Privacy and cookies

Privacy statement

Privacy Policy

We have one overarching Privacy Policy. Personal information provided by you, including any supporting evidence required to process service requests and provide services, will be held and used by Cherwell District Council under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Cherwell District Council (CDC) is classed as a data controller. This means that CDC decides what personal information we need from you to provide you with services and to do the things we are required to do by law. CDC is registered with the Commissioner's Office – you can view our registration on their website.

By sharing your personal information with us, and by continuing to use our websites, services and products, you confirm that you have read and understood the terms of this privacy policy. We take responsibility for the personal information we collect about you, and we aim to be transparent about how we handle it, and give you control over it.

We will review and update this privacy policy at least once a year and will note the date it was last updated below. We reserve the right to change our privacy policy at any time to ensure it remains compliant with current data protection legislation and best practice.

This privacy policy was last reviewed and updated in September 2022

How we use your information

To find out about the information we collect from you to deliver our services, including what allows us to use your personal information and who we share it with, please view the privacy notices for Council Service areas below.

How we share your information

Sometimes we might obtain information about you from, or share information with other departments within the Council as well as other councils, the police, health care providers, government departments, Ombudsmen, and organisations delivering services in partnership with, or on behalf of, Cherwell District Council. We will only share information where it is fair and lawful to do so.

Data matching, mining and analysis

For data matching and data mining purposes, the council will share your personal data with other bodies responsible for auditing or administering public funds, or where undertaking a public function, to prevent and detect fraud.

Data matching compares computer records held by one organisation against those held by the same or another organisation.

Electronic data matching allows potentially fraudulent claims and payments to be identified as a match and may indicate an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error, or other explanation until an investigation is carried out.

The council participates in the statutory National Fraud Initiative; a data-matching exercise with other public bodies run by the Cabinet Office for the purposes of preventing and detecting fraud.

Automated decision making and overseas transfers

Cherwell District Council operates within the UK and we do not use computers to make any decisions about you. Information we process is hosted and stored in the UK. Sometimes we transfer your personal information outside of the UK to other countries regarded as having an adequate level of protection..

We will make sure that both any transfer of your personal information by us or by the third parties that we share your personal information with, and our handling of your personal information, complies with those laws which apply to us. In any case, our transfer, storage and handling of your personal information will continue to be governed by this privacy policy.

By submitting your personal information to us, and by using our websites, services and products, you agree to us transferring, storing and handling your personal information in this way.

Retention of information

How long we keep your information, depends on why we need it, but we will only keep information for as long as there is a legal or business need for us to do so.

Information Security and Privacy

We use appropriate technical and organisational measures, including encryption, to protect your personal information and privacy, and review those regularly. We protect your personal information using a combination of physical and IT security controls, including access controls that restrict and manage the way in which your personal information and data is processed, managed and handled. We also ensure that our staff are adequately trained in protecting your personal information.

Our procedures mean that we may occasionally request proof of identity before we share your personal information with you.

In the unlikely event that we do suffer a security breach which compromises our protection of your personal information and we need to let you know about it, we will do so.

Third-party websites you access through links on our websites will have their own privacy policies. We do not accept any responsibility or liability for these policies.

Mail Chimp

We use Mailchimp to send emails and alerts to people who subscribe to them. We also use Mailchimp to help us make our online advertising more relevant. Mailchimp enables us to target Facebook adverts to subscribers whose email addresses also show that they use Facebook.

We also use Mailchimp to help us find people with similar interests on Facebook. We cannot identify individual Facebook users by connecting Mailchimp with Facebook and we will only do so if you opt-in when subscribing to emails.


The majority of the Councils Services (websites, services and products) are not generally directed at children. We do not knowingly collect any personal information from children.

Where data is provided by parents or carers for the purposes of service delivery it will be kept in accordance with this policy. Children over the age of 13 are permitted to subscribe certain online accounts and provide data for services they wish to receive.

If you are a child, please do not attempt to become a registered user of our Services or otherwise provide us with any personal information. If we learn that we have inadvertently obtained personal information from a child, we will delete that information as soon as possible.

If you are aware of a child who has provided their personal information to us, please contact us at:

Your information rights

You have a number of legal rights in respect of your personal data which are:

  • the right to be informed about how it is being used and why;
  • the right of access to it to check that we are acting lawfully and, in some cases, the right to rectify it or to have it erased;
  • the right to restrict our processing of it;
  • the right of data portability;
  • and the right to object to automated decision-making.

Data Protection Officer

The Council’s Data Protection Officer can be contacted as follows:

Information Governance Team
Cherwell District Council, 
Bodicote House, Bodicote, Banbury, Oxfordshire, OX15 4AA

Queries or concerns

If you have any queries, comments or concerns about any aspect of this policy or how the Council handles your information please email our Information Governance Team at

Information Commissioner's Office

You can also contact the Information Commissioner's Office (The ICO) to find out more about your rights as a data subject (a person that we hold personal data about) if you think there is a problem:

Privacy notices for Council Service Areas