Open navigation

Brighton & Hove City Council TEST is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:


General Data Protection Regulation (GDPR)
Data Protection Act (DPA) (2018)

Why we’re collecting your data

  • We are collecting your data for the purpose of contacting you with sector updates. We collate your information if you sign up to our mailing list and you can unsubscribe at any time by emailing us via our contact page. 

What is the Lawful Basis for collecting your Data

  • **We have a lawful basis for processing (insert what Lawful bases of processing. Include applicable British law where either Legal Obligation or Public Task is identified as one or more lawful basis)*
  • **If special category data is being processed then insert at least one additional article 9 lawful basis here.*

The data we may collect

We may collect Personal data. The type of personal information collected from you is as follows:

Contact details via our mailing list; including name, email address, postcode.

IP address and information regarding what pages are accessed and when.


**Special Category Data (Remove any classes of data you do not process from the list below.  Add any additional classes you do process which are not listed)

We may also collect Special Category of personal data that may include:


Racial or ethnic origin

Gender and sexual orientation

Trade union membership

Political opinions and affiliation

Offences (including alleged offences)


Member of Trade Union 

Criminal proceedings, outcomes and sentences

Genetic Data

Biometric Data 

Who we’ll share your data with

Your information will not be shared with any other third party without you being informed, unless we are under a legal obligation to do so.

  • **The council operates shared services with Surrey County Council and East Sussex County Council. may share your information with one of these partners if necessary to provide these services

Holding your personal information

**(If you know the retention period use the statement below)

We will hold your data for (insert period of time) 

**(If you don’t know the retention period use the statement below)

We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.

However the Principles we will use to determine how long your data will be kept include:


  • What type of services you received and whether you are still receiving them
  • Whether we still are still under a legal obligation either to you or under UK Law
  • Any standards and guidance set out by the various regulators for our functions
  • Whether you have expressed a preference that your data be retained, such as exercising a right to restrict processing


How your data will be stored

Your information will be stored on an electronic database.

  • Who can access your data
  • We will only make your information available to those who have a need to know in order to perform their Council role.

**How do we protect your data

Examples of the security measures we used are:

  • Training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong. 
    • We use Encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’.
    • Where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work. 
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it. 

Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

Transferring Data outside the European Economic Area

Your information is not processed outside of the European Economic Area. 


Your Individual Rights (erase rights as applicable with reference to the Lawful Basis Impact on Individual Rights Table)

You have the following rights in relation to your personal information: 

The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices

The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”

The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete

The right to erasure – you have the right to ask us to delete your personal information where:

  • It can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent. 

The right to restrict processing – you have the right to request that we limit using your personal data  for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect.  Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.

The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the Council, where it was obtained on the basis of consent or performance of a contract.

The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information.  Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response.

Automated decision making and profiling – we will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.

At present, the Council only uses automated decision processes to identify first round offers of school placements.  These offers are subject to appeal and you have the right to seek a review of your school placement offer by a council officer.

How to get advice or make a complaint


Data Protection Contacts

  • If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 5959 or by email at
  • The council also has a Data Protection Officer, who can be contacted via the Council website data protection officer page 
  • Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office.  The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office


You also have the right to lodge a complaint with a supervisory authority.


Contact details for ICO is stated below



This Privacy Notice will be subject to review when there is a change.



Who we are

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements