The data controller for your data
Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
Brighton & Hove City Council are committed to protecting your personal information. As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Why we’re collecting your data
We are collecting your data for the purpose of monitoring use of Children’s Centres in the city and to improve the well-being of young children in Brighton & Hove.
What is the lawful basis for collecting your data
- We have a lawful basis for collecting this data as it is considered necessary to enable us to carry out our tasks, functions, duties or powers or to perform a task carried out in the public interest, improving the well-being of young children.
- Where special category data is being processed processing is necessary for reasons of substantial public interest. Under the Data Protection Act 2018 (schedule 1 part 2) this public interest is: Statutory etc and government purposes (paragraph 6), Support for individuals with a particular disability or medical condition (paragraph 16) and Safeguarding of children and of individuals at risk (paragraph 18)
- We may also collect your data for the purpose of the National Evaluation of the Troubled Families programme on the legal basis of public interest. Families with a range of problems often struggle to get the right help and support at the right time. The council is working to ensure that families with multiple issues receive coordinated help and support when it is most needed, and that this help and support is delivered using a whole family approach. This help and support is funded by the national Troubled Families programme and is known locally as “Stronger Families, Stronger Communities”.
- We are collecting your email address to provide you with information that may be useful to you. We have a legal basis for collecting this data under Explicit Consent and you will be required to provide consent
The data we may collect
We may collect personal data or special category data. The type of information collected from you is as follows
- Contact details; including name, address, email address, telephone number, etc.
- Date of birth
- Information about your family
Special category data
We may also collect special category (sensitive data) of personal data that may include:
- Physical or mental health details
- Racial or ethnic origin
Who we’ll share your data with
- Your data will be shared with Sussex Community NHS Foundation Trust, with whom the council has a data sharing agreement.
- Your data will be shared within Brighton & Hove City Council Department for Families, Children and Learning, Early Years and Performance Team. This is in order to monitor the use of the provision and inform decisions for service development.
- Your data may be shared with the council’s Troubled Families programme, who will share it with the Troubled Families Analysis team at the Ministry of Housing, Communities and Local Government (MHCLG). For more information on how your data will be used please see the Troubled Families privacy notice.
- This information is shared to enable all agencies who are supporting children and their families to work together to provide services to best meet the needs of families.
We will not give information to anyone outside of the provision without your consent unless the law permits (such as if there are serious safeguarding concerns).
How long we’ll keep data for and why
We will hold your data for no longer than required for the purposes described. Following that, it will be securely deleted or anonymised if it is still required for ongoing statistical and trend analysis purposes.
How your data will be stored
- Your information will be stored electronically and on paper records.
- We will only make your information available to those who need to know.
- Example of the security measures we used are:-
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- We use Encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’.
- Pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Transferring data outside the European Economic Area
Your data will not be transferred outside the European Economic Area.
Depending on the legal basis for processing your information you may have the following rights:
- A right to a copy of data held about you, an explanation for its processing and who it has been shared with – this right applies to data processed under any lawful basis
- A right to rectification (correction) of data which is demonstrably wrong – this right applies to data processed under any legal basis
- A right to restrict processing – this right applies if it has been shown that there is no legal basis for processing your data, but you wish it to be retained
- A right to object to processing – this right does not apply where the council is under a legal duty to process your data, but can be used where you dispute that there is a legal basis to process your data until the council can demonstrate what basis exists
- A right to erasure – this applies where there is no longer a legal basis to retain you data
- A right to portability of your data (having it moved to another organisation) – this right applies only where the legal basis was either consent or performance of a contract but data will usually be transferred to another local authority if a child in care moves to a new location.
- A right to object to automated decision making – this right is applicable under all lawful bases for processing
How to get advice or make a complaint
Data Protection Officer
If you have a concern about how we collect or use your personal data you can contact the Council’s Data Protection Officer.
How to make a complaint
We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.
Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.
You can also make a complaint or find out more information on the Commissioner's Office website.
If your complaint is not about data protection, find details on how to make a complaint about a council service.