Emergency planning and resilience service privacy notice

Read our privacy notice for information on how we collect, store and process your data.

Brighton & Hove City Council is committed to protecting your personal information.

As a data controller we have a responsibility to make sure you know why and how your personal information is being collected, in accordance with relevant data protection law

The primary laws which govern how Brighton & Hove City Council collects and use personal information known as data, are:

However, Emergency Planning and Resilience is also subject to other specific laws which define when and for what purposes it can use your personal data. 

Why we are collecting your data and our lawful basis for doing so

The Emergency Planning and Resilience Team delivers the Local Authority’s statutory responsibilities and duties as a Category 1 Emergency Responder, as set out by the Civil Contingencies Act (CCA) 2004.

Your information may be used as we prevent, plan and prepare for, respond to, and recover from emergencies.

Data collected will be part of our statutory response to an incident or emergency, and may be used as evidence as part of any future scrutiny and/or legal proceedings.

We are under a legal obligation to process data, specifically working within the Civil Contingencies Act 2004.

Our lawful basis for processing special category data is substantial public interest, specifically the Data Protection Act (2018) Schedule 1, Part 2, Paragraph 6 'statutory etc. and government purposes'.

The data we may collect

Personal Data

  • contact details; including name, address, email address, telephone number, etc
  • date of birth
  • proof of identity
  • national identifiers such as NI numbers
  • information about your family
  • social and personal circumstances
  • employment details
  • housing information relating your council tenancy
  • licenses or permits held
  • business activities

Special Category Data

  • physical or mental health details
  • racial or ethnic origin
  • gender and sexual orientation
  • religion

Who we’ll share your data with

Your data may be shared internally, potentially with any team in the council, depending on the emergency.

Your information may also be shared externally with Police, Fire Services, Ambulance Service, National Health Service, Clinical Commission Group, Public Health England, Environment Agency, other local authorities, Utility Companies, Highways England, Ministry of Housing, Central Government Departments, Coroner’s Office.

Data that is shared is always done:

  • on a case-by-case basis
  • using the minimum personal data necessary to provide the service
  • with the appropriate security controls in place
  • in line with legislation

Information is only shared with those agencies and bodies who have a need to know, or where you have consented to share of your personal data.

We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Holding your personal information

We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with, and the lawful basis for processing within those services.

The principles we use to determine how long your data will be kept include:

  • what type of services you received, and whether you are still receiving them
  • whether we still are still under a legal obligation either to you or under UK Law
  • any standards and guidance set out by the various regulators for our functions
  • whether you have expressed a preference that your data be retained, such as exercising your right to restricted processing

Information held will be reviewed six years from the date an incident was resolved, unless it was a major incident, in which case it will be reviewed 21 years from the date an incident was resolved.

How your data will be stored

Your information will be stored on electronic databases, document management systems and on paper records.

Who can access your data

We will only make your information available to those who need to know, in order to perform their Council role.

How do we protect your data

Examples of the security measures we use are:

  • training for our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong
  • we use encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be encrypted
  • where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work

Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.

Regular testing of our technology and ways of working including keeping up to date on the latest security updates (called patches).

Transferring data outside the European Economic Area

Your information is not processed outside of the European Economic Area.

Your individual rights

You have the following rights in relation to your personal information:

The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices

The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a Subject Access Request

The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete

The right to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it, or the information was collected on the basis of consent only, and you have withdrawn your consent

The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes. If you do not believe we have a lawful basis for a particular purpose, or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response

The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the Council, where it was obtained on the basis of consent or performance of a contract

The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response

Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead

At present, the Council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal and you have the right to seek a review of your school placement offer by a council officer.

How to get advice or make a complaint

Data protection contact information 

If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services. 

We also have a Data Protection Officer. Visit our data protection officer page to find their contact details. 

Please contact the Data Protection Team first if you have any concerns. 

You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.