Record of Processing Activities

Record of Processing Activities (RoPA) (Article 30)

This page provides a summary of personal data processing activities undertaken by the Council. It complies with Article 30 of the UK GDPR by providing:

  1. the name and contact details of the controller and the data protection officer;
  2. the purpose of the processing;
  3. a description of the categories of data subjects and of the categories of personal data;
  4. where applicable, transfers of personal data to a third country etc
  5. where possible, the envisaged time limits for erasure of the different categories of data;
  6. where possible, a general description of the technical and organisational security measures in place.

The Controller

Thanet District Council
Cecil Street

Nature of Work

We are a district council.

Further information relating to the work of the council can be obtained from our General Privacy Notice here: Privacy Statement page

Data Protection Officer:

Mrs C Curtis
Information Governance and Equalities Manager

Description of Processing

The following is a broad outline of how the Council processes personal information. For further information on how we process your personal information, please refer to any personal communications you have received from us, refer to our service specific Privacy notices, or contact the Council directly to ask about your personal circumstances.

We process personal information to enable us to provide a range of services to people and businesses in the district of Thanet, which include the following functions:

  • Administration and Government
  • Advice, benefits and welfare rights
  • Alcohol and entertainment licensing
  • Animal welfare
  • Arts and entertainment
  • Beaches and coast
  • Building and construction
  • Building control
  • Business grants
  • Business rates
  • Commercial activities
  • Commercial property
  • Commercial waste
  • Communications and publicity
  • Community grants
  • Community safety
  • Complaints and compliments
  • Conservation and sustainability
  • Consultations
  • Corporate landlord
  • Corporate management
  • Council tax
  • Data protection and freedom of information
  • Democracy
  • Disabled facilities grants
  • Elected members (Councillors)
  • Emergencies
  • Environmental health and protection
  • Events
  • Facilities
  • Finance
  • Food safety
  • Funerals and cremations
  • Gambling and lottery
  • Goods and services
  • Grants and aid
  • Hazardous waste and materials
  • Health and safety at work
  • Heating and home energy support
  • Homelessness and prevention
  • Household waste
  • Housing advice
  • Housing allocation
  • Housing benefits
  • Human resources
  • Improvements and repairs, including on social housing stock
  • Incident response
  • Information communication technology
  • Internal operations
  • Lease holdings
  • Legal
  • Leisure and culture
  • Licences, permits and permissions
  • Local history and heritage
  • Low income benefits
  • Multiple occupancy homes
  • Museums
  • Neighbourhood and Communities security function, including CCTV
  • Parking
  • Parks and open spaces
  • Permissions and consents
  • Planning permission
  • Planning policy
  • Planning services
  • Policy and performance
  • Pollution control
  • Port and harbours
  • Procurement
  • Public health
  • Public safety
  • Reference and research
  • Regeneration
  • Road closures
  • Social housing provisions
  • Sports and sporting venues
  • Statistics and census information
  • Street care and cleaning
  • Taxation
  • Taxi and private hire
  • Tourism
  • Volunteering and voluntary organisations
  • Waste and pollution
  • Waste management
  • Waste and recycling
  • Water activities

We process information relevant to the above reasons/purposes which may include:

  • Business activities
  • Case file information
  • Employment
  • Family details
  • Financial details
  • Goods and services
  • Housing needs
  • Licences or permits
  • Lifestyle and social circumstances
  • Personal details
  • Tenant details
  • Visual images, personal appearance, and behaviour

We also process ‘special categories’ of information, previously known as ‘sensitive data’, that may include:

  • Genetic/biometric data
  • Physical or mental health details
  • Political affiliation/opinions
  • Racial or ethnic origin
  • Religious or other beliefs of a similar nature
  • Sexual orientation
  • Sex life
  • Trade union membership

However, we would only use this type of personal data if it was necessary or we have your explicit consent.

We also process criminal offence data, that may include:

  • Criminal proceedings, outcomes and sentences
  • Offences including alleged offences

We process personal information about:

  • Business owners
  • Carers or representatives
  • Claimants
  • Complainants, enquirers or their representatives
  • Customers
  • Councillors
  • Landlords
  • Licence and permit holders
  • Offenders and suspected offenders
  • Payers of Council Tax and/or Business Rates
  • People captured by CCTV images
  • Professional advisors and consultants
  • Receivers of Council services
  • Recipients of benefits
  • Representatives of other organisations
  • Residents in the District
  • Staff, persons contracted to provide a service
  • Suppliers
  • Traders and others subject to inspection
  • Tenants
  • Witnesses

We may share with other organisations information that we hold about individuals where it is necessary, required by law and/or through consent. In doing so, we are required to comply with all aspects of the data protection legislation.

The following is a list of the types of organisations in which we may share data:

  • Councillors
  • Courts
  • Credit reference agencies
  • Current, past and prospective employers
  • Customers
  • Data processors
  • Debt collection and tracing agencies
  • Family, associates or representatives of the person whose personal data we are processing
  • Financial organisations
  • Healthcare professionals
  • Healthcare, social and welfare organisations
  • Housing associations and landlords
  • Housing and tenants’ associations
  • International law enforcement agencies and bodies
  • Law enforcement and prosecuting authorities
  • Legal representatives, defence solicitors
  • Licensing authorities
  • Local and central government
  • NHS
  • Ombudsman and regulatory authorities
  • Partner agencies, approved organisations and individuals working with the police.
  • Police complaints authority
  • Police forces
  • Political organisations
  • Press and the media
  • Prisons
  • Private investigators
  • Professional advisors and consultants
  • Professional bodies
  • Providers of goods and services
  • Regulatory bodies
  • Religious organisations
  • Revenues and customs
  • Security companies
  • Service providers
  • Survey and research organisations
  • Disclosure and Barring Service
  • Trade unions
  • Tribunals
  • Voluntary and charitable organisations

Those organisations who are a signatory of the Kent and Medway Information Sharing Agreement for specific reasons set out in the agreement.


The Council has a robust suite of security controls in place to protect the records we hold about you (on paper and electronically). The Council meets stringent Public Sector Network (PSN) Security controls and strict Payment Card Industry Data Security Standards (PCI-DSS).

Access to your records is only available to those who have a need to see them.

Examples of further security include:

  • Access controls, limiting access to systems and networks using multi factor authentication, allows us to stop people who are not allowed to view personal information from getting access to it.
  • Training for staff to give them the insight to handle information and how and when to report when something goes wrong.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (patches).
  • Having a password policy, requiring passwords being changed regularly and are of a complex format, making them very difficult guess or crack.

There is often a legal reason for keeping your personal information for a set period of time, which is reflected in our  retention schedules.

For each service/function, the schedule lists for how long your information may be kept. This ranges from months for some records to decades for more sensitive records. In exceptional cases, we may be obliged by law to keep certain records indefinitely.

As services, laws and legislation change regularly, the retention schedule is constantly changing to reflect the new requirements.


In very rare circumstances, it may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the data protection legislation, for example, only with additional security measures in place to protect your information.

As standard, we look to keep personal data within the UK but we are satisfied that there are appropriate protections in place in Member States of the EU too, under the EU GDPR. However, there are some occasions where your information may leave the UK to get to another organisation, or, if it is stored in a system that uses servers elsewhere.

We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data, undertaking risk assessments on systems being used to ensuring we have a robust contract in place with the third party.

We will take all practical steps to make sure your personal information is not sent to a country that is not seen as “safe” either by the UK or EU.


Further information

If you have any concerns about how your personal information is handled please contact our Data Protection Officer via the details provided above.

For independent advice about data protection, privacy and data sharing issues, you can contact the regulatory body, Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House
Water Lane
SK99 5AF

Tel: 0303 123 1113

Visit: ICO

Help & support

Did you find this page useful?

  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.