Freedom of Information and Data Protection Privacy Notice

Please see our full Privacy Notice

Updated: 08 February 2023

Reviewed: 08 February 2023

West Lindsey District Council's Freedom of Information (FOI) Department is committed to protecting the privacy and security of personal information. This privacy notice describes how we collect and use personal information in accordance with data protection law.

The reasons we use your data

We process your personal information in order to answer requests for information made under the Freedom of Information Act (FOIA) and Data Protection Act 2018 (The UK's implementation of the General Data Protection Regulation [GDPR])

The information you provide will be processed by our FOI team in order to fulfil our regulatory duties when responding to your enquiry when you have made a request for information under any of the acts or regulations:

  • to process Subject Access Requests
  • to process Freedom of Information Requests
  • to Process Environmental Information Regulations
  • to create and implement policies under the GDPR
  • to create and implement policies under the FOIA
  • to manage Third Party Data Subject Requests
  • to contact you regarding your request and provide a response

Why we are allowed to use your data

The legal basis for processing your personal data is that it is necessary:

We may hve to process sensitive personal data in order to action requests for data, the FOI department will only process sensitive personal data when strictly necessary to respond to requests, the legal basis we rely on for this are:


The purposes for which we are processing your personal data are to:

  • record and respond to freedom of information requests and data subject requests received by the department
  • provide cross government advice, support and co-ordination in responding to freedom of information requests

What data we collect

We collect, store and use certain categories of personal information about you, such as:

  • your name
  • address
  • email address
  • your request

We may also process other personal data if you volunteer it.

In responding to subject access requests (SARs), we may process any data on you held by the department.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Where we collect your data from

We collect personal information directly from you in circumstances such as:

We will also collect your personal information directly from third parties such as:

  • other government departments and public authorities
  • publicly available sources
  • overseas information, where relevant and necessary

The information you provide will be processed by our FOI team in order to fulfil our regulatory duties when responding to your enquiry when you have made an FOI, EIR request or SAR.

Who we can share your data with

We can share your data with:

  • internal departments
  • other government departments when required in order to respond to your request
  • agencies
  • public bodies
  • elected members

When computers make any decisions about you

Not applicable

When your data gets sent to other countries

Not applicable

How long do we keep your personal information?

Information held by the department in regards to individual rights and requests under any of the Acts or Regulations will be retained for two years from the date of the last communication relevant to the request.

Where ID is requested to confirm the identity of the requester this is not retained by the department.

Please see our full Privacy Notice

Previous versions