Youth Participation Team privacy notice

The data controller for your data

Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.

Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

Why we’re collecting your data

We are collecting your data for the purpose of providing a service such as Independent Visitors and Youth Advocates; promoting your involvement in the Children in Care Council, Youth Council, Young Ambassadors, and ARC (Ask, Report, Change); Youth Arts Award programme and the Duke of Edinburgh Award programme.

What is the legal basis for collecting your Data

Our legal basis for collecting this data is legal obligation under the Children Act 1989, Children & Young Persons Act 2008, and United Nations Convention on the Rights of the Child.  It is also considered necessary to enable us to carry out our tasks, functions, duties or powers.

Where special category data is processed our legal basis is Substantial Public Interest. For some information, our legal basis is Explicit Consent and you will be asked for your consent, for example, to take photos or films to promote our services.

The data we may collect

We may collect personal data or special category data. The type of information collected from you is as follows:

Personal data

  • Contact details; including name, address, email address, telephone number, etc.
  • Date of birth
  • Information about your family
  • Social and personal circumstances
  • Employment details (when you apply for jobs)
  • Visual images, personal appearance and behaviour

Special category data

We may also collect special category (sensitive data) of personal data that may include:

  • Physical or mental health details
  • Racial or ethnic origin
  • Gender
  • Religious

Who we’ll share your data with

Your information will not be shared with any other third party without you being informed.

How long we’ll keep data for and why

In case you should ever want access to your records, which is your right, we keep them for 100 years after your birth date so they will be available throughout your life.

How your data will be stored

  • Your information will be stored electronically and on paper records.
  • We will only make your information available to those who have a right to see them. Example of the security measures we used are:
    • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
    • We use Encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a code. The hidden information is said to then be ‘encrypted’.
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

Transferring data outside the European Economic Area

We will not transfer your data outside the European Economic Area.

Your rights

Depending on the legal basis for processing your information you may have the following rights:

  • A right to a copy of data held about you, an explanation for its processing and who it has been shared with – this right applies to data processed under any lawful basis
  • A right to rectification (correction) of data which is demonstrably wrong – this right applies to data processed under any legal basis
  • A right to restrict processing – this right applies if it has been shown that there is no legal basis for processing your data, but you wish it to be retained
  • A right to object to processing – this right does not apply where the council is under a legal duty to process your data, but can be used where you dispute that there is a legal basis to process your data until the council can demonstrate what basis exists
  • A right to erasure – this applies where there is no longer a legal basis to retain your data
  • A right to portability of your data (having it moved to another organisation) – this right applies only where the legal basis was either consent or performance of a contract but data will usually be transferred to another local authority if a child in care moves to a new location.
  • A right to object to automated decision making – this right is applicable under all lawful bases for processing

How to get advice or make a complaint

Data Protection Contacts

If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 5959 or by email at data.protection@brighton-hove.gov.uk

The council has also appointed a Data Protection Officer. Contact the Data Protection Officer.

Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

You also have the right to lodge a complaint with a supervisory authority.

Contact details for ICO are stated below:

The ICO can be contacted:

  • on their website
  • by phone: 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF

This privacy notice will be subject to review when there is a change.

  • Date: April 2019
  • Date for review: April 2020