Mortality records privacy notice

Who the data controller is for the information we collect

This Privacy Notice is provided to meet the requirements of the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) to explain how we process your personal data in our use of mortality records.

Leeds City Council is the data controller for the purposes of the Data Protection Act 2018 and other regulations including the UK General Data Protection Regulation, which means it determines what your data is used for and why it is collected. Our contact details are Leeds City Council, Merrion House, 110 Merrion Way, Leeds, LS2 8BB.

The data we will collect and how we collect it

Personal information about deaths in the city of Leeds is supplied to local authorities by NHS Digital and contains data provided at the time of registration of death along with additional GP details, geographic information, and coroner details where applicable.

Leeds City Council has a Data Access Agreement with NHS Digital, and data are supplied in accordance with section 42(4) of the Statistics and Registration Service Act 2007 as amended by section 287 of the Health and Social Care Act 2012 and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

Information held includes:

  • date of birth
  • date of death
  • place of death,
  • address of deceased
  • causes of death
  • age
  • sex
  • GP and practice
  • occupation
  • place of birth

Other person identifiable data is collected as follows:

  • postcode of usual residence of the deceased
  • NHS number
  • maiden name
  • name of certifier
  • name of coroner

More information on this dataset can be found here

Why we process your data

The information we collect is used for the purposes of statistical analysis, the monitoring of population health and demographic change in the county, and to inform the planning and commissioning (buying) of health services to ensure that health, social care, and public health services address local health needs and are focused on reducing health inequalities (differences in levels of ill health and premature deaths between groups and areas).

The information is used specifically to identify patterns and trends in death rates, life expectancy, and premature death, highlighting differences between geographic areas, age, sex, and other characteristics. It is also used to identify differences between areas and inform the planning and targeting of health care and public health services. This information is used in the Annual Public Health Report, Joint Strategic Needs Assessment (which in turn informs the Joint Health and Wellbeing Strategy and local commissioning plans), and health needs assessments.

Other uses include the monthly monitoring of trends in death rates, the investigation of variations in mortality rates between GP practices, suicide audit and suicide prevention work, public place of death analyses and accident prevention work, monitoring of deaths from specific causes, the monitoring of seasonal patterns of death and excess winter deaths, the monitoring of child deaths, health and wellbeing and public health outcomes reports, community profiles, and population projections.

We also use information from this dataset for work on suicide and accident prevention to identify local suicide hotspots and risk factors locally.

Pseudonymisation (the process through which identifiable fields within a data record are replaced by artificial identifiers or pseudonyms) is used throughout, which means that individuals are no longer identifiable.

No personal-identifiable information is published, and numbers and rates in published reports based on counts fewer than five are removed to further protect confidentiality and anonymity.

All the data collected is treated in strict confidence and in accordance with the requirements of the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR). The data provided by you will only be used for the purpose(s) specified.

Lawful basis for processing

We will process your data in accordance with UK GDPR Article 6(1). The processing shall be lawful only if and to the extent that the following applies:

  • Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Data retention, storage and destruction

Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention. This means that data in respect of deaths registered from 2006 onwards will be kept in accordance with the data access agreement between NHS Digital, the Office for National Statistics and Leeds City Council unless the law says that we need to hold it for longer or if there is a business requirement to do so. After this, your information will be deleted or archived.

Who we can share your data with

This dataset will not be disclosed to anyone other than those stated above without permission, unless we have a legal reason to do so, for example, disclosure is necessary to protect a person from suffering significant harm or is necessary for crime prevention or detection purposes.

In the case of suicides and deaths with an open verdict, an audit process will be undertaken to gather further details from other public organisations. Under these arrangements we will contact acute hospitals, mental health services, GP practices, local coroner’s offices, and local emergency services to gather further information about the circumstances of death and contact with services to inform suicide prevention work locally.

Whilst the dataset will not be shared with these organisations, we plan to share the NHS number of people with a cause of death of suicide or open verdict with relevant hospital trusts, mental health services, GP practices, local coroner’s offices, and local emergency services so they can gather and return relevant information from their systems to gather the information required for the audit. The audit process will be supported by data sharing agreements and defined processes around information governance and security.

In addition, we will share personal data of any living individuals whose data we hold:

  • where such disclosure is necessary for compliance with a legal obligation to which we are subject
  • in order to protect your vital interests or the vital interests of another natural person
  • for the purposes of security and prevention of fraud and other criminal activity
  • where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Automated decision making

Your data will not be used for any automated decision making, including profiling.

Your rights

The following rights under data protection law are available under the UK GDPR:

  • the right to access – you can ask for copies of your personal data
  • the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data the
  • the right to erasure - where you can ask us to erase your personal data
  • the right to restrict processing – you can ask us to restrict the processing of your personal data
  • the right to data portability (where you can ask that we transfer your personal data to another organisation or to you
  • the right to object to processing (where you can object to the processing of your personal data) and
  • the right to complain to a supervisory authority – you can complain about our processing of your personal data the right to
  • withdraw consent (to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent).

Where we process your data under the public task basis, certain rights do not apply, such as erasure, data portability, and the right to withdraw consent.

These rights are subject to certain limitations and exceptions. You can learn more about your rights through the ‘Your individual rights and how to exercise them’ and the Information Commissioner’s Office website.

You may exercise any of the above rights in relation to your personal data by writing to us, using the contact details provided below.

When your data gets sent to other countries

The information you provide will not be transferred to another country outside of the UK.

Contact us

If you have any questions about our use of these data, wish to request a copy of the information we hold about you, or if you wish to discuss your rights in relation to opting out from these processes, please contact the Public Health team by email at:

PHI.Requests@leeds.gov.uk

 or by post to:

The Public Health Intelligence Team
Adults and Health Directorate
NHS Leeds CCG
Suites 2-4, Wira House
West Park Ring Road
Leeds, LS16 6EB

Data Protection Officer

Aaron Linden
Head of Information Management and Governance - Data Protection Officer
Leeds City Council
Merrion House
110 Merrion Way
Leeds
LS2 8BB

DPO@leeds.gov.uk

The Council privacy notice is available to view here

Complaints

If you are unhappy with the way in which your information has been handled, you should speak with the specific service in the first instance.

Any data protection complaints about how the council has processed your personal data will be handled in accordance with the council’s Complaints Policy. You can find out how to submit a complaint by visiting this link.

If we cannot resolve your complaint, you can refer to the Information Commissioner if you consider that there has been an infringement of data protection legislation. Further details can be found on the Information Commissioner’s website.

Changes to this notice

We keep our privacy notice under regular review. We will notify you of significant changes to this notice by email or other means as appropriate. This privacy notice was last updated March 2025.