Wealden District Council
More
You are using an unsupported version of Internet Explorer.
Parts of our website may display incorrectly or not work at all. Please consider downloading an up to date browser such as Chrome or Firefox.
Wealden District Council > Transparency, Spending and Performance > Data Protection > Privacy Policy > Privacy Notice for Council Tax, Business Rates & Benefits

Privacy Notice for Council Tax, Business Rates & Benefits

1. How do we get your information?

Most of the personal information we process is provided to us directly by you.  We may also receive personal information indirectly, from the following sources:

  • Department for Work and Pension
  • Other Government Departments
  • Estate Agents/Managing Agents
  • Energy/Utility Suppliers
  • Solicitors
  • Charitable Organisations
  • HMRC
  • Financial Organisations
  • Valuation Office Agency

2. What personal data do we process and why

The information we process about you will vary depending on the service being provided, but will fall within the following categories:

  • name
  • date of birth
  • address
  • email addresses
  • telephone numbers
  • financial information
  • employee data
  • website user stats
  • references
  • income
  • photos
  • profession

It is important we hold accurate and up to date information about you in order to assess your needs and deliver appropriate services.  If any of your details change please tell us as soon as possible so that we can update your records.

3. Information relating to health and wellbeing and other special category data

In order to meet our statutory and legal obligations in respect of these services, we may also need to process sensitive, or “special category” personal data about you, which could include data related to:

  • Health – including disabilities and medical information

We always ensure appropriate safeguards are in place to protect your rights and freedoms (including, where required, maintaining an appropriate policy document), and we only retain this data for as long as necessary for the purpose(s) for which it is processed.

4. Information relating to criminal offence data

We do not process personal data relating to criminal convictions and offences or related security measures (known as “criminal offence data” under the UK GDPR and Data Protection Act 2018).

This means we do not collect, hold, use, or share information about individuals’ criminal records, convictions, cautions, alleged offences, investigations, proceedings, or related security measures (such as bail conditions or restraining orders) as part of our normal activities.

If such data were to come into our possession incidentally (for example, as part of a report or complaint), we would only handle it to the extent strictly necessary to respond appropriately and in compliance with data protection law, and we would not retain or further process it unless required by law.

5. Why we collect personal information about you

Wealden District Council is a data controller for the purposes of the UK General Data Protection Regulation and Data Protection Act 2018. We collect, hold and use your personal data in order to assess and process your council tax or business rates.

 

We will only collect the personal data we need in order to do so.  We use this information for the following purposes:

  • deliver and manage the services we provide
  • train and manage our workers who deliver those services
  • investigate your queries or complaints you may have about our services
  • check the quality of our services
  • assist with research and planning of new services

6. Lawful basis for processing your personal data

We process personal data because it is necessary to comply with our legal obligations which are:

  • Council Tax (Administration and Enforcement) Regulations 1992
  • Non-Domestic Rating (Chargeable Amounts) (England) Regulations 2016.
  • Local Government Finance Act 1992

 

As outlined above, we process health and wellbeing and other special category data. Where this is the case, we process such data on the following conditions:

  • Article 9(2)(b) – Processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security, or social protection.

7. Who do we share your data with

The data you provide may be disclosed with other departments of the Council or external organisations for related purposes or as required by law.  We may share information with the following types of organisations:

  • Department of Works and Pensions
  • HM Revenue and Customs
  • HM Courts and Tribunals Service
  • Government
  • Local Government
  • Corporate fraud officers
  • Corporate debt officers
  • Police services
  • Credit reference agencies

We may share personal data with companies contracted to deliver services related to the collection of Council Tax. These are data processors because they use the personal data on our behalf and only under our instruction. Examples are enforcement agents and printers.

We also take part in the National Fraud Initiative’s anti-fraud data matching exercise for these purposes. Where we need to disclose sensitive information, such as medical details, to a third party, we will only do so once we have obtained your explicit consent or where we are legally required to do so.

We may also disclose this information when necessary to prevent risk of harm to an individual. In some circumstances, such as under a court order, we are legally obliged to share information, and we may also share information with the Police and other enforcement agencies for the purposes of the prevention, investigation, detection, or prosecution of criminal offences.

We may also share information internally, in order to verify or confirm your personal details, to ensure our records are accurate and up to date. Data held by this service will only be used by other internal departments or services when we are satisfied there is a lawful basis for doing so and is considered fair.

In some circumstances, such as under a court order, we are legally obliged to share information, and we may also share information with the Police and other enforcement agencies for the purposes of the prevention, investigation, detection or prosecution of criminal offences.

We may also share information internally, in order to verify or confirm your personal details, to ensure our records are accurate and up-to-date. Data held by this service will only be used by other internal departments or services when we are satisfied there is a lawful basis for doing so and is considered fair.

8. Do we use data processors

Data processors are third parties who provide certain parts of our services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. Our current data processors for this service are listed below:

Data Processor

Purpose

Ascendant Solutions

Provides digital application forms, financial vulnerability tools (MAVIS, VRS), InBest benefits calculator, secure upload portal, analytics functions, and automated data feeds for CTR Robotic Process Automation (RPA).

MRI

Primary Revenues & Benefits software platform used for delivery and administration of Council Tax, Business Rates, Benefits and associated workflows.

NEC

Document imaging system used for scanning, indexing, storing and retrieving Revenues & Benefits documents.

DSI

Corporate mailing house for issuing Revenues & Benefits correspondence (CT bills, reminders, benefit notifications).

Allpay

Allows residents to make payments using Allpay outlets, using a payment card or the barcode printed on their bill. Provides assisted digital and cash‑based payment options supporting Revenues transactions.

Marstons

Enforcement Agent for Council Tax, Business Rates and Housing Benefit Overpayment recovery.

Rundles

Enforcement Agent for Council Tax, Business Rates and Housing Benefit Overpayment recovery.

Telsolutions

Messaging platform providing automated SMS and email notifications to residents.

Post Office Ltd

 

Homes for Ukraine payment fulfilment: we provide Post Office Ltd with the recipient’s name, address, mobile number and payment amount so they can send a text message enabling the recipient to claim the payment at a Post Office branch.

Money Advice Network (MAN)

Debt support referrals: we refer residents to the Money Advice Network, who then contact the resident directly to provide independent debt advice and support.

Business Smart Solutions (BSS)

 

Provides Subsidy Audit support and Appeals processing services to support accuracy, compliance, and challenge handling in Revenues & Benefits.

Bank Wizard

Checks and verifies bank account details to ensure accuracy, reduce fraud, and meet legal/audit requirements before issuing payments such as benefit entitlements, grants, refunds, or Homes for Ukraine payments.

BACS / Bottomline

Processes Direct Debit instructions and payment files via the BACS service. Provides secure file submission, validation and transmission of Council Tax and Business Rates Direct Debits, ensuring compliance with banking, audit and statutory financial requirements.

Firmstep (Granicus)

Provides the online forms and customer contact platform used by Customer Services, including “Contact Us” and service request forms. Collects and transmits resident information to Revenues & Benefits for assessment and processing.

Analyse

Processes Business Rates data to support Small Business Rates Relief validation, fraud/error detection, property intelligence analysis, and financial forecasting for NNDR (National Non‑Domestic Rates). Provides analytics and modelling insights used by Revenues for accurate forecasting and compliance activities.

9. Transfer of personal data

Your personal data may be transferred to other organisations or jurisdictions where necessary to deliver our services or meet our legal obligations. Any such transfers will be carried out in accordance with data protection laws and appropriate safeguards will be applied to ensure your information remains secure and protected. This may include the use of approved contractual clauses, adequacy decisions, or other legally recognised transfer mechanisms designed to maintain the confidentiality, integrity, and security of your personal data.

10. Automated decision making

To support the efficient, accurate and consistent delivery of our Revenues & Benefits services, we use Robotic Process Automation (RPA) tools. RPA is a form of automated processing that uses software to perform repetitive, rule-based administrative tasks such as data entry, record updates and standard processing steps within our secure systems. This helps reduce processing times, minimise manual errors and allow our trained officers to focus on cases requiring human judgement, discretion or complex support for residents.

Under Article 22 of the UK GDPR, individuals have the right not to be subject to a decision based solely on automated processing (including profiling) where the decision produces legal effects concerning them or similarly significantly affects them.

The RPA tools we use do not make solely automated decisions with legal or similarly significant effects. RPA operates strictly according to predefined rules and policies that mirror those applied by our staff in manual processing. It performs routine, mechanical tasks and calculations but does not involve automated individual decision-making as defined under Article 22 UK GDPR. No decisions that require judgement, discretion, evaluation of personal circumstances or assessment of evidence are made automatically without human involvement.

All outcomes from RPA processes are subject to meaningful human oversight. Revenues & Benefits officers regularly review automated outputs, handle any exceptions or unusual cases and make final decisions on matters involving judgement or discretion. If an automated process flags a potential issue or anomaly, it is referred to a trained officer for review and resolution.

We use RPA to:

  • Improve accuracy and consistency in applying statutory rules and policies across cases;
  • Speed up routine administrative tasks, enabling faster service delivery where possible;
  • Reduce administrative burden on staff, so they can prioritise personalised support for residents with more complex needs;
  • Support our statutory duties to deliver efficient, cost-effective, and reliable public services (e.g., Council Tax billing, Council Tax Reduction assessments, and benefits processing).

RPA processes the same categories of personal data that we would handle manually for your claim, account, or case. This may include:

  • Name, address, and contact details;
  • Council Tax or Business Rates account information;
  • Household composition and financial details relevant to Council Tax Reduction or benefits assessments;
  • Evidence or documentation you provide in support of your claim or application.

No additional or different personal data is collected or processed as a result of using RPA.

RPA tools operate entirely within our secure, controlled IT environment and are subject to the same rigorous safeguards as manual processing by staff. These include:

  • Strict access controls and role-based permissions;
  • Encryption of data in transit and at rest where appropriate;
  • Audit trails and logging of all automated actions for accountability and review;
  • Regular security testing, data governance reviews, and compliance checks;
  • Adherence to government security standards and data-sharing protocols (e.g., as set out in the Department for Work and Pensions (DWP) Local Authority Memorandum of Understanding).

11. Retention period

We process your personal data for the above purposes for no longer than necessary and in accordance with current legislation and the Councils Retention Schedule.

Only in exceptional circumstances will we hold your information for longer, for example a pending court case.  All information will be held securely and disposed of confidentially.

12. Anonymising your data

Your personal information maybe converted into statistical or aggregated data that ensures that you cannot be identified from it. 

Anonymised data means it cannot be linked back to you as an individual and may be used to conduct research and analysis.  This includes the preparations of statistics for use in our reports.

13. Your rights

Your rights are set out in the Data Protection legislation and include:

  • the right to access your personal information, to request rectification or erasure of certain personal
  • information and to object to processing in certain circumstances
  • the right to withdraw any consent you may have given to process your personal information
  • the right to complain to the Information Commissioner(opens new window) if you feel we are processing your personal information unlawfully
  • the right to restrict processing activity in certain circumstances
  • the right to object to certain types of processing activity
  • the right to request that your data is ‘ported’ (i.e. transferred) to you or an appointed third party

If you wish to exercise any of these rights please contact our Information Governance team on informationgovernance@wealden.gov.uk in writing or by completing our online form.

 

If you are dissatisfied with how we have used your personal data you have a right to complain to the Information Commissioner Office

14. Data Protection Officer

If you have any questions or concerns about how your personal data is handled, you can contact our Data Protection Officer (DPO) at dataprotection@wealden.gov.uk