In order to process Fixed Penalty Notices, Brighton & Hove City Council collects, stores and processes your personal information.
This privacy notice explains what information we collect from you, and what we do with it.
The data controller for your data
Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
Brighton & Hove City Council are committed to protecting your personal information. As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Why we’re collecting your data
We are collecting your data for the purpose of processing a Fixed Penalty Notice (FPN), a Community Protection Warning (CPW) or a Community Protection Notice (CPN).
What is the legal basis for collecting your data
The council has a lawful basis for processing data for the purpose of a FPN, CPW or CPN under:
- General Data Protection Regulation 2016, Article 9(2)(g) [Substantial Public Interest]
- Data Protection Act 2018, Schedule 1, Part 2, Paragraph 10 [Preventing and detecting unlawful acts] and Paragraph 12 [Regulatory requirements with regard to dishonest or unlawful acts]
The council has statutory powers pertaining to enforcement under the:
- Environmental Protection Act 1990 sections: 33ZA, 33ZB, 34A, 47ZA, 88, schedule 3A paragraph 7
- Anti-Social Behaviour Act 2003, section 43
- Anti-Social Behaviour, Crime and Policing Act 2014, section 68
The data we may collect
We may collect:
- contact details including name, address, email address and phone number
- date of birth
- visual images, personal appearance and behaviour
- licences or permits held
- business activities
Who we’ll share your data with
Your data may be shared with:
- officers in City Environment Management for the purposes of processing your FPN, CPW or CPN
- any persons with a need to access your data relating to responding to a complaint or enquiry
- the council’s legal team where necessary for the purposes of providing legal guidance and for prosecution
- Sussex Police, where necessary to investigate and/or prosecute an offence
Where a FPN or CPN proceeds to court action, data will also be shared with the courts, the defendant and their legal representatives.
How long we’ll keep data for and why
If your FPN is paid within the deadline, photos or footage will be deleted within 90 days. We will hold your details and the financial record that your FPN has been paid for 2 years.
If your CPW is discharged within the deadline, photos or footage will be deleted within 90 days.
If your FPN is not paid and proceeds to prosecution your data will be retained until all court proceedings have been discharged and any appeal processes exhausted.
If you do not adhere to the CPN and proceeds to prosecution, your data will be retained until all court proceedings have been discharged and any appeal processes exhausted.
How your data will be stored
Your information will be stored electronically and on paper records.
We will only make your information available to those who have a need to know. Example of the security measures we used are:
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- encryption, meaning that information is hidden so that it cannot be read without special knowledge, like a password - this is done with a secret code - the hidden information is said to then be ‘encrypted’
- pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view - this means that someone outside of the council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Transferring data outside the European Economic Area
Your information will not be transferred outside of the European Economic Area.
Depending on the legal basis for processing your information you may have the right to:
- a copy of data held about you, an explanation for its processing and who it has been shared with
- rectification (correction) of data which can be shown to be incorrect
- restrict processing if you can show that it is not fair or lawful for the data to be used for a particular purpose
- object to processing if you dispute that there is a lawful basis to process your data, following which the Council would need to demonstrate its lawful basis
How to get advice or make a complaint
Data protection contact information
If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services.
We also have a Data Protection Officer. Visit our data protection officer page to find their contact details.
Please contact the Data Protection Team first if you have any concerns.
You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.