Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:
Why we’re collecting your data
The Healthy Lifestyles Team collect your personal data in order to understand how we can support you or to enable you to participate in the activities and support programmes we offer.
We provide access to a range of services for people in the city to increase physical activity, lose weight, eat well, stop smoking, reduce alcohol and to improve wellbeing. We also provide support for professionals, volunteers and organisations seeking to improve the health of people in the city.
Our services may be directly provided by us, by one of our partners such as the NHS, by locally commissioned services, or delivered as a partnership with other organisations.
Your data may be used to generate anonymised reports to measure the impact of these services and promote our work, but you will not be identified within these reports.
Lawful basis for collecting your data
If you are contacting our service for support or as part of a referral to our healthy lifestyle support programme, we collect your personal data with your consent, under Article 6,1a of the GDPR.
If you are booking a ticket or place at an event or activity we provide we have a lawful basis for processing under GDPR - Article 6(1)(b) – performance of a contract.
We collect special category data with your consent under Article 9, 2a of the GDPR.
What data we will collect
We may collect personal data or special category data.
The types of personal information that may be collected from you is as follows:
- Contact details; including name, address, email address, telephone number
- Date of birth
- Lifestyle information to help us to provide you with the right support
- Information on other services you are/have accessed before
- Financial details for purposes of receiving or making payments for services or for checking if you qualify for concessions prices on some of our events or activities where these are applicable
- Family details (emergency contacts)
- Visual images, photographs or film
- If you are engaging with our service as a representative of an organisation we may also collect your Job Position or Title and business activities.
- Any additional support you may need to communicate with us
We may also collect special category personal data that may include:
- Physical or mental health details, to help ensure we can provide you with healthy lifestyles support safely and communicate with you effectively.
- Racial or ethnic origin, gender and sexual orientation and religion may be collected to help us ensure our services are open and accessible to all.
Who we’ll share your data with
Your data will be shared with staff working for the Healthy Lifestyles Team, to stop you having to explain things more than once to members of our team.
We work with a range of healthy lifestyle services provided by or commissioned by Brighton & Hove City Council or local activity providers and other voluntary services or contractors working on our behalf to provide our programmes. Your data may be shared with these organisations in order to provide these services and to stop you having to explain things more than once.
We have a list of the partners with whom we may share your data.
We may also share your data with health professionals, such as your doctor, district nurse or carers with your consent.
The council operates shared services with Surrey County Council and East Sussex County Council. We may share your information with one of these partners if necessary to provide these services.
How long we'll keep your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services. You will be informed of the retention period when registering for our services.
However the principles we will use to determine how long your data will be kept include:
- What type of services you received and whether you are still receiving them
- Whether we still are still under a legal obligation either to you or under UK Law
- Any standards and guidance set out by the various regulators for our functions
- Whether you have expressed a preference that your data be retained, such as exercising a right to restrict processing
How your data will be stored
Your information will be stored in electronic databases, document management systems and/or on paper records. We will only make your information available to those who have a need to know in order to perform their role.
Examples of the security measures we use are:
- Training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong
- We use Encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’
- Where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Transferring data outside the European Economic Area
Your information will not be processed outside of the European Economic Area unless you have consented to receiving marketing emails from our service.
We use an email service provider, MailChimp, to send our email updates/newsletters/briefings. The mailing list is maintained on their servers. Find information on MailChimp's terms and conditions.
Your individual rights
You have the following rights in relation to your personal information:
- The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
- The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”
- The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
- The right to erasure – you have the right to ask us to delete your personal information where:
- It can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent
- Please note that if you ask us to delete your data you may no longer be able to access support through our team
- The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response
- The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the council, where it was obtained on the basis of consent or performance of a contract
- Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead
How to get advice or make a complaint
Data protection contact information
If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services.
We also have a Data Protection Officer. Visit our data protection officer page to find their contact details.
Please contact the Data Protection Team first if you have any concerns.
You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.