Credit reference agencies and enforcement agents where necessary for debt recovery and fraud prevention.
• The public, where required by law (e.g., planning registers), or where you have chosen to make information public.

We do not sell your personal information.

6) International transfers

We aim to store data in the UK. If we (or our processors) transfer personal data outside the UK, we will ensure an appropriate safeguard is in place (e.g., UK adequacy regulations, International Data Transfer Agreement (IDTA)/Addendum to the EU SCCs), and apply additional protections where needed. Service‑specific notices will explain any relevant transfers.

7) How long we keep your information (retention)

We keep personal data only as long as necessary for the stated purposes and to meet legal, accounting, or reporting requirements. We follow our Records Retention Schedule based on relevant legislation. After this, we securely delete or anonymise your data.

Examples:

• Council Tax/Business Rates accounts: typically, 6–7 years after account closure.
• Planning applications: permanent retention of the public register and related decisions; supporting files per Schedule.
• Housing and homelessness cases: 6–12 years depending on case type and legal limitation periods.
• CCTV: typically, 30–90 days unless needed for an investigation.

8) Your data protection rights

You have rights over your personal data. These include:

• Right of access – request a copy of your data.
• Right to rectification – correct inaccurate or incomplete data.
• Right to erasure – ask us to delete your data where we have no lawful reason to keep it.
• Right to restriction – limit how we use your data.
• Right to object – to processing under public task/legitimate interests and to direct marketing.
• Right to data portability – where processing is based on consent or contract and carried out by automated means.
• Rights in relation to automated decision‑making and profiling – we will tell you if we use these in a way that has legal or similarly significant effects.

To exercise your rights, contact our DPO (details at the top). We may need to verify your identity and may be entitled to refuse or limit a request where the law allows (we’ll explain why if so).

You also have the right to complain to the Information Commissioner’s Office (ICO):
ICO: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns

9) Automated decision‑making and profiling

Most council decisions involve human review. If any service uses automated decision‑making with legal or similarly significant effects, we will explain the logic, significance, and consequences and tell you how to obtain human intervention and challenge the decision in that service’s privacy notice.

10) Cookies and online services

Our website uses cookies and similar technologies. For details and to manage your preferences, see our Cookies Notice. Online forms and portals may include verification and fraud‑prevention checks.

11) National Fraud Initiative (NFI)

We are required by law to participate in the Cabinet Office’s National Fraud Initiative. This involves the matching of data across public bodies to prevent and detect fraud. Further information is available from the Cabinet Office.

12) Service‑specific information

Individual services publish more detail about what they collect, why, and how long they keep it. Key examples:

a) Council Tax & Business Rates

• Purposes: billing, collection, discounts, exemptions, recovery.
• Lawful bases: public task, legal obligation (Local Government Finance Act 1992 and related regulations).
• Sharing: VOA, HMCTS/tribunals, enforcement agents, DLUHC, fraud‑prevention bodies.
• Retention: typically, 6–7 years after account closure.

b) Housing & Homelessness

• Purposes: homelessness prevention and relief, temporary accommodation, tenancy and property management, housing adaptations (DFG).
• Lawful bases: public task, legal obligation; special category data under substantial public interest/social protection; vital interests in emergencies.
• Sharing: housing associations, landlords, support providers, DWP, police (as necessary).
• Retention: per schedule (often 6–12 years or as required by law).

c) Planning & Building Control

• Purposes: processing applications, consultations, enforcement, public registers.
• Lawful bases: public task; legal obligation (Town and Country Planning Acts).
• Sharing: statutory consultees, the public via registers (with redaction of signatures/payment data).
• Retention: registers kept permanently; files per schedule.

d) Licensing (e.g., taxis, alcohol, premises)

• Purposes: applications, renewals, enforcement, committees, public registers.
• Lawful bases: public task; substantial public interest (regulatory requirements).
• Sharing: police, other authorities, trade bodies, public registers.
• Retention: per schedule and legislation.

e) Environmental Health & Community Safety

• Purposes: complaints, inspections, enforcement, public health, anti‑social behaviour.
• Lawful bases: public task; legal obligation; substantial public interest (safeguarding/unlawful acts).
• Sharing: police, NHS/UKHSA, other councils, landlords.

f) Elections & Electoral Registration

• Controller: Electoral Registration Officer (ERO) and Returning Officer (RO) act as separate controllers from the Council.
• Purposes: compile and maintain the electoral register, manage elections.
• Lawful bases: public task/legal obligation under electoral law.
• Privacy notices: See the Elections and Electoral Registration privacy notices.

g) CCTV & Body‑Worn Video

• Purposes: safety, prevention/detection of crime, protecting public assets.
• Lawful bases: public task; legitimate interests (limited); substantial public interest for crime prevention.
• Retention: short periods unless required for investigation; signage displayed in monitored areas.

13) Children’s information

We do not knowingly provide services directly to children unless required (e.g., housing/safeguarding). Where we do, we take extra care to protect children’s data and provide information in a form they can understand.

14) How we protect your information

We use technical and organisational measures to keep your data secure—access controls, encryption, training, audit, and regular testing. We require processors to meet strict security and confidentiality obligations and only process data on our instructions.

15) Changes to this notice

We review this notice regularly and will publish updates here. If changes are significant, we will let you know via our website or service communications.

Version: 3
Effective date: 15th January 2026
Next review due: 15th January 2027

• Back to the Your Data homepage