Revenues and business rates service privacy notice
Read our privacy notice for information on how we collect, store and process your data.
The data controller for your data
Brighton & Hove City Council is the data controller for purpose of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
Brighton & Hove City Council is committed to protecting your personal information. As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Why we are collecting your data
We are collecting your data for the purpose of administering local taxation services. As a Billing Authority, we have a statutory duty to establish liability for Council Tax and Business Rates and maintain an accurate register of taxpayers for billing and collection purposes.
We use your information to establish who should pay Council Tax or Business Rates and assess how much tax is due. Our processing activity may include creating accounts, issuing bills, awarding discounts, exemptions and rate relief, collecting payments and taking enforcement action where unpaid liability is owed to the council.
We may use your information where relevant to resolve complaints and protect public funds through the detection and prevention of crime and fraud, including data-matching. We may also undertake consultations in connection with the administration of Council Tax and the Council Tax Reduction scheme. If we use your information for statistical or research purposes we will only use anonymised data.
Sometimes we also receive information about you from other organisations, including the Valuation Office Agency, the Department for Work and Pensions, HM Revenue & Customs, the Land Registry, landlords and managing agents, credit reference agencies and enforcement agents.
We will use your information to help us confirm your identity when you contact our services. We may also check your information with other sources to ensure the information you have provided is accurate. If you do not provide the information requested you will still be liable as the occupier of the property. If you do not pay when required you could be subject to enforcement action.
What is the legal basis for collecting your data
We have a legal obligation for processing your information in accordance with the following regulations
- Local Government Finance Acts 1988 and 1992
- Council Tax (Administration and Enforcement) Regulations 1992
- Non-Domestic Rating (Collection and Enforcement)(Local Lists) Regulations 1989
- Taking Control of Goods Regulations 2014
In some circumstances we collect special category data about health to administer discounts and exemptions. We have a legal basis of substantial public interest to process this information for these purposes.
The data we may collect
The type of personal data we may collect from you is as follows:
- Contact details: including name, address, email address, social media profiles, telephone numbers
- Date of birth, proof of identity, national identifiers, such as National Insurance numbers
- Information about your family and other people living in your household
- Housing information relating your tenancy
- Financial details for purposes of making or receiving payments
- Employment details, business activities
- If you are visited by an Enforcement Agent audio and video recordings may be captured by body-worn video cameras
We may also collect special category (sensitive data) personal data that may include:
- Physical or mental health details, offences, criminal proceedings, outcomes and sentences.
Who we’ll share your data with
We share information with a range of organisations depending on the service being provided and the statutory requirements we have to comply with. We only share information where it is necessary and appropriate to do so and we ensure it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All our staff receive training on data protection and information security. If a taxpayer does not pay we may ask an enforcement agent to collect the tax due. To fulfil this purpose we will provide some personal data to an enforcement agency.
Your personal data may be shared with:
- other council departments, councils and local government organisations
- other central government organisations and statutory bodies, such as HM Courts and Tribunals Service, the Valuation Office Agency, the Department for Work and Pensions, HM Revenue and Customs, HM Land Registry, HM Prison Service and the Cabinet Office
- ombudsman and regulatory authorities
- contractors or third parties commissioned by the council to process data or provide goods and services, including enforcement agents and IT providers
- specialist public sector service providers who undertake review services on behalf of the local authority, including Single Person Discount Reviews, discounts, exemptions and rates relief
- debt collection and tracing agencies
- the Insolvency Service and Insolvency Practitioners
- credit reference agencies
- law enforcement and fraud prevention agencies, such as Sussex Police and prosecuting authorities
- Housing Associations, landlords and their agents
- voluntary, charitable and community organisations who assist people in need
- internal and external auditors
- the council operates shared services with Surrey County Council and East Sussex County Council. We may share your information with one of these partners if necessary to provide these services.
If you have given us your written permission your information may be shared with:
- a named friend or family member, a support worker or other individual authorised by you to act on your behalf, such as a charity or voluntary sector representative.
There are other specific situations where we may be required to disclose information about you, such as:
- where we are required to provide the information by law
- where disclosing the information is required to prevent or detect a crime, including fraud
- where disclosure is in the vital interests of the person concerned
How long we’ll keep data for and why
The retention of your personal information is in line with the Storage Limitation principle in the General Data Protection Regulation. How long we keep it will vary according to the services you are involved with and the legal basis for processing within those services.
However the principles we will use to determine how long your data will be kept include:
- what type of services you received and whether you are still receiving them
- whether we are still under a legal obligation either to you or under UK law
- any standards and guidance set out by the various regulators for our functions
- whether you have expressed a preference about your data being retained, such as through exercising a right to restrict processing
How your data will be stored
- Our customer database is hosted remotely in a secure cloud environment owned and maintained by our approved data processor. All data centres are located within the UK
- Your information will be stored electronically. Any paper correspondence will be scanned onto the system and held for three months before being securely shredded.
- We will only make your information available to those who have a right to see it. Some examples of the security measures we use include:
- training for our staff how to process information securely and how and when to report incidents when something goes wrong
- we use encryption so information is hidden and cannot be read without specialist knowledge, such as a password. This is done with a secret code and the hidden information is then said to be ‘encrypted’.
- pseudonymisation, meaning we will use a different name so we can hide parts of your personal information from view. This means someone outside of the council could work on your information for us without knowing your personal details.
- We control access to systems and networks to stop people who are not allowed to view your personal information from gaining access to it.
- We regularly test our technology and ways of working, including keeping up to date with the latest security updates (commonly called patches).
Transferring data outside the European Economic Area
We do not transfer any of your personal information outside of the UK.
Depending on the legal basis for processing your information you may have the following rights:
- A right to a copy of data held about you, an explanation for its processing and who it has been shared with – this right applies to data processed under any lawful basis
- A right to rectification (correction) of data which is demonstrably wrong – this right applies to data processed under any legal basis
- A right to restrict processing – this right applies if it has been shown that there is no legal basis for processing your data but you wish it to be retained
- A right to object to processing – this right does not apply where the council is under a legal duty to process your data but can be used where you dispute that there is a legal basis to process your data until the council can demonstrate what basis exists
- A right to erasure – this applies where there is no longer a legal basis to retain your data
- A right to portability of your data (having it moved to another organisation) – this right applies only where the legal basis was either consent or the performance of a contract but data will usually be transferred to another local authority if a child in care moves to a new location.
- A right to object to automated decision making – this right is applicable under all lawful bases for processing
How to get advice or make a complaint
Data Protection Contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 59 59 or by email at firstname.lastname@example.org.
The council has also appointed a Data Protection Officer. Contact the Data Protection Officer.
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority.
Contact details for ICO are stated below:
The ICO can be contacted:
- on their website
- by phone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This privacy notice will be subject to review when there is a change.
- Date: April 2019
- Date for review: April 2020