We collect and process data relating to business rates to in order to collect taxes and communicate with you as the customer. We are committed to being transparent about how we collect and use this data and meet our data protection obligations.
What information do we collect?
We collect and process a range of information about you. This includes:
- your name and address
- contact details, including email address and telephone number (you do not have to provide this, but it may make it easier to resolve any issues)
- financial information such as bank details (if you choose to pay by direct debit)
The organisation collects this information in a variety of ways. For example, it may be supplied by you when filling out a form or calling our customer services department.
Why do we process the data?
We have a legal obligation to process information for business rate purposes. Business rate billing, collection and enforcement processes are supported by legislation laid down by the Government. We legally require this information and can impose penalties if information requested is not provided, incomplete or knowingly incorrect.
We also collect and use your contact details to communicate with you about your account. This is not a legal requirement and is done with your consent.
Who has access to your data?
Where necessary for the purposes stated your information will be shared with the parties set out below.
- Commissioned partners including Northgate
- Valuation Office Agency
- HM Courts and Tribunals Service
- Cabinet Office (National Fraud Initiative)
- HM Revenue & Customs
- Enforcement Agents (to recover unpaid Business Rates)
- Other council departments (to ensure your data is accurate and up to date)
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your data for their own purposes and only permit them to process your data for specified purposes, in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not transfer your data to countries outside the European Economic Area.
How do we protect data?
We take the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our systems is limited to members of the customer services and business rate teams whose job role requires access to the data.
How long do we keep your data?
We will keep all records relating to business rates for as long as you have an ongoing liability with us. Even if you have moved away and do not owe us any money, we will keep details of the property or properties and dates for which you were liable for Business Rates. This is in case there is a change to the rateable value of the property and we need to refund you money or charge you more.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a subject access request)
- require us to change incorrect or incomplete data
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
- object to the processing of your personal data in certain circumstances. We may still be required to hold or process information if there are legitimate grounds for doing so.
You can make a subject access request by following the instructions for making a subject access request.
To contact us about any of your other data protection rights, please contact the Data Protection Officer.
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially contact our Data Protection Officer and if dissatisfied with the outcome you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on their website