Brighton & Hove City Council is committed to protecting your personal information.
As a data controller we have a responsibility to make sure you know why and how your personal information is being collected, in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and uses personal information, known as ‘data’, are:
However, Licensing is also subject to specific other laws which define when and for what purposes it can use your personal data.
Why we are collecting your data, and our lawful basis for doing so
In order for the council to carry out its licensing functions throughout the City of Brighton & Hove, we must collect and process personal and special category data.
We have a duty to manage and issue licences under one of the following pieces of legislation, depending on which licence has been applied for or issued:
- Licensing Act 2003
- Gambling Act 2005
- Scrap Metal Dealers Act 2013
- Local Government (Miscellaneous Provisions) Acts 1972 & 82
- House to House Collections Act 1939
- Police, Factories etc. (Miscellaneous Provisions) Act 1916
- Charities Act 1992
- Charitable Institutions (Fund-raising Regulations) 1994
We will also process information from members of the public and businesses who are putting in comments regarding a licence application, known as representations, as part of any application.
Your information may also be used to support investigations and any enforcement action that is deemed necessary.
Contact information may be used for communication purposes in relation to applications, investigations and enforcement action.
We may also use it to update you on legislative changes, and provide you with relevant advice.
Data will be used to check accuracy against records we have within the council, as well as other councils, public authorities and government departments. This includes for the prevention and detection of crime, including fraud.
Data may be collected and processed in order to respond appropriately to complaints, or queries from the public and businesses.
Sometimes it is also essential we collect special category data, and in these instances the lawful basis would fall under substantial public interest. Specifically the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 ‘Statutory etc. and government purposes’.
The data we may collect
- contact details; including name, address, email address, telephone number, etc.
- date of birth
- proof of identity
- national identifiers such as; NI numbers
- financial details for purposes of receiving or making payments
- visual images, personal appearance and behaviour
- licenses or permits held
- business activities
Special Category Data
- physical or mental health details
- racial or ethnic origin
- gender and sexual orientation
- offences (including alleged offences)
- criminal proceedings, outcomes and sentences
Who we’ll share your data with
Your data may be shared internally with other Regulatory Service teams, Democratic Services, Legal Services, Planning, Child Services, Public Health and Events Team and Councillors.
We may also share your data externally with Police, Other local authorities, East Sussex Fire and Rescue Service, Home Office, Health and Safety Executive, Applicants and their agents, Gambling Commission, Environmental Agency, HMRC and Immigration Enforcement.
Data that is shared is always done:
- on a case-by-case basis
- using the minimum personal data necessary to provide the service
- with the appropriate security controls in place
- in line with legislation
Information is only shared with those agencies and bodies who have a need to know, or where you have consented to share your personal data.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
Holding your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data.
How long we keep it will vary according to the services you are involved with, and the lawful basis for processing within those services.
The principles we use to determine how long your data will be kept include:
- what type of services you received, and whether you are still receiving them
- whether we are still under a legal obligation, either to you or under UK Law
- any standards and guidance, set out by the various regulators for our functions
- whether you have expressed a preference that your data be retained, such as exercising your right to restricted processing
Information relating to some licences will be kept indefinitely as they have no expiry date. However, if a licence is revoked we will keep data for six years from the date of revocation.
All other licenses, permits, certificates, consents and registrations will be kept for six years from the expiry date.
How your data will be stored
Your information will be stored on electronic databases, document management systems and on paper records.
Who can access your data
We will only make your information available to those who need to know, in order to perform their Council role.
How do we protect your data
Examples of the security measures we use are:
- training for our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong
- we use encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be encrypted
- where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work
Controlling access to systems and networks, allows us to stop people who are not allowed to view your personal information from getting access to it.
Regular testing of our technology and ways of working, including keeping up to date on the latest security updates (called patches).
Transferring data outside the European Economic Area
Your information is not processed outside of the European Economic Area.
Your individual rights
You have the following rights in relation to your personal information:
The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
The right of access – you can request to know what we hold on you, along with an explanation for how it is used by making a Subject Access Request
The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes. If you do not believe we have a lawful basis for a particular purpose, or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response
At present, the Council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal and you have the right to seek a review of your school placement offer, by a council officer.
How to get advice or make a complaint
Data Protection Contacts
If you wish to discuss any of your data protection rights, you can phone the Data Protection Team on 01273 29 5959 or send an email to firstname.lastname@example.org.
The council also has a Data Protection Officer, who can be contacted via the Council website data protection officer page.
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office.
The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority.
The ICO can be contacted through their website.
You can phone them: 0303 123 1113
You can also write to them: Wycliffe House, Water Lane, Wilmslow SK9 5AF.
You can also report a concern on the ICO website.
This Privacy Notice will be subject to review when there is a change.