Brighton & Hove City Council is committed to protecting your personal information.
As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information about you (known as data), are:
However, Environmental Protection is also subject to other specific laws. These define when and for what purposes it can use your personal data.
Why we collect your data, and our lawful basis for doing so
We are collecting your data for the purpose of investigating environmental health issues around the City of Brighton & Hove. These include but are not limited to, noise, light, smoke and odour nuisances.
Information collected during an investigation will be used to determine what actions are necessary, including any enforcement action.
We also collect data when we receive complaints or queries on environmental protection matters. These include contaminated land and private water supplies.
This information will be used to determine whether an investigation is necessary, and may be used for communication purposes in relation to the matter.
The council has statutory duties to perform in relation to the above. This would require the processing of data under one of the following pieces of legislation:
- Environmental Protection Act 1990
- Prevention of Damage by Pest Act 1949
- Public Health Act 1936 & 61
- Burial Act 1857
- Licensing Act 2003
- Private Water Supplies Regulations 2018
- The Environmental Information Regulations 2004
- Local Government (Miscellaneous Provisions) Act 1982
There are also times when the council has powers to deal with certain complaints or queries. Specifically those from one of the following pieces of legislation:
- Building Act 1984
- Public Health Act 1936 & 61
Environmental Protection also deals with managing and issuing permits and ship sanitation certificates, where it may be necessary to carry out inspections.
When managing and issuing permits and certificates, we are fulfilling duties set out in one of the following pieces of legislation:
- Environmental Permitting (England and Wales) Regulations 2010
- Public Health (Ships) (amendment) (England) Regulations 2007
- International Health Regulations 2005
Data may also be used so the Environmental Protection Team can comment on planning applications sent to them from the Planning Team.
These comments are done so for the purpose of ensuring all factors have been considered. This includes environmental health, when approving planning applications.
The lawful basis for processing this data is for the performance of a task carried out in the public’s interest.
It may be appropriate to collect and process special category data. If so it is done because of a substantial public interest, specifically working with the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 ‘statutory etc. and government purposes’.
The data we may collect
- contact details including name, address, email address, telephone number
- date of birth
- information about your family
- social and personal circumstances
- housing information relating your council tenancy
- visual images and audio, personal appearance and behaviour
- licenses or permits held
- business activities
Special Category Data
- physical or mental health details
- criminal proceedings, outcomes and sentences
Who we’ll share your data with
Your data may be shared internally with Planning, Highways, Housing, other Regulatory Services Teams, Adult Social Care, Children’s Services, City Clean, Financial Services, Health & Safety Officer and Legal Services.
We may also share your data externally with other Local Authorities, Environment Agencies, Planning Inspectorate, Landlords, Letting Agents, Property Owners, Police, East Sussex Fire and Rescue, Environmental Protection Agency, Southern Water and Mediation Services.
Data that is shared is always done:
- on a case-by-case basis
- using the minimum personal data necessary to provide the service
- with the appropriate security controls in place
- in line with legislation
Information is only shared with those agencies and bodies who have a need to know, or where you have consented to share your personal data.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud.
We may also share this information with other bodies that inspect and manage public funds.
Holding your personal information
We will not keep your data for longer than is necessary. This is subject to any legal obligations we have to retain the data.
How long we keep it will vary according to the services you are involved with, and the lawful basis for processing within those services.
However, the principles we will use to determine how long your data will be kept include:
- what type of services you received, and whether you are still receiving them
- whether we are still under a legal obligation, either to you or under UK Law
- any standards and guidance set out by the various regulators for our functions
- whether you have expressed a preference that your data be retained, such although exercising a right to restrict processing
Data collected that relates to an environmental health or protection issue, is kept for six years from when the case is closed.
If we decide that no action is necessary from your complaint or query, we will keep your information for one year from date of contact.
The comments made by the Environmental Protection Team on planning applications, are kept for six years from the date the comments were made.
Data held in relation to a permit is kept permanently as they do not expire.
Ship sanitation certificates are kept for 12 months from date of issue.
How your data will be stored
Your information will be stored on electronic databases, document management systems and on paper records.
Who can access your data
We will only make your information available to those who need to know, in order to perform their Council role.
How do we protect your data
Examples of the security measures we use are:
- training for our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong
- we use encryption when data is being sent. This means information is scrambled so that it cannot be read without access to an unlock key. The hidden information is then said to be encrypted
- where possible, data will be pseudonymised. This means your identity will be removed, so work can be done without your identity being known by the people doing that work
Controlling access to systems and networks, allows us to stop people who are not allowed to view your personal information from getting access to it.
Regular testing of our technology and ways of working, including keeping up to date on the latest security updates (called patches).
Transferring data outside the European Economic Area
Your information is not processed outside the European Economic Area.
Your individual rights
You have the following rights in relation to your personal information:
The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
The right of access – you can request to know what we hold on you, along with an explanation for how it is used, by making a Subject Access Request
The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes. If you do not believe we have a lawful basis for a particular purpose, or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data, and provide you with a response
The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response
Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead
At present, the Council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal. You have the right to seek a review of your school placement offer, by a council officer.
How to get advice or make a complaint
Data protection contact information
If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services.
We also have a Data Protection Officer. Visit our data protection officer page to find their contact details.
Please contact the Data Protection Team first if you have any concerns.
You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.