Privacy and cookies
Brighton and Hove City Council are committed to protecting your personal information and we take our responsibilities under the Data Protection Act 2018 and EU General Data Protection Regulation (GDPR) very seriously.
As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
We collect, hold and process a considerable amount of information, including personal information which we need to help us deliver services to the City.
We will make sure that any personal information collected and used is done so in line with data protection principles.
Your personal information will be:
- Processed fairly and lawfully
- Only used for specific purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for an appropriate amount of time
- Protected using appropriate security safeguards.
For full details of our policies and guidelines, and to make a request for information, please check our Data Protection page.
Who are we?
The council is the data controller for purposes of the Data Protection Act (2018) and EU General Data Protection Regulation (GDPR) and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
The council has an overarching Data Protection Policy which provides the high level principles we operate to. This privacy notice describes how we ensure those principles are reflected into practice and explains what we will, and will not, do with personal information.
We do not sell personal details to any external organisations. External contractors may process information on behalf of the council. We require all these contractors to make sure they keep the personal information safe and prohibiting them from doing anything other than following our instructions.
What is personal data?
Personal data includes basic details such as name, address, telephone number, date of birth, and notes and comments made about a person. The information may be held in paper files, electronically or both. This may include, but is not limited to: computer entries, written correspondence, emails, letters, files, photographs and video recordings.
Sensitive personal data (also known as Special Category Data) includes information on: race or ethnicity, political opinions, religious beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
When processing your personal information we will always have a legal basis for doing so. The Council delivers an incredible amount of services to the community for a number of different reasons. We will only collect your personal data if:
- We have obtained your explicit consent
- We have a statutory obligation to do something
- We have a contract in place
- We are carrying out a public task or doing something in the public interest
- It is in your vital interests (life or death)
Requesting your data
If you wish to request your own personal data via a Subject Access Request (SAR) please visit our data protection page. Further information on the Data Protection may be found on the Information Commissioner's Office (ICO) website. the Information Commissioner's Office (ICO) website.
Fraud prevention and crime
The council must safeguard public funds and we reserve the right to check the information you have provided for accuracy and to detect fraud. We may match data we hold to identify unusual matches or discrepancies; this may include matching council data with external data sources such as information held by credit reference agencies. As a result, we will use the information you provide to make sure all amounts we are owed are paid on time and ensuring any benefits you receive are appropriate. We may share your information with Debt Management agencies and the Courts to help collect any outstanding debts. We may also share your information for the same purposes with other public organisations, including neighbouring councils that handle public funds and with police forces. We may also provide forwarding address of council tenants to utility companies that are collecting outstanding debts.
We take part in the National Fraud Initiative’s anti-fraud data matching exercise.
We do our own data matching, using names, dates of birth and address. We will compare computer records held by one department, against others held by the same or other departments, to check they match. This is to make sure our information is correct and to create a customer index which can be used to help identify customers via a single customer record. Data matching is carried out on information held by the following services: Council Tax, Housing Benefits, Parking Permits including Blue Badge and Housing. We will always inform you of when and where data matching takes place when we process your data.
Sometimes we are also asked to assist in the prevention and detection of crime and therefore generally supply specific information requested by the Police or other crime detection agencies, if we are satisfied that the disclosure would be lawful and appropriate.
Other uses of data
Healthcare and Wellbeing
All Local Authorities have a duty to improve the health of the population they serve. To help with this, we use data and information from a range of source data, including hospitals and data collected at the registration of a birth or death to understand more about the health and care needs in the area.
You have the right to opt out of Brighton & Hove City Council Public Health receiving or holding your personally identifiable information. There are occasions where service providers will have a legal duty to share personal data, for example for safeguarding or criminal issues.
For some regulated services your application may be published and potentially discussed in open committee. This will always be made clear on any relevant application forms and supporting documentation.
CCTV (Closed Circuit Television)
Closed Circuit Television (CCTV) is operated in and around council properties (including customer service centres, offices, libraries, and council housing communal areas). The purpose of the CCTV is for staff safety and crime prevention and detection. The footage is normally held for 30 days and may be shared with the police for crime prevention and detection purposes.
Most CCTV cameras located around the cities highways and public spaces are operated and controlled by Sussex Police.
The Electoral Register for Brighton & Hove is a separate legal entity from the council and is separately notified with the Information Commissioner as a data controller as Electoral Registration Officer, Brighton & Hove City Council, registration number ZA324581.
Other Public Bodies
We have to share information with certain other public bodies such as the Department for Work and Pensions (DWP), HM Revenues and Customs (HMRC), courts, tribunals, other formal bodies dealing with legal processes or external regulatory bodies.
You can decide what cookies are allowed and delete cookies at any time by adjusting settings on your web browser.
Find out more about cookies on our website.
Your Rights and Contact Information
As a data controller we have a duty to inform you of not only why your personal information is being processed but what rights you have with regard to your personal information too.
You have the right to:
- Be informed of how your personal information is being used
- Have access to information held about you, this is commonly known as a Subject Access Request (SAR)
- Have your personal information deleted if it was obtained under the basis of consent and if no other legal basis exists to retain it
- Have inaccuracies within your personal information corrected
- Restrict processing of your personal information until inaccuracies are corrected, processing is unlawful or if you dispute the legal basis for processing
- Object to processing of your personal information for direct marketing and in some cases where it is used for archives or statistical purposes
- Have your personal data transferred to another organisation if obtained under the legal basis of consent
- Be informed of where automated decision making (ADM) takes place and be given an option to opt out of ADM.
If you wish to exercise your information rights, please contact:
- our Data Protection team on firstname.lastname@example.org or give us a call on 01273 295959.
- our Data Protection Officer (shared role with East Sussex and Surrey County Councils)