Privacy and data
How we use your data, our policies and how you can request your personal information.
Brighton & Hove City Council is committed to protecting your personal information. As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law
The primary laws that govern how Brighton & Hove City Council collects and uses personal information (known as “Data”) about you are:
General Data Protection Regulation (GDPR)
Data Protection Act (DPA) (2018)
Our service privacy notices includes details on how council teams collect, store and process your data for the unique services they deliver.
Overview and purposes
So we can provide services to you as a local authority, we need you to give us your personal information. To deliver our services, to meet our legal obligations and protect public funds we need to collect, store, use, share and dispose of personal information. This is known as data processing.
We use your information to verify your identity where required, contact you by post, email or telephone and to maintain our records.
We also receive and share information with third parties. This is usually with other public authorities or government departments, like the police and court service, the NHS, HM Revenues and Customs, and the Department for Work and Pensions.
It can, however, also be with other local authorities, contractors who provide services for us and from members of the public. Details of when information is shared and who it is shared with can be found in service specific privacy notices.
We collect different categories of personal information, depending on the service we provide to you. In most cases, we will need your name and contact details.
Surveillance cameras and CCTV
Closed Circuit Television (CCTV) is operated in and around council properties (including customer service centres, offices, libraries, and council housing communal areas). The purpose of the CCTV is for staff safety and crime prevention and detection. The footage from these cameras is normally held for 30 days.
Some council staff and contracted agents wear body cameras for the purposes of both evidence gathering and protection of their health and safety.
The council also has access to street cameras in common with Sussex Police. The infrastructure for these is owned by the police, who operate the cameras for law enforcement purposes.
The council’s purposes for these cameras include traffic management and traffic enforcement. All requests for access to the footage from these should be directed to Sussex Police.
In addition, the council separately operates fixed automatic number plate recognition (ANPR) cameras for the purpose of monitoring and enforcement of bus lanes.
The council operates a number of car parks throughout the city and monitors these through fixed CCTV cameras for the purpose of prevention and detection of crime.
Footage from all cameras is retained in alignment with standards set by the Surveillance Camera Commissioner and in accordance with the fifth Data Protection Principle.
The Electoral Register for Brighton & Hove is a separate legal entity from the council and is separately notified with the Information Commissioner as a data controller as Electoral Registration Officer, Brighton & Hove City Council.
Data matching and prevention of fraud
The council is legally required to protect the public money it is responsible for. We may share information provided to us with other organisations that are responsible for auditing or managing public money, in order to prevent and detect fraud. We do this through a process known as 'data matching'.
Data matching is where computer records held by one body are compared against other computer records, held by a different part of the same body, or those held by another organisation to see how far they match. Where a match is found it may indicate that there is an inconsistency that requires further investigation.
Data matching also helps us to make sure that our records are up to date and correct.
We take part in the National Fraud Initiative’s anti-fraud data matching exercise.
We may share your information with debt management agencies and the courts to help collect any outstanding debts. We may also share your information for the same purposes with other public organisations, including neighbouring councils that handle public funds and with police forces.
We may also provide forwarding address of council tenants to utility companies that are collecting outstanding debts.
What personal data is
Personal data is specific information about a person that can be used to identify that person either on its own or when it is put together with another piece of information.
Personal data about you is information like your:
- phone number
- date of birth
- National Insurance number
- NHS number
- email address
- IP address
- location based data
- financial/bank details
Some types of personal information are more sensitive than others. This information is known as 'special category data' and includes information like:
- ethnic origin
- religious or political beliefs
- trade union membership
- physical and mental health data
- biometric and genetic data, like photographs, fingerprints, facial recognition, DNA
- sexual orientation
Stricter controls are in place to control when and how we can collect, use and store special category data.
Details of why and how we collect, use and store your personal and special category data can be found in the specific privacy notices for each service.
How we use your personal information
We use your personal information for the purpose it was collected and hold it centrally to ensure we maintain accurate records across the organisation. We also process all personal data for the prevention of fraud.
We will not keep your personal information for any longer than it is needed, and will dispose of it in a secure way. The length of time we need to keep information will depend on the purpose for which it is collected. Our service-specific privacy notices give further information on how long we keep your information.
How we protect your data and keep it secure
An example of the security measures we use are security scanning tools to help us identify areas of improvement to keep our systems and your data secure.
Who we share your personal information with
In order to provide services and to meet our legal obligations as a local authority, we will sometimes need to share your personal information and with external organisations.
We will only share your personal information where it is necessary, either to comply with the law or where permitted under data protection legislation.
Examples of organisations, we may share your personal information with:
- UK government departments, and related agencies
- other local authorities
- Ombudsmen, like the Information Commissioner’s Office, The Care Inspectorate
- care providers and voluntary organisations
For more information about who we share your personal data with and why, please see the section ‘Service Related Privacy Notices’.
The council only shares your information with partners or contractors who agree, through Information Sharing Agreements, to protect your information.
Sharing information outside of the UK
Almost all personal data the council uses is stored and processed in the UK. Some information may also be stored within the EU.
If we need to transfer your personal information outside of these areas for a particular activity, this will be explained in the relevant service-specific privacy notice together with a description of the protective measures we have put in place to keep it safe.
You have the following rights in relation to your personal information:
The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices.
The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”.
The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete.
The right to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent.
The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.
The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the Council, where it was obtained on the basis of consent or performance of a contract.
The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response.
Automated decision making and profiling – we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.
At present, the Council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal and you have the right to seek a review of your school placement offer by a council officer.
Data Protection Officer
If you have any question about the collection or use of your personal data you can contact our Data Protection Team on 01273 29 59 59 or email firstname.lastname@example.org.
The council also has a Data Protection Officer. Find out how to contact the Data Protection Officer.
We aim to directly resolve all complaints about how we handle personal information. However, you also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office.
Contact them by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.
You can also make a complaint or find out more information on the Commissioner's Office website.
If your complaint is not about a data protection matter you can find details on how to make a complaint on our website.