Individual rights under GDPR

Under the General Data Protection Regulation (GDPR), you have several rights regarding how we collect, use and store your personal data.

1. Right to be informed

You have the right to know how we collect and use your personal data.We do this by providing privacy notices.

View our privacy notices

2. Right of access

You can request a copy of your personal data. This is called a Subject Access Request (SAR).

  • requests can be made verbally or in writing
  • we will respond within one month
  • there is no fee for making a request

3. Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

  • requests can be made verbally or in writing

4. Right to erasure

Also known as the ‘right to be forgotten’, you can ask us to delete your personal data.

  • this right is not absolute and applies in specific circumstances
  • requests can be made verbally or in writing
  • we have one month to respond

5. Right to restrict processing

You have the right to request the restriction or suppression of your personal data.This is not an absolute right and only applies in certain circumstances:

  • we may store your data but not use it
  • requests can be made verbally or in writing

6. Right to data portability

You can ask to receive your personal data in a format that allows you to reuse it across different services.It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. The right only applies to information you have provided to us . 

  • this applies only when data is processed by automated means
  • it must be based on your consent or a contract

7. Right to object

You can object to your data being used in certain situations.

  • you have an absolute right to stop your data being used for direct marketing
  • you can also object when processing is based on public task or legitimate interests
  • requests can be made verbally or in writing
  • we have one month to respond. 

8. Rights related to automated decision-making and profiling

You have the right not to be subject to decisions made solely by automated means, including profiling, if the decision has legal or significant effects on you.

How to exercise your rights

To make a request or report a data breach contact:

Data Protection Officer
dataprotection@hartlepool.gov.uk
01429 523087

Further information

For full guidance on your rights, visit the Information Commissioner’s Office (ICO):
A guide to individual rights – ICO