Brighton and Hove City Council are committed to protecting your personal information and we take our responsibilities under the Data Protection Act 2018 and EU General Data Protection Regulation (GDPR) very seriously.
As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
We collect, hold and process a considerable amount of information, including personal information which we need to help us deliver services to the City.
We will make sure that any personal information collected and used is done so in line with data protection principles.
Your personal information will be:
- Processed fairly and lawfully
- Only used for specific purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for an appropriate amount of time
- Protected using appropriate security safeguards.
For full details of our policies and guidelines, and to make a request for information, please check our Data Protection page.
1.1. Who are we?
The council is the data controller for purposes of the Data Protection Act (2018) and EU General Data Protection Regulation (GDPR) and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.
The council has an overarching Data Protection Policy which provides the high level principles we operate to. This privacy notice describes how we ensure those principles are reflected into practice and explains what we will, and will not, do with personal information.
We do not sell personal details to any external organisations. External contractors may process information on behalf of the council. We require all these contractors to make sure they keep the personal information safe and prohibiting them from doing anything other than following our instructions.
1.2. What is personal data?
Personal data includes basic details such as name, address, telephone number, date of birth, and notes and comments made about a person. The information may be held in paper files, electronically or both. This may include, but is not limited to: computer entries, written correspondence, emails, letters, files, photographs and video recordings.
Sensitive personal data (also known as Special Category Data) includes information on: race or ethnicity, political opinions, religious beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
What information is being used?
The information we hold about you will be the information that you provide on registration plus details of any courses that you have taken This will include:
- Your name and email address
- The team that you work for, your work address and manager details
- Your work telephone number
- Your job title and role
- Equal opportunities monitoring data
How will your information be used?
We hold your information so that we can provide training and development for your organisation and you, manage feedback, compliments and complaints. This will include using your name and email address to contact you and your manager in the course of this business.
Equal opportunities monitoring data (special categories of data), such as information about ethnic origin, sexual orientation, health, religion or belief, age, gender or marital status, is collected to:
- Generate statistical equal opportunities information about our workforce. Brighton & Hove City Council has a statutory duty to collect this information and it will assist in ensuring fairness of treatment as statistical monitoring will show whether minority groups are being treated equitably.
- Generate statistical information about our workforce for workforce planning purposes, and in order to respond to Freedom of Information requests from the public. All information used in this way is anonymised, and does not identify specific individuals.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never sold for direct marketing purposes.
We have strict controls on who can see your paper or electronic records. Nobody is allowed to see your information unless they have a valid reason and appropriate authorisation.
Our staff are trained to handle your information correctly and protect your confidentiality and privacy.
Your information is not processed outside of the European Economic Area.
Data is stored on a 3rd party database. This is administered via an internet based learning management system (LMS) which is hosted by an external supplier, WebBased Ltd. Any organisation commissioned by the Council will be under contractual obligation to comply with data protection legislation.
What is the legal basis for processing your information?
We collect and hold your data in order to provide you with training and development. If you are a member of BHCC staff then it is part of the Council's contractual arrangement with you and processing is necessary to carry out obligations in the field of employment. For other users of our services we collect and hold your data as part of our a legitimate interests in providing training and development for you.
How long will your information be kept for?
All information processed by Brighton & Hove City Council is subject to a retention policy which details how long we will retain the information. This is based on legal requirements and service needs. Particular care is being taken to ensure that records relating to Children's Services and the safeguarding of vulnerable adults are not destroyed inappropriately and therefore any training records that relate to these services will be held for 75 years. Any training records linked to Health & Safety and Occupational Health will be held for 50 years. All other training records will be held for 7 years.
Sharing your information
Any sharing of personal data is always made:
- on case-by-case basis
- using the minimum personal data necessary
- with the appropriate security controls in place
- in line with legislation.
We may also share your information if it is needed to protect you or someone else from harm.
As a data controller we have a duty to inform you of not only why your personal information is being processed but what rights you have with regard to your personal information too.
You have the right to:
- Be informed of how your personal information is being used
- Have access to information held about you, this is commonly known as a Subject Access Request (SAR)
- Have your personal information deleted if it was obtained under the basis of consent and if no other legal basis exists to retain it
- Have inaccuracies within your personal information corrected
- Restrict processing of your personal information until inaccuracies are corrected, processing is unlawful or if you dispute the legal basis for processing
- Object to processing of your personal information for direct marketing and in some cases where it is used for archives or statistical purposes
- Have your personal data transferred to another organisation if obtained under the legal basis of consent
- Be informed of where automated decision making (ADM) takes place and be given an option to opt out of ADM.
If you wish to exercise your information rights, please contact:
- our Data Protection team on firstname.lastname@example.org give us a call on 01273 295959.
- our Data Protection Officer(shared role with East Sussex and Surrey County Councils)
If this privacy statement changes in any way, we will place an updated version on this page.
By regularly reviewing this page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with others.
We are under a duty to share data within the council services for effective service provision. Your information will be shared with relevant services as stipulated in our Data Protection Notification with the ICO under the Data Protection Act 2018 and EU General Data Protection Regulation (GDPR)
We will endeavour to ensure your personal data will be processed in accordance with the Principles and Rights of the Data Protection Act 2018 and any disclosure(s) made will be in accordance with our Notification, which can be viewed at www.ico.gov.uk . A copy of the Notification is also available on request from the council.
All material on this website, including text and graphics, is copyright of Brighton & Hove City Council unless otherwise stated. Use may be made of this material by educational organisations without permission from Brighton & Hove City Council if an acknowledgement to the Council is included. All other use of this material may only be made with the express written permission of Brighton & Hove City Council Council.
Brighton & Hove City Council is committed to the highest standards of quality of information. If you think that there are any errors or out of date information please notify us (explaining which page contains the error). Thank you for your help.
While every care has been taken in the compilation of this information, Brighton & Hove City Council will not be held responsible for any loss, damage or inconvenience caused as a result of inaccuracy or error within these pages. The Council does not endorse any external linked sites and is not responsible for their content.
Collecting information automatically
We collect statistics about your visit to our website. We use this information to track user activity which in turn helps us to improve the website. These statistics do not contain personal data and cannot be traced back to an individual.
You can decide what cookies are allowed and delete cookies at any time by adjusting settings on your web browser. Please be aware that restricting cookies may have an impact upon the functionality of our website. Scroll down to see the cookies used and our summary of terms to find out more about cookies.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
|ASPSESSIONID||We use this cookie so that once you have logged on with username and password you won’t have to do it for every page you request from our site.||When you close your browser.|
|textl||This cookie is only set by our Content Management System when you choose an accessibility option. This cookie is used to remember "text size" choices chosen by the user. It collects information in an anonymous form.||24 hours|
|textd||This cookie is only set by our Content Management System when you choose an accessibility option. This cookie is used to remember "text only view" choices chosen by the user. It collects information in an anonymous form.||24 hours|
|highc||This cookie is only set by our Content Management System when you choose an accessibility option. This cookie is used to remember "high contrast" choices chosen by the user. It collects information in an anonymous form.||24 hours|
Summary of terms
A software application that displays web pages. The most popular ones used to access websites are Microsoft Internet Explorer, Google Chrome, Mozilla and Firefox.
IP (Internet Protocol)
All networks connected to the internet speak IP, the technical standard which allows data to be transmitted between two devices. TCP/IP (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood.
If you are connected to the Internet you have one, for example it may look something like this 22.214.171.124.
A user's visit to a site. Begins when the user first accesses any page on a given site and ends after a visitor has left that site and not revisited it within a specified amount of time (normally 20 minutes) or when the user's browser is closed.
Delivers (serves up) web pages to your computer.