The data controller for your data
Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Why we’re collecting your data
We are collecting your data for the purpose of monitoring achievement and progress data and responding to the diverse and changing needs of the Black and Minority Ethnic (BME) and English as an Additional Language (EAL) pupil population in the city.
What is the legal basis for collecting your Data
- We have a legal basis for processing this in Performance of a task carried out in the public interest or official authority.
- We shall be collecting special category data on the legal basis of Substantial Public Interest – the Public Sector Equality Duty as set out in the Equality Act 2010.
- We collect contact details of prospective job applicants which we keep for 2 years. We have a legal basis for collecting this data under Explicit Consent and you will be required to provide consent.
The data we may collect
We may collect personal data or special category data. The type of information collected from you is as follows:
- Contact details; including name, address, email address, telephone number, etc.
- Date of birth
- National identifiers such as; UPN numbers
Special category data
We may also collect special category (sensitive data) of personal data that may include:
- Physical or mental health details
- Racial or ethnic origin
Who we’ll share your data with
Your data may be shared with other relevant council departments and schools. It may be shared with children’s services if safeguarding issues arise.
How long we’ll keep data for and why
We will hold children’s data until they reach the age of 25. In cases with child protection issues, we will hold your data for the time set down by statutory requirements.
How your data will be stored
- Your information will be stored electronically and on paper records.
- We will only make your information available to those who have a right to see them.
- Example of the security measures we used are:
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- We use Encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’.
- Pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Transferring data outside the European Economic Area
We will not transfer your data outside the European Economic Area.
Depending on the legal basis for processing your information you may have the following rights:
- A right to a copy of data held about you, an explanation for its processing and who it has been shared with – this right applies to data processed under any lawful basis
- A right to rectification (correction) of data which is demonstrably wrong – this right applies to data processed under any legal basis
- A right to object to processing – this right does not apply where the Council is under a legal duty to process your data, but can be used where you dispute that there is a legal basis to process your data until the Council can demonstrate what basis exists
- A right to erasure – this applies where there is no longer a legal basis to retain your data
- A right to portability of your data (having it moved to another organisation) – this right applies only where the legal basis was either consent or performance of a contract but data will usually be transferred to another local authority if a child in care moves to a new location.
- A right to object to automated decision making – this right is applicable under all lawful bases for processing
How to get advice or make a complaint
Data protection contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at firstname.lastname@example.org
Contact the council's Data Protection Officer
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:
You can contact the ICO:
- on their website
- by telephone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This Privacy Notice will be subject to review when there is a change.
- Date: March 2019
- Date for Review: March 2020