Data Protection and Subject Access Requests

by The Gateshead Housing Company & filed under Governance - GDPR.

We may need to collect your personal data to provide the services that you want. We also collect personal data for purposes like Council Tax or Electoral Registration because the law says that we must. What we can and can’t do with your data is set out in the Data Protection Act 2018 and the General Data Protection Regulation, which come into force on 25 May 2018.

Sometimes we collect personal data for one company service and need to use it to give you another service. We may also use it for prevention and detection of fraud.

We will keep your personal data safe and secure. We will not share it with other organisations without your knowledge, unless we are required by law to do so.

The Gateshead Housing Company is a data controller. We are required to register as such. For details of what we collect, hold and share, please visit the Information Commissioner’s Office (ICO) Data Protection Register on and enter Z4824725 to view our register entry.

The Data Protection Principles

The Act is based on six legally enforceable principles that organisations and individuals must apply when they process your personal data. The Act states that all personal data must:

  • be processed fairly and lawfully;
  • only be obtained and processed for specified and lawful purposes;
  • be limited to only what is required for the purpose for which it is being collected;
  • be accurate and, where necessary, kept up to date;
  • not be kept longer than necessary;
  • be kept secure;

What is personal data?

Personal data is any data which, on its own or referenced against other data held by the organisation, can be used to identify a living individual. It now also includes biometric data and IP addresses.

This includes all the obvious details the company might hold about you like name, address, rent payment records, etc. It might also include expressions of opinion about you and the company’s intentions towards you. Some data can be personal even if it refers to more than one individual, like joint tenancies.

The Act recognises that some types of personal data are more sensitive than others. There are extra rules for processing data about your ethnic origin, religious beliefs, trade union membership, party political opinions, sexuality, health, biometric and genetic data and involvement in court proceedings, etc.

What does processing personal data mean?

Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. The amount of personal data we have about you and how we process it depends on which company services you use.

We often take photographs of people attending public events like community festivals to use in publications like TGHC News.

Occasionally we take photographs of people using our services, for promotional leaflets or other publicity purposes. If you can be identified from this type of photograph we will explain why we want it and ask for your consent beforehand.

We may use the information you give us when you use council services for research or statistical purposes and to help us plan for the future, but we will not include any personal data in our reports and plans.

Who processes my personal data?

Company employees can access and process your personal data for their official company duties, but only the data needed for a specific purpose. They must not disclose your personal data to anyone else without your knowledge, unless they are legally obliged to do so.

If you make a complaint about a company service or sign a petition that is presented to Gateshead Council your personal data may be shared with your local Ward Councillors and company employees working in the service concerned.

You can write and ask us to stop processing your personal data at any time. You must explain what processing you want us to stop and why. We must reply within 21 days to let you know what we have done about your request. However this is not an absolute right and in some circumstances we are required to process your data even if you may not want us to – eg safeguarding or child protection.

Can I see my personal data?

The Data Protection Act gives you a general right of access to personal data that relates to you. Access requests must be made in writing; with enough information to locate the data requested and proof that you are the data subject.

You can request access to your personal data using our subject access form, which is available by clicking the link below. This form is designed to help you give us the information we need to find your personal data but you do not have to use it. You can send a letter or email to the company’s Governance and Risk Lead if you prefer.

Data controllers like the company must respond within 30 days confirming:

  • a description of the personal data;
  • why the data is held;
  • who else the data might have been given to;
  • a copy of the data;
  • an explanation of any technical terms or abbreviations;
  • any information about the original source of the data.

This timescale can be extended by another two months, but if that is the case we have to tell you within one month that we are extending the timescale.

We can withhold some data if it refers to other people who have not consented to disclosure, if disclosure might cause serious harm to you or anyone else or might prejudice crime prevention or court proceedings. Even if we cannot provide you with copies of the data, we will confirm what type of data we hold and why we hold it.

Can I see personal data about other people?

You only have the right to access your own personal data. You do not have the right to access personal data about other members of your family, your friends or your neighbours unless you have written proof of your authority to act on behalf of someone else.

Even if you meet this requirement we may need to ask you for more information before we reply or refuse access because of our duty to keep personal data confidential.

Obtaining personal data from company sources for an unauthorised purpose or unauthorised disclosure to a third party are offences under the Act.

How can I be sure my data is accurate?

The best way to be sure is to let us know about any changes in your circumstances that might affect the services we provide to you.

Under the Data Protection Act the company must try to keep your personal data accurate and up to date. If you think that your personal data is incorrect you can write telling us why and asking us to correct the data. We must reply within 30 days to let you know what we have done about your request. We can extend this by another two months but we have to tell you within one month.

If we agree that your personal data is incorrect we will put this right. If we do not agree we will add a note to your file that you disagree with our version of the data.

We can also add a note to any file containing data about you (including opinions or accusations) received from a third party if you think it is incorrect or inaccurate.

Further information

The regulations provide you with a number of new rights. For details of what these new rights are and how to exercise those rights, please see the information leaflet at the bottom of this page.

If you have any questions about your rights under the Data Protection Act 2018 or want to make a subject access request please contact the company’s Governance and Risk Lead.

You can also get information leaflets from the Information Commissioner’s website at or by phone on 01625 545745. 


Contact Us

Governance and Risk Lead
The Gateshead Housing Company
Civic Centre
Regent Street

0191 433 5308