We are committed to protecting your personal information.
Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 (“GDPR”), and is also registered as a data controller with the Information Commissioner’s Office (ICO).
As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is according to relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as data) about you are:
Why we’re collecting your data
We are collecting your data for the purpose of contacting you about arts & creative industry sector updates. We collate your information if you sign up to our mailing list on our homepage. You can unsubscribe at any time by emailing us via our contact page.
Our legal basis for collecting your data
GDPR (1)(a) consent.
The data we collect
We collect Personal data. The type of personal information collected from you is as follows:
- Contact details including name, email address, postcode.
- IP address and information regarding what pages are accessed and when.
We use an email service provider, MailChimp, to send our email updates/newsletters/briefings. The mailing list is maintained on their servers. Read more information on their terms and conditions here.
Who we share your data with
- Your information will be shared with the arts team at Brighton & Hove City Council.
- Your information will not be shared with any other third party without you being informed, unless we are under a legal obligation to do so. Your information will be located on Mailchimp.
How long we will keep your data
How your data will be stored
Your information will be stored on an electronic database.
How do we protect your data and keep it secure
Examples of the security measures we use are:
Training for our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong.
We use encryption when data is being sent, meaning we scramble information so other people can’t read it without access to an unlock key, where possible, we will pseudonymise your data. This means we will remove your identity so the people working with your data will not know your identity.
Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information, from getting access to it.
Regular testing of our technology and ways of working, including keeping up to date on the latest security updates (called patches).
Transferring Data outside the United Kingdom
Your information is not processed outside of the United Kingdom.
You have the following rights in relation to your personal information:
The right to be informed you have the right to know about the collection and use of your personal data. We will inform you through our service-specific notices.
The right of access you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”.
The right to rectification you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete.
The right to erasure you have the right to ask us to delete your personal information where:
it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent.
The right to restrict processing you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.
The right to data portability you can, in certain circumstances, ask us to provide you with the information you have supplied the Council, where it was obtained on the basis of consent or performance of a contract.
The right to object you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response.
Automated decision making and profiling we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.
How to get advice or make a complaint
If you want to discuss any of your data protection rights, you can:
contact the Data Protection Officer online
phone 01273 295 959
send an email to: [email protected]
Information Commissioners Office (ICO)
The ICO is the national regulator with responsibility for ensuring compliance with data protection.
We would prefer you to contact us first with any concerns, but you can also contact the Information Commissioner to make a complaint:
on their website
by phone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow, SK9 5AF
Changes to this privacy notice
This privacy notice will be subject to review when there is a change.
We use the following cookies on our website:
To determine whether your browser supports or allows cookies. It expires when you close your browser.
To distinguish users. Expires after two years.
Used to throttle request rate. Expires after 1 minute.
Used to distinguish users. Expires after 24 hours.