Brighton & Hove City Council volunteers privacy notice

Read our privacy notice for information on how we collect, store and process your data.

This privacy notice is to explain and provide you with information on how we collect and hold data about you in relation to volunteering for BHCC and in light of the Covid 19 pandemic.

You can view the general Brighton and Hove City Council Privacy Notice which contains

Brighton and Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO).

Brighton & Hove City council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

Why we are using or processing your data

To best respond and help coordinate those volunteering for Brighton and Hove City Council, it is necessary to collect data about you and to analyse your information to improve the services we offer.

What information we need and how we will use it

To best place you in a volunteering role for the council we will collect and use the following information –

  • Name
  • Contact telephone number
  • Contact email
  • Whether you hold a current driving license
  • Whether you have access to your own vehicle
  • What type of motor insurance you have
  • If you are a qualified First Aider
  • If you have a current Disclosure and Barring Service (DBS) check
  • The minimum hours you are prepared to work
  • The maximum hours you are prepared to work
  • The types of work you are able to undertake
  • Your prior experience as a volunteer
  • Your work experience
  • Your Health and any medical issues we should be aware of

Who we will share your data with

Your data may be shared internally within Brighton and Hove City Council or externally, possibly with local services and groups. Only where we have deemed this necessary and when it is in line with our purposes outlined in this notice.

What is the lawful basis for processing personal data

Personal information

Article 6(1) (c) GDPR – Processing is necessary for compliance with a legal obligation to which the controller is subject;

Article 6(1) (e) GDPR – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Special category data

To comply with the UK’s current ‘Stay at Home’ rules you may only carry out volunteering tasks, which involve leaving your home, if you fulfil ALL the conditions below:

  • You are well and have no symptoms like a cough or high temperature and neither does anyone in your household;
  • You are under 70 years of age;
  • You are not pregnant; and
  • You do not have any long-term health conditions that make you vulnerable to coronavirus.

The processing of special categories of personal data, which includes data concerning a person’s health, are prohibited unless specific further conditions can be met, as follows:

  • Article 9 (2) (b) GDPR – Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;
  • Data Protection Act 2018, Schedule 1, Part 1(1) – Employment, social security and social protection;
  • Article 9 (2) (g) GDPR – processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued;
  • Article 9(2) (i) GDPR – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health; and
  • Data Protection Act 2018, Schedule 1, Part 1(3) – Processing is necessary for reasons of public interest in the area of public health.
  • Data Protection Act 2018, Schedule 1, Part 2 (6) – Statutory and government purposes;
  • Data Protection Act 2018, Schedule 1, Part 2 (18) – Safeguarding of children and of individuals at risk;

The legislation, policies and guidance that relate to this service include, but are not limited to:

  • The Coronavirus Act, 2020;
  • The Health and Safety at Work Act 1974;
  • The Safeguarding Vulnerable Groups Act 2006;
  • The Protection of Freedoms Act, 2012, The Disclosure and Barring Service, Part V;
  • The Rehabilitation of Offenders Act 1974, Exceptions order 1975;
  • The Civil Contingencies Act 2004 and (contingency planning) Regulations 2005 Allows the local authorities continue to exercise its functions in the event of an emergency;
  • The Local Government Act 2000 - Give powers to local authorities to promote economic, social and environmental well-being;

Storing your information

We will only keep your information for as long as it necessary, considering Government guidance the on-going risk presented by Coronavirus and the requirements of public accountability for our response to this emergency. As a minimum the information outlined in this privacy notice will be kept for the duration of the COVID-19 response, but in most cases, data will be retained for longer to meet evidential requirements under British statute and common law.

If possible, we will anonymise your personal data so that you cannot be identified, but this cannot be done where data is needed to provide direct services to individuals.

When the information is no longer needed for this purpose it will be either deleted or anonymised for statistical purposes.

How to get advice or make a complaint

Data protection contact information 

If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services. 

We also have a Data Protection Officer. Visit our data protection officer page to find their contact details. 

Please contact the Data Protection Team first if you have any concerns. 

You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.