Toggle menu

    Gateshead Trading Company - New Enterprise Allowance Scheme, Phase 2 Privacy Notice

    Who are we and what do we do

    Gateshead Trading Company (GTC) is a wholly owned subsidiary of Gateshead Council. We are based at the Civic Centre, Gateshead. GTC is the prime contractor for the Department for Work and Pensions (DWP) in respect of the New Enterprise Allowance Phase 2 programme. The programme is part-funded by the European Social Fund (ESF). 

    This privacy notice provides specific information about how we process your personal data. GTC is a separate data controller from Gateshead Council and maintains a separate registration with the ICO.  

    What type of information is collected about you  

    We collect personal information to understand your needs and provide services. Information includes:  

    • title and name 
    • address  
    • date of birth  
    • address 
    • gender  
    • national insurance (NI) number  
    • employment status  
    • start and end dates on the programme  

    We also collect the following special category data: 

    • race or ethnic origin  

    How we collect information about you  

    We collect information about you from our supply chain partners that deliver the programme, including:  

    • North East Business and Innovation Centre 
    • CDC Enterprise Agency  
    • East Durham Business Service  
    • Enterprise Made Simple  
    • Five Lamps  
    • Northumberland Business Service Ltd  
    • Project North East  
    • South Durham Enterprise Agency  
    • TEDCO  

    Why we need your information  

    Our purpose for collecting personal information is to enable us to: 

    • correctly administer the programme and deliver services 
    • identify service improvements  
    • provide monitoring and evaluation information to the DWP and ESF  
    • submit claims for payment to the DWP  
    • detect and prevent fraud  

    The lawful basis for our processing is:  

    • task in the public interest 

    Our lawful basis for processing of sensitive personal data is:    

    • substantial public interest  

    Who your information can be shared with  

    For the purposes of the New Enterprise Allowance Scheme, GTC can share your information with:   

    • Department for Work and Pensions (DWP) 
    • European Social Fund (ESF) 

    If we wish to share your information with other council services or third parties for purposes outside of those listed above we will ask your permission.   

    How long we will keep your information  

    We keep your information for as long as we need to provide services to you. We may also need to keep your information in accordance with legal or other obligations. Where we have no need to keep your data it will be securely destroyed. Information for the NEA scheme will be retained for 10 years from the end of the contract; the retention end date being 23 October 2033. For more information please contact via email. 

    Where your information is held  

    We hold personal information in secure electronic systems on Gateshead council servers. Information is inputted into secure DWP systems. Paper records are stored securely in accordance with council policies and procedures.  

    How you can update your information  

    Our delivery of efficient services depends on the accuracy of your information.  

    Please inform us of any changes to the following:  

    • email address  
    • personal circumstances  
    • postal address  
    • any of the other information we hold  

    Please contact: newenterpriseallowance@gateshead.gov.uk 

    Your information rights 

    The UK GDPR provides the following rights for individuals:  

    1. The right to be informed  

    You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the UK GDPR. This includes our purposes for processing your personal data, our data retention periods, and who we share it with. We must provide privacy information to you at the time we collect your personal data.  

    2. The right of access  

    You have the right to access and receive a copy of your personal data, and other supplementary information. This is commonly referred to as a subject access request or 'SAR'. Individuals can make SARs verbally or in writing.  

    3. The right to rectification  

    You have the right to have inaccurate personal data rectified, or completed if incomplete. You can make a request for rectification verbally or in writing. In certain circumstances we can refuse a request for rectification. This right is closely linked to the controller's obligations under the accuracy principle of the UK GDPR (Article (5)(1)(d)).  

    4. The right to erasure  

    You have the right to have personal data erased. This is also known as 'the right to be forgotten'. The right is not absolute and only applies in certain circumstances. Individuals can make a request for erasure verbally or in writing.  

    5. The right to restrict processing  

    You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing.  

    6. The right to data portability  

    You have the right to obtain and reuse your personal data for your own purposes. It allows you to move, copy or transfer personal data. Safe and secure transfer from one IT environment to another enables use of other applications and services. For example, to find you a better deal or help you understand your spending habits. The right only applies to information an individual has provided to a controller.  

    7. The right to object  

    You have the right to refuse the processing of your personal data in certain circumstances. You have an absolute right to stop use of your data for direct marketing. You can make an objection verbally or in writing. You may not be able to object to the holding, using or sharing of your information under certain circumstances. Examples include:  

    • where we have a duty to safeguard a vulnerable adult or a child  
    • where data is required for the prevention and detection of crime  
    • where we are required to fulfil our statutory obligations  

    8. Rights in relation to automated decision-making and profiling  

    The UK GDPR also has provisions on:  

    • automated decision-making - decisions made solely by automated means without any human involvement  
    • profiling - automated processing of personal data to evaluate certain things about an individual (can be part of an automated decision-making process)  

    Article 22 of the UK GDPR also has rules protecting you from legal or significant effects of solely automated decision-making.  

    Marketing and e-newsletters 

    Your choices direct the method and type of communications from Gateshead Trading Company. You can choose if you wish to receive information from us or not.   

    Business intelligence, profiling and automated-decision making 

    Profiling is the processing of personal data to analyse or predict certain characteristics. For example, a person's economic and health situation, reliability, personal preferences or interests.  

    Automated decision-making is profiling carried out without any element of human review. For example, carrying out credit checks and searches to detect and reduce fraud.  

    We will use profiling only when necessary and where the law allows. This will be to provide the service you have agreed to receive or where there is a statutory obligation. However, we will notify you about profiling and where required we will seek your consent.  

    Protecting your information 

    Any information held by GTC about individuals is held securely and in compliance with the Data Protection Act 2018 and GDPR. Information is held electronically on secure servers and cloud storage solutions. Paper records are stored securely in accordance with council policies and procedures.  

    GTC is committed to protecting its service users' personal data. Our data measures ensure best practice for staff, service providers, partners and suppliers. Measures are lawful and follow rules and practices known as Information Governance (IG).  

    The information security measures we've put in place include:  

    • encrypting all our electronic devices and sensitive information that is transmitted 
    • following good IG practice and the law for collecting, handling and giving access to information  
    • holding information for no longer than required and disposing of it securely  
    • permitting access to your information only to those who need to know and where it is necessary  
    • putting processes in place to ensure good IG practices for information we collect, hold or handle in both manual and electronic forms 
    • training staff in their data protection responsibilities

    Data Protection Officer  

    Data Protection Officer

    Civic Centre

    Regent Street

    Gateshead

    NE8 1HH 

    DPOcouncil@gateshead.gov.uk  

    0191 433 3000  

    Information Commissioner's Office

    The Information Commissioner is the UK's independent body for upholding information rights. Visit their website to find out more about your rights under Data Protection law, and what to expect from us. 

    For privacy practices or data protection rights concerns, contact the Information Commissioner's Office:  

    Information Commissioner's Office

    Wycliffe House 

    Water Lane 

    Wilmslow 

    Cheshire

    SK9 5AF  

    0303 123 1113 or 01625 545 745 

    casework@ico.org.uk 

    Close