Communities, equalities and third sector service privacy notice

Brighton & Hove City Council is committed to protecting your personal information.

As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is in accordance with relevant data protection law.

The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as data) about you are:

General Data Protection Regulation (GDPR)

Data Protection Act (DPA) 2018

However, Communities, equalities and third sector is also subject to other specific laws which define when and for what purposes it can use your personal data.

Why we’re collecting your data and our lawful basis for doing so

In order for the council to provide the many different types of help and support from our teams in Communities, equalities and third sector, we’ll need to collect and process your data. What your data is used for will depend on which teams you are engaging with.

If, for example, you are a local voluntary organisation and wish to apply for grant funding for the work you do, we will need to collect your personal data so we can process your application and contact you with any queries.

If you’re part of a community group or forum and want to be kept informed of events and meetings that you wish to attend and contribute to, we’ll need to process your personal data in order to contact you with relevant information. 

Other areas of Communities, equalities and third sector include, but are not limited to:

  • providing support for refugees settling into the city
  • holding events designed to educate about and promote counter-extremism
  • assisting with and promoting events designed to create a more inclusive city

Information may be collected and processed so we can respond appropriately to any complaints or queries received. Depending on the nature of this type of contact will depend on how the information is used.

Data may be collated into statistics and reports so we can monitor our performance which can help us make the necessary improvements to the services we provide. Your data will be anonymised in these situations, when possible.

There are various lawful bases as to why we would collect and process your data. We’ll use the most appropriate lawful basis depending on the way you are engaging with our service.

The lawful bases to process your data are:

  • in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • a legal obligation to do so
  • in the performance of a contract

We will collect and process data because of one of the following pieces of legislation:

  • Local Government Act 1974 and 2000
  • Equalities Act 2010
  • Human Rights Act 1998
  • Housing Act 2004
  • Counter Terrorism and Security Act 2015

At times, we may collect and process data because you’ve given your consent for us to do so. In most instances, you will be asked to give your consent at the point of collection.

Sometimes we may also need to collect special category data, and in these instances, the lawful basis would fall under:

  • substantial public interest
  • explicit consent

The data we may collect

Personal Data

  • contact details including name, address, email address and telephone number
  • date of birth
  • proof of identity
  • information about your family
  • social and personal circumstances
  • financial details for purposes of receiving or making payments

Special Category Data

  • racial or ethnic origin
  • gender and sexual orientation

Who we’ll share your data with

Personal data may be shared internally to relevant teams or externally.

Internally your information may be shared with:

  • Council Tax
  • Welfare rights team
  • Benefits cap team
  • Housing benefits
  • Adult social care teams
  • Communications team
  • Public health
  • Finance team
  • Customer feedback team

Externally your information may be shared with:

  • our partners in the voluntary sector
  • private landlords
  • the police
  • the NHS
  • the Home Office
  • Department for Work and Pensions (DWP)
  • Educational services
  • Citizen’s Advice
  • the Voices in Exile organisation

Information shared with these teams or external bodies is always done:

  • using the minimum personal data necessary to provide the service
  • with the appropriate security controls in place
  • in line with legislation

Information is only shared with those agencies and bodies who need to know or where you have consented to the sharing of your personal data.

Data that is shared is always done:

  • on a case-by-case basis
  • using the minimum personal data necessary to provide the service
  • with the appropriate security controls in place
  • in line with legislation

Information is only shared with those agencies and bodies who need to know, or where you have consented to share your personal data.

We may use the information we hold about you to assist in the detection and prevention of crime or fraud.

We may also share this information with other bodies that inspect and manage public funds.

Holding your personal information

We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data.

How long we keep it will vary according to the services you are involved with, and the lawful basis for processing within those services.

However, the principles we will use to determine how long your data will be kept include:

  • the type of services you received, and whether you are still receiving them
  • if we’re still under a legal obligation, either to you or under UK law
  • any standards and guidance set out by the various regulators for our functions
  • whether you have expressed a preference that your data be retained, such as exercising a right to restricted processing

How your data will be stored

Your information will be stored on electronic databases, document management systems and on paper records.

Who can access your data

We’ll only make your information available to those who need to know, in order to perform their council role.

How we protect your data

Examples of the security measures we use are:

  • training our staff, to make them aware of how to handle information securely, and how and when to report when something goes wrong
  • we use encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be encrypted
  • data will be pseudonymised where possible, meaning that your identity will be removed, so work can be done without your identity being known by the people doing that work
  • controlling access to systems and networks to stop people who are not allowed to view your personal information, from getting access to it
  • regular testing of our technology and ways of working, including keeping up to date on the latest security updates (called patches)

Transferring data outside the European Economic Area

Your information is not processed outside of the European Economic Area.

Your individual rights

In relation to your personal information, you have the right:

  • to be informed – you have right to know about the collection and use of your personal data. We’ll inform you through our service-specific notices
  • of access – you can request to know what data we hold on you, along with an explanation for how it is used by making a subject access request
  • to rectification – you have the right to ask us to update, amend or change your information if it’s factually inaccurate or incomplete
  • to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent
  • to restrict processing – you have the right to request that we limit using your personal data for specific purposes. If you do not believe we have a lawful basis for a particular purpose, or where you consider the data to be incorrect. Upon receiving a restriction request, we have to consider our use of the data and provide you with a response
  • to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data while we investigate and provide a response

How to get advice or make a complaint

Data protection contacts

If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at data.protection@brighton-hove.gov.uk

Contact the council's Data Protection Officer 

Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:

You can contact the ICO:

  • on their website
  • by telephone: 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF

This Privacy Notice will be subject to review when there is a change.