We are committed to protecting your personal information.

The council is the data controller for purposes of the Data Protection Act (2018), and The General Data Protection Regulation (EU) 2016/679 ("GDPR"), and is also registered as a data controller with the Information Commissioner’s Office (ICO).

As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is according to relevant data protection law.

The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as data) about you are:

General Data Protection Regulation (GDPR)

Data Protection Act (DPA) 2018

Why we collect your data

We collect and use your data to:

  • review and process your PPE request
  • in some cases, to determine your eligibility to receive PPE
  • for internal reporting processes within the council and reporting to central government. The reports themselves will be statistical and anonymous
  • in the event of a product recall by central government/supplier or manufacturer we will use your data to alert you to the recall

Our legal basis for collecting your data

The legal basis we rely on for processing personal data is the performance of a public task, Article 6(e) of the General Data Protection Regulation (GDPR).

What data we collect from you

The personal data we'll collect from you is your:

  • name
  • address
  • email address 
  • phone number - mobile, home, work

Special Category data

We do not need to process any special category data about you in order to allocate you PPE. If you should share it with us, we won’t retain it or process it for any other purpose.

Who we share your data with

Your data may be shared internally with colleagues in the Health & Adult Social Care team and where necessary to determine eligibility, externally with the Carers Centre.

We will only make your information available to those who have a need to see it in order to fulfil your request.

We will not share your information with any other third party, unless we are under a legal obligation to do so.

How long we will keep your data

We will hold your data for a maximum of 3 years following the closure of the PPE Hub operation.

How we store your data

We will store your information on spreadsheets, document management systems and paper records.

How we protect your data and keep it secure

Examples of the security measures we use are:

  • training for our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong
  • access to your data will be confined to the people who need to see it to process your request. This data will be saved on a protected network
  • regular testing of our technology and ways of working, including keeping up to date on the latest security updates (called patches).
  • all paper records will be kept in a locked cabinet

Transferring your data outside the European Economic Area

Your data is not processed outside of the European Economic Area.

Your rights

Check your rights in relation to your personal information.

How to get advice or make a complaint

If you want to discuss any of your data protection rights, you can:

Information Commissioners Office (ICO)

The ICO is the national regulator with responsibility for ensuring compliance with data protection.

We would prefer you to contact us first with any concerns, but you can also contact the Information Commissioner to make a complaint:

  • on their website
  • by phone: 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow, SK9 5AF

Changes to this privacy notice

This privacy notice will be subject to review when there is a change.