Communications service privacy notice
Read our privacy notice for information on how we collect, store and process your data.
Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Purposes and lawful basis of processing
We are collecting your data for the purpose of keeping people informed about what Brighton & Hove City Council is doing that they can hold the council to account. The legal basis we rely on for processing personal data is the performance of a public task and in order to comply with a legal obligation (Local Government Act 2000). If we take a photograph of you or film you, we will only process your data if you have given your consent.
Who we will share your data with
- Your data may be shared with internal departments. Your information will not be shared with any other third party without your consent.
- The council operates shared services with Surrey County Council and East Sussex County Council. may share your information with one of these partners if necessary to provide these services
How long we will hold your data (retention)
- We continue to hold your data unless you tell us you would like to unsubscribe from the publication or we receive an undelivered notification. All of our publications offer the opportunity to unsubscribe or update your contact details every time they are sent out.
- We will keep your photo and film for 3 years, provided you haven’t exercised your right to withdraw your consent within this time period.
Data we may collect
The type of personal data we may collect from you is as follows:
- Contact details: including name, address, email address, telephone numbers
- Date of birth
- Visual images, filming and or audio recordings
- Information about your family
- Social and personal circumstances
- Employment details, proof or identity (when applying for jobs)
We may also collect special category (sensitive data) personal data that may include:
- health details
- racial or ethnic origin
- sexual orientation
- other protected characteristics
How your data will be stored
Your information will be stored electronically and/or on paper records. We will only make them available to those who have a right to see them.
Example of the security measures we used are:
- We use encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’.
- Pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Will my data be transferred abroad?
Your information rights
Under data protection legislation you have certain rights concerning your information, namely:
- The right to be informed - to be informed regarding why, where and how we use your information
- The right of access – to request access to the information we hold about you.
- The right to rectification– to have your information corrected if it is inaccurate or incomplete.
- The right to erasure or the ‘right to be forgotten’– to ask for your information to be deleted or removed where there is no need for us to continue processing it, except when processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest.
- The right to restriction of processing– to ask us to restrict the use of your information in certain circumstances.
- Right to data portability, to ask us to copy or transfer your information from one data controller to another in a safe and secure way, without impacting the quality of the information.
- The right to object to processing– to object to how your information is used in certain circumstances.
- The data subject right not to be subject to a decision based solely on automated processing
Note: Not all of these rights may be applicable to you.
How to get advice or make a complaint
Data protection contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at firstname.lastname@example.org
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:
You can contact the ICO:
- on their website
- by telephone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This Privacy Notice will be subject to review when there is a change.