Skip to main content
  1. Home
  2. Privacy and data
  3. Service privacy notices
  4. Unreasonable Customer Behaviour - Privacy Notice

Unreasonable Customer Behaviour - Privacy Notice

Unreasonable Customer Behaviour - Privacy Notice

Who are we and what we do

For the purposes of Data Protection, Forest of Dean District Council is a data controller under the Data Protection Legislation as we collect and process personal information about you. Your privacy is important to us and we are committed to handling your personal information securely. Under UK Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR) and the Data (Use and Access) Act 2025 (DUAA), we are required to protect any personal information we hold about you.

This notice explains what types of information will be collected about you, how we intend to use it, who else your information may be shared with and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)

Forest of Dean District Council

Council Offices, Coleford GL16 8HG

Email: [email protected]

Tel: 01993 861194

Why do we need your information and how we use it

The Council owes a duty of care to its employees under the Health and Safety at Work Act 1974 and has a legal duty under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) to record and report incidents of work-related violence.

If you have been in contact with the Council, its employees, contractors or Councillors, and your behaviour has been deemed as ‘unreasonable’ in line with our Unreasonable Customer Behaviour Policy, we must ensure legal compliance and transparency, informing you that your data will be collected, processed, and shared in response to your conduct, while ensuring you receive the best possible service from us, and managing contact you have with us, if necessary.

What is the legal process for collecting and processing this data

Under the Data Protection Legislation ‘UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018’, the lawful bases we rely on for processing this information are:

  • UK GDPR Article 6(1)(c) - where processing is necessary for compliance with a legal obligation to which we are subject i.e. Health & Safety at Work etc. Act 1974 – to comply with our duty of care to protect our employees from harm;
  • UK GDPR Article 6 (1) (e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • UK GDPR Article 6(1)(f) - where processing is necessary for the purposes of our legitimate interests (we can use ‘legitimate interests’ if we can demonstrate that the processing is for purposes other than for performing our tasks as a public authority)

Special Category (personal data)

  • Special Category Personal Data as defined by Article 9(1) e.g. health, pursuant to UK GDPR Article 10 and Data Protection Act 2018, section 10(5), Schedule 1, Part 2, paras. 6(1) and 2(a) – processing is necessary for reasons of substantial public interest.

What type of information is collected from you

The categories of personal information on the Unreasonable Behaviour Register include (the list is not exhaustive):

  • Contact details and correspondence history.
  • Records of interactions and behavioural incidents.
  • Internal assessments or decisions regarding restrictions.
  • Special category data (e.g. health information) where relevant and necessary.

Where special category data is processed, this will be done under Articles 9(1) and 9(2)(g) - substantial public interest, with appropriate safeguards in place.

Our individual service areas within the Council and our partners or suppliers who have contact from individuals whose behaviour is being managed in accordance with the Unreasonable Customer Behaviour Policy.

Who your information may be shared with (internally and externally)

The Council employees who look after the register and employees who are working with you or have a need to contact/visit you will have access to the data on the Unreasonable Behaviour Register. Access is limited to those with a need-to-know basis.

In order to prevent unauthorised access or disclosure of the details on the Unreasonable Behaviour Register, we have put in place suitable controls to limit the number of people who can see the register.

Records will not be visible for general viewing.

Your information may be shared with other agencies, organisations and contractors that may come into direct contact with you. We do this to enable them to assess the risks to their employees as part of their work.

Under Data Protection legislation, we also have a legal duty to pass information to third party organisations such as the Police if there has been a crime committed. When we feel that others are at risk, we will share information without your consent. When sharing information, we do so in line with UK Data Protection laws and agreed information sharing protocols.

How long do we keep your information (retention period)

Retention periods will be in line with the Unreasonable Customer Behaviour Policy.

Information held on the register will be subject to periodic review every 6 months.

All the information we collect is stored securely on our IT systems. We have strict procedures for the way this is done. All information we hold about you is confidential.

Once your data is no longer needed it will be securely and confidentially destroyed.

How do we protect your Information

We comply with all laws concerning the protection of personal information and have security measures in place to reduce the risk of theft, loss, destruction, misuse or inappropriate disclosure of personal information.

We will not transfer your personal data outside the EU without your consent. Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.   We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

  • To access your personal data
  • To be provided with information about how your personal data is processed
  • To have your personal data corrected
  • To have your personal data erased in certain circumstances.
  • To object to or restrict how your personal data is processed.
  • To have your personal data transferred to yourself or to another business in certain circumstances
  • To be told if The Council have made a mistake whilst processing your data and The Council will self-report breaches to the Information Commission. 

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us. If you change your address or email address, or if any of your circumstances change or any of the other information The Council holds is inaccurate or out of date, please email us or write to us at:

Customer Services

Email: [email protected]

Tel: 01285 623000

Further information

If you would like to know more about how we use information, please contact: [email protected]

For more information about data protection please visit:

www.fdean.gov.uk/about-the-council/council-data-and-information/data-protection/

If you are concerned about the way we are handling your personal information, you can contact the Information Commission (ICO): https://ico.org.uk/make-a-complaint/

We reserve the right to update this privacy notice from time to time by publishing a new version on our website.

© Forest of Dean District Council 2026