Data Protection Act

Data Protection legislation seeks to protect an individual’s privacy by regulating the way their personal data is processed.

We strive to ensure the personal information we collect, use and hold is processed securely and complies with data protection principles outlined in the General Data Protection Regulation (GDPR) and its associated legislation.

Data controller / data protection officer

For the purposes of GDPR and the Data Protection Act 2018 Tamworth Borough Council of Marmion House, Lichfield Street, Tamworth, Staffordshire, B79 7BZ, is a controller of your personal data. Our data protection officer can be contacted by writing to us at the above address, by calling us on 01827 709266 or by emailing data-protection@tamworth.gov.uk.

Your rights

Data Protection legislation provides the following rights for individuals:

The right to be informed
You have the right to be informed about the collection and use of your personal data. We will normally do this by way of privacy notices on forms or on our website.

The right of access 
You have the right to request access to the information we hold about you. The information requested will be provided free of charge, however, we may charge a reasonable fee if the request is considered 'manifestly unfounded' or 'excessive'. We may also charge a fee if you request further copies of information we have already provided to you.

The right to rectification
You have the right to request that inaccurate personal information be rectified and incomplete personal information updated.

The right to erasure
You have a right to ask us to erase information about you. This right will only apply where:

• The personal data is no longer necessary for the purpose which we originally collected it for
• We are relying on consent as the lawful basis for holding the data and you withdraw that consent
• We are processing the data for direct marketing purposes and you object to that processing

The majority of processing we carry out is governed by legislation, which usually includes how long we have to keep your information. The right of erasure won’t apply where we have a lawful reason to process your data and it is kept in accordance with our retention schedule.

Where your information has been shared with others, we will endeavour to ensure they are aware of your request for erasure.

The right to restrict processing
You have the right to restrict the processing of your personal data where:

• You contest the accuracy of your personal data and the council needs to verify its accuracy before further processing takes place
• The data has been unlawfully processed and you oppose erasure of the data and request restriction of its use instead

The right to data portability
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being.

It’s likely that data portability won’t apply to most of the services you receive from the council. You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you.

The right to object
You have the right to object to the processing of your personal information. The right to object only applies in certain circumstances.

Where personal data might lawfully be processed because it's necessary for the performance of a task carried out in the public interest or in the exercise of official authority, a data subject should be entitled to object to the processing of any personal data relating to their particular situation. It should be for the council to demonstrate that its compelling legitimate interest overrides the interests or the fundamental rights and freedoms of the data subject.

Please note that the above rights are not absolute.

We can refuse your request. For full details of rights, grounds to exercise them and the exemptions available to the council, please see articles 12 to 23 of the GDPR.

Exercising your rights:
To request a copy of personal information we may hold, please complete this Right to Access form and email it to our data protection officer at: data-protection@tamworth.gov.uk. You can use the same email address to exercise any of your other rights under Data Protection rules.

Useful links:

• CCTV footage request
• Data Protection policy
• Freedom of Information
• Privacy Notice
• Regulation of investigatory powers Act 2000 (RIPA)
• Information Commissioner's Office

Contact: Information Governance Team: Tel: 01827 709587 or email: Data-Protection@tamworth.gov.uk.

Complaints

The Data (Use and Access) Act 2025 introduces new requirements for organisations to have a formal process for handling data protection complaints. These requirements take effect from 19 June 2026. In advance of that date, Tamworth Borough Council is strengthening its current arrangements in line with ICO guidance and good practice so that individuals have a clear route to raise concerns about how their personal data has been handled.

When to make a data protection complaint

You can make a data protection complaint if you are concerned that

• Security and data breaches: Your information has been lost, stolen, or improperly accessed (e.g., a data breach).
• Handling of rights: An organisation ignored, delayed, or poorly handled your Subject Access Request (SAR) or requests to delete, correct, or restrict your data.
• Inaccurate data: The organisation holds incorrect or outdated information about you and refuses to update it.
• Improper use or disclosure: Your data has been shared with unauthorised third parties, used for a reason other than what it was collected for, or used for unsolicited direct marketing.
• Data retention: Information about you is being kept for longer than is necessary.
• Unfair processing: Your data was obtained unfairly, or the organisation does not have a lawful basis for processing it
• The process of handling a Subject Access Request has been mismanaged. 

You should begin by contacting Tamworth Borough Council if you believe we have mishandled your personal data. This gives us an opportunity to investigate, explain what happened, and put things right. You do not need to use a specific form or wording for us to treat your concern as a data protection complaint. When contacting us, please explain the issue, include any relevant dates or evidence, and tell us what outcome you are seeking.

How to make a complaint

 You can make a complaint by:

1. Email us at data-protection@tamworth.gov.uk
2. Use our online form.
3. Call us on 01827 709709.
4. Via post. Use our online complaint form as a guide to the information to include in your complaint. Once completed you can then post it to:

 Information Governance Team

 Tamworth Borough Council 
 Marmion House
 Lichfield Street
 Tamworth
 B79 7BZ 

What happens next. 

Once we receive your complaint, we will acknowledge it within 30 days. We will then review the issues raised, make any necessary enquiries, and keep you informed as appropriate while we consider your complaint. We will provide you with the outcome of our investigation without undue delay.

If you are unhappy with our response, you may ask for an internal review. This means your complaint will be reconsidered by a different officer from the one who carried out the initial investigation. To request an internal review, please contact the data protection team by email at data-protection@tamworth.gov.uk or by telephone, explaining why you remain dissatisfied with the response you received.

If you remain dissatisfied

If you remain dissatisfied after we have responded to your complaint, you may raise the matter with the Information Commissioner’s Office (ICO). The ICO may consider your concerns, assess whether the law has been complied with, provide advice, and decide whether any regulatory action is appropriate.

The ICO generally expects concerns to be raised with them within three months of your last meaningful contact with us about the issue. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113 or by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can record a complaint with the ICO.

Further information about data protection rights and complaints is available from the Information Commissioner’s Office at ico.org.uk.