Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:
General Data Protection Regulation (GDPR)Data Protection Act (DPA) (2018)
However, the Community Safety Casework team is also subject to other specific laws which define when and for what purposes it can use your personal data.
Why we are collecting your data and our lawful basis for doing so
We are collecting your data for the purpose of reducing anti-social behaviour and hate incidents and the harm that they cause. Information collected will be used to create case files in order for the Community Safety Caseworkers to respond appropriately, by providing support to those who have been harmed and addressing the behaviour of the people causing that harm, including the use of enforcement measures where necessary.
Data will also be used and collected at meetings that are held with other partner agencies, as well as those with residents and Councillors. This information may be used to inform the case work the officers are undertaking.
The council also uses personal data to coordinate the city’s multi-agency action plan to tackle violence, vulnerability and exploitation. We work with key partners in the local authority, Sussex Police and Clinical Commissioning Groups amongst others to prevent, safeguard, disrupt, enforce and lead on communications related to this agenda.
The council has a duty under the Crime and Disorder Act 1998 to do all that is reasonable to prevent and reduce crime and disorder in the area, therefore we have a legal obligation to process personal data.
The Community Safety Team is also responsible for the administration of the Modern Slavery referral and monitoring system. This will involve receiving referrals from other Council services on behalf of potential victims of modern slavery and human trafficking and passing them on to internal services to conduct an interview.
We have a legal obligation to process this type of data, specifically working within the Modern Slavery Act 2015.
Our lawful basis for processing special category data is for reasons of substantial public interest, specifically the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 ‘statutory etc. and government purposes’.
The data we may collect
- Contact details; including name, address, email address, telephone number, etc.
- Date of birth
- Proof of identity
- National identifiers such as; NI numbers
- Information about your family
- Social and personal circumstances
- Housing information relating your council tenancy
- Visual images, personal appearance and behaviour
- Licenses or permits held
- Business activities
Special Category Data
- Physical or mental health details
- Racial or ethnic origin
- Gender and sexual orientation
- Political opinions and affiliation
- Offences (including alleged offences)
- Criminal proceedings, outcomes and sentences
Who we’ll share your data with
Your data may be shared internally with Revenues and Benefits, Children’s Services. Adult Social Care, Housing, Environmental Health, City Parks, Sea Front Office, Highways and Legal services.
We may also share your data externally with the Police, Probation Services, Sussex Partnerships, Charities, Third Sector, Brighton Crime Reduction Partners, National Health Service, Other Local Authorities, East Sussex Fire and Rescue and Private Landlords.
Data that is shared is always done:
- On a case-by-case basis
- Using the minimum personal data necessary to provide the service
- With the appropriate security controls in place
- In line with legislation.
Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the sharing of your personal data.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
Holding your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.
However the Principles we will use to determine how long your data will be kept include:
- What type of services you received and whether you are still receiving them
- Whether we still are still under a legal obligation either to you or under UK Law
- Any standards and guidance set out by the various regulators for our functions
- Whether you have expressed a preference that your data be retained, such although exercising a right to restrict processing
We will hold your data for six years from the close of the case. If there is data relating to children within the casefile then we will keep the information until the child is 18, plus six years.
How your data will be stored
Your information will be stored electronic databases, document management systems and on paper records.
Who can access your data
We will only make your information available to those who have a need to know in order to perform their Council role.
How do we protect your data
Examples of the security measures we use are:-
- Training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong
- We use Encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’.
- Where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work.
Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Transferring data outside the European Economic Area
Your information is not processed outside of the European Economic Area.
Your individual rights
You have the following rights in relation to your personal information:
The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”
The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.
Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.
At present, the Council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal and you have the right to seek a review of your school placement offer by a council officer.
How to get advice or make a complaint
Data Protection Officer
If you have a concern about how we collect or use your personal data you can contact the Council’s Data Protection Officer.
How to make a complaint
We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.
Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.
You can also make a complaint or find out more information on the Commissioner's Office website.
If your complaint is not about data protection, find details on how to make a complaint about a council service.