Data Controller and Purpose

The information you provide will be used by the London Borough of Tower Hamlets, as the Data Controller under the General Data Protection Regulation and UK Data Protection Legislation, to process your services and each service will have a detailed privacy notice, to tell you more about your data and how it is processed.


We will also let you know if we have received data from other organisations, what type of data they have provided and what and we will use this for.


We process your data in accordance with the General Data Protection Regulation (GDPR) and UK privacy legislation and if you have any concerns the Council’s Data Protection Officer can be contacted on


Condition for Processing Personal Data

Most often, it is necessary for us to process your personal data (name, address, contact details), under the GDPR as a task carried out in the public interest, and more personal data (health, personal and household circumstances) as necessary for substantial public interest reasons.


Other services, where there is a legal obligation for us to process your data, or where we are performing a contract, our privacy notice will state this and any other condition for processing data. The main purposes for which we process data are employment, social security or social protection law, legal action, preventative or occupational medicine, the provision of health and social care, public health, and for archiving, research and statistical purposes.


A delay in you providing the information requested may result in a delay in providing appropriate services.


How long do we keep your information?

We will only hold your information for as long as is required by law and to provide you with the necessary services. For further details, you can view our Retention Schedule.


We may also anonymise (take out details that identify you) some personal data you provide to us to ensure that you cannot be identified and use this for statistical analysis of data to allow the Council to effectively target and plan the provision of services. 


Information sharing

Your personal information may be shared with internal departments or with external partners and agencies involved in delivering services on our behalf. Specific details will be contained in the service’s privacy notice.


The council has a duty to protect public funds and may use personal information and data-matching techniques to detect and prevent fraud, and ensure public money is targeted and spent in the most appropriate and cost-effective way. Information may be shared with internal services and external bodies like the Audit Commission, Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. This activity is carried out under social protection law.


We have a duty to improve the health of the population we serve. To help with this, we use data and information from a range of sources including hospitals to understand more about the nature and causes of disease and ill-health in the area. This data would normally be anonymised and never used to make decisions on a specific individual or family.


Data Transfer to non-European Economic Area (EEA) territory

The law prohibits organisations from processing data outside the EEA and the Council abides by this.


Automated Decision Making and Profiling

Each service will let you know whether they will process some of the data by computer and may therefore make automated decisions on your case. If an automated decision is made, you can ask for this to be explained to you, please see the ‘your rights’ link below.


Your Rights

You can find out more about your rights on our Data Protection Page and this includes details of your rights about automated decisions, such as the ranking of Housing Applications, and how to complain to the Information Commissioner.