Essential works to the planning register
On Tuesday 22 July 2025, you will not be able to search or comment on planning applications. This is because of essential maintenance needed to the software. We apologise for any inconvenience.
Data protection and the Data Protection Act, how to make a subject access request to find out what data we hold about you, how we process your personal information.
In order to provide services to local residents and businesses, we collect, use and share considerable amounts of personal data.
We are committed to protecting your privacy when we use your personal data. When we process personal data we must comply with our obligations under data protection legislation.
Personal data refers to any information that can identify a living individual, such as their:
The EU-wide General Data Protection Regulation and the Data Protection Act 2018 set requirements on how organisations, including councils, can process personal data. Through 6 principles, the legislation establishes that personal data shall be:
In order to uphold these principles, we have adopted and adhere to a Data Protection Policy.
This policy applies to all staff and elected members.
We have also appointed a Data Protection Officer (DPO) who makes sure we follow the law and respect your rights.
You can contact our DPO if you have any concerns or questions about how we look after your personal information.
Email: dataprotectionofficer@woking.gov.uk
Write to:
Data Protection Officer
Woking Borough Council
Civic Offices
Gloucester Square
Woking
GU21 6YL
We may need to use your personal data in order to:
We are required to identify an explicit, specific purpose for processing any given personal data.
Unless the law either allows us or requires us to do otherwise, we will not process your personal data in a way that is incompatible with that original purpose. We will tell you when we collect your personal data what the identified purpose is.
When we process your personal data, we draw on a legal basis from the legislation. In most cases, we process your personal data in order to carry out duties and powers already laid down in other legislation, or to fulfil the terms of contracts it has with others.
In some instances, we may require your consent. In these cases, you can withdraw your consent by contacting us. We will tell you when we collect your personal data what the relevant legal basis is.
We keep your personal data secure through a number of technical and organisational measures, such as staff training, password protection and locked storage. We will notify you if your personal data is accidently or unlawfully destroyed, lost, altered or disclosed and that breach presents a high risk to your rights and freedoms.
Personal data is retained according to our document retention schedule. After the prescribed period has elapsed, the personal data is destroyed appropriately, for example, by shredding or, in the case of digital records, secure deletion.
We may share your personal data with other organisations such as private companies, other local authorities and not-for-profit organisations as part of contractual arrangements to provide services. This may include:
In cases like these we have arrangements in place with these organisations which ensure that your personal data is protected.
Sometimes we may share your personal data with other organisations without asking your permission. This will only happen when there is a good reason more important than keeping your personal data private, such as fulfilling a statutory duty or responding to a serious risk. For example, we may share your personal data in order to:
We may also receive personal data about you from trusted third parties:
Data protection legislation requires us to take extra care when your personal data is transferred to another country outside the EU. The vast majority of personal data held by us is stored in the UK.
However, there are some occasions where your personal data may leave the UK and the EU either in order to get to another organisation or if its stored in a system outside of this area. If this is the case, it will be transferred in accordance with our statutory obligations including the appropriate safeguards and security measures.
The legislation gives you control over your personal data through a number of data rights, including access to, correction of and deletion of personal data.
You can find out more about them and how to make a subject access request.
When you use our website and other online council services we sometimes place a small file on your device called a cookie.
For more information about data protection and information law in the UK, go to the Information Commissioner's Office.
Woking Borough Council is registered with the ICO under registration Z5956782.
You have the right to submit a complaint against Woking Borough Council with the ICO.
Email: casework@ico.org.uk
Telephone: 0303 123 1113