Housing service privacy notice
Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “data”) about you are:
However, Housing is also subject to specific other laws which define when and for what purposes it can use your personal data.
Why we’re collecting your data
In order for the council to provide its many Housing services throughout the city we must collect and process personal and special category data. What we use your data for will depend on your involvement with our Housing Service.
If, for example you are a council tenant then we must use your data to meet our obligations set out in the tenancy agreement, including providing support services, as well as ensuring you are meeting yours, which includes the managing of your rent account.
Those who have purchased their council property under the Right to Buy scheme will become a leaseholder, therefore, as the council still owns and manages the building we are required to hold data to fulfil our duties as a freeholder.
Other areas of Housing include, but is not limited to, working with travellers, seniors, supporting tenants into employment, maintenance of council property, dealing with anti-social behaviour and other criminality, ensuring the sustainability of council property, liaising with various resident groups and associations, and the managing and maintenance of car parks and garages.
Data may be collated into statistics and reports in order for us to monitor our performance which can help us make the necessary improvements to the services we provide. When possible your data will be anonymised in these situations.
What is the lawful basis for collecting your data
There are various lawful bases as to why we would collect and process data. Most commonly it will be done under performance of a contract. For example, a tenancy agreement.
The second most common basis is because of a legal obligation the council has. We will collect and process data because of one of the following pieces of legislation:
- The Housing Act 1985
- The Housing Act 2004
- The Care Act 2014
- Commonhold and Leasehold Reform Act 2002
- Town and Country Planning Act 1990
- The Local Government Act 2003
- Anti-Social Behaviour Crime and policing Act 2014
- Mobile Homes Act 2013
- Gas Safety (Installation & Use) Regulations 1998
- Building Regulations 2010
- Construction (Design and Management) Regulations 2015
Occasionally it may also be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
At times we may collect and process data because you have given your consent for us to do so. In most instances you will be asked to give your consent at the point of collection.
Sometimes it is also essential we collect special category data, and in these instances the lawful basis would fall under either:
- Substantial public interest
- Manifestly made public by the data subject
- Explicit consent
The data we may collect
We may collect personal data or special category data.
The type of personal information collected from you is as follows.
- Contact details; including name, address, email address, telephone number, etc.
- Date of birth
- Proof of identity
- National identifiers such as; NI numbers
- Information about your family
- Social and personal circumstances
- Financial details for purposes of receiving or making payments
- Location Service
- Housing information relating your council tenancy
- Visual images, personal appearance and behaviour
- Licenses or permits held
- Business activities
Special category data
- Physical or mental health details
- Racial or ethnic origin
- Gender and sexual orientation
- Offences (including alleged offences)
- Criminal proceedings, outcomes and sentences
Who we’ll share your data with
Personal data may be shared internally to relevant teams or externally but is always done:
- On a case-by-case basis
- Using the minimum personal data necessary to provide the service
- With the appropriate security controls in place
- In line with legislation.
Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the sharing of your personal data.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
Holding your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.
The principles we use to determine how long your data will be kept include:
- What type of services you received and whether you are still receiving them
- Whether we still are still under a legal obligation either to you or under UK Law
- Any standards and guidance set out by the various regulators for our functions
- Whether you have expressed a preference that your data be retained, such as exercising your right to restricted processing
How your data will be stored
Your information will be stored in electronic databases, document management systems and/or on paper records.
Who can access your data?
We will only make your information available to those who have a need to know in order to perform their council role.
How do we protect your data?
Examples of the security measures we used are:
- Training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong
- We use encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’.
- Where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
Transferring data outside the European Economic Area
Your information is not processed outside of the European Economic Area.
Your individual rights
You have the following rights in relation to your personal information:
- The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
- The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”
- The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete
- The right to erasure – you have the right to ask us to delete your personal information where:
- It can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent.
- The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. On receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.
- The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the council, where it was obtained on the basis of consent or performance of a contract.
- The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. On receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response.
Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.
At present, the council only uses automated decision processes to identify first round offers of school placements. These offers are subject to appeal and you have the right to seek a review of your school placement offer by a council officer.
How to get advice or make a complaint
Data protection contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at firstname.lastname@example.org
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:
You can contact the ICO:
- on their website
- by telephone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This Privacy Notice will be subject to review when there is a change.