Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and uses personal information (known as “data”) about you are:
General Data Protection Regulation (GDPR)
Data Protection Act (DPA) (2018)
However, the Hackney Carriage Office is also subject to other specific laws which define when and for what purposes it can use your personal data.
Why we are collecting your data and our lawful basis for doing so
In order for the council to issue and manage Hackney Carriage and Private Hire licences we must collect and process personal information, including medical records, in order to determine whether a licence can be issued.
Successful applicant details will be entered on to the Hackney Carriage and Private Hire Public Register which includes driver’s name, licence number, type of licence and vehicle registration mark.
It may be necessary to process data for the purposes of carrying out investigations and undertaking enforcement action, which may result in licences being suspended or revoked.
The Hackney Carriage Office also provides training for drivers, in which case we will need to process data to ensure you are eligible as only licenced drivers can attend.
Under the Local Government (Miscellaneous Provisions) Act 1976 the council has powers to issue and manage taxi licences. We also have a duty under this act to ensure only fit and proper persons hold a licence.
We may use contact details for communication purposes to support licence holders. This may include updates in legislation and on road and traffic news from around the city.
We may also use it to communicate with you in relation to the prevention and detection of crime, for example we may ask for witnesses to events or email you missing person alerts.
Data may be collected and processed in order to respond appropriately to complaints or queries, including lost property. Information provided may be used in investigations and enforcement action, as well as for communication purposes in relation to the complaint or query.
At times we may collect and process data because you have given your consent for us to do so. In most instances you will be asked to give your consent at the point of collection.
If special category data is being processed, this is done under substantial public interest, specifically relating to the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 'statutory etc. and government purposes,' and Paragraph 18 ‘safeguarding of children and of individuals at risk.’
The data we may collect
- contact details; including name, address, email address, telephone number, etc.
- date of birth
- proof of identity
- national identifiers, for example National Insurance number
- location service
- visual images
- licenses or permits held
Special category data
- physical or mental health details
- racial or ethnic origin
- offences (including alleged offences)
- criminal proceedings, outcomes and sentences
Who we’ll share your data with
We may share your information internally with Revenues and Benefits, Housing, Legal Services and Financial Services.
Your information may also be shared externally with the council’s independent medical advisor, Disclosure Barring Service, insurance providers, legal representatives, the courts, American Express Community Stadium and WiSE, for driver training.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud which may mean sharing with other public bodies, such as the Police, Revenues and Customs, UK Visa and Immigration and the Department of Work and Pensions.
Your information may also be shared with the NR3 Register run by the National Anti-Fraud Network to ensure only fit and proper persons are licenced. Those who have been refused a licence or had a licence revoked will be entered onto the register. Should this person try to gain a licence from another authority they can check against the register and request further information from us regarding why the licence was refused or revoked. Likewise, we can also request information from other authorities.
We are also required to provide driver and vehicle information to the Department for Environment, Food and Rural Affairs so they can keep a record for air quality purposes. We also share information with the National Fraud Initiative run by central government.
Holding your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.
However, the principles we will use to determine how long your data will be kept include:
- the type of services you received and whether you are still receiving them
- whether we still are still under a legal obligation either to you or under UK Law
- any standards and guidance set out by the various regulators for our functions
- whether you have expressed a preference that your data be retained, such as exercising your right to restricted processing
We will keep licence holder information for the duration they hold a licence plus 6 years. Should the licence be refused or revoked then information can be kept for up to 25 years. Information gathered during an investigation and relating to that investigation will be kept for 6 years from the date of the decision unless a licence is revoked. If a licence is revoked due to an investigation, we will keep it for up to 25 years from the date of that decision.
Information relating to a complaint or service request will be kept for 6 years from when the matter has been closed. Should there be no further action, or action does not lead to a licence revocation, then we will keep information for 6 years from that decision.
How your data will be stored
Your information will be stored in electronic databases, document management systems and/or on paper records.
Who can access your data
We will only make your information available to those who have a need to know in order to perform their council role.
How we protect your data
Examples of our security measures:
- training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong
- we use encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’
- where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work
- control access to systems and networks to stop people who are not allowed to view your personal information from getting access to it
- regularly test our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Transferring data outside the European Economic Area
Your information is not processed outside of the European Economic Area.
Your individual rights
In relation to your personal information you have the right:
- to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
- of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”
- to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
- to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent
- to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response
- to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data while we investigate and provide a response
How to get advice or make a complaint
Data Protection Officer
If you have a concern about how we collect or use your personal data you can contact the Council’s Data Protection Officer.
How to make a complaint
We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.
Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.
You can also make a complaint or find out more information on the Commissioner's Office website.
If your complaint is not about data protection, find details on how to make a complaint about a council service.