Privacy Notice – Household Journey Data Collection

Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law

The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:

General Data Protection Regulation (GDPR)
Data Protection Act (DPA) (2018)

Why we’re collecting your data:

We are collecting your data for the purpose of developing informing a Strategic Transport Model to  inform future transport schemes and programmes within  Brighton and Hove.

What is the Lawful Basis for collecting your data?

  • The council’s lawful basis for processing your personal data is to perform a public task in line Section 8 of the Data Protection Act 2018 (DPA 2018) Article 6(1) and the Local Government Act 1999.
  • The council’s lawful basis for processing your special category data is substantial public interest, government, and statutory purposes in line with the Equalities Act 2010 and DPIA 2018 Article 9 Conditions 6 (Statutory and government purposes) and 8 (Equality of opportunity or treatment).

 The data we may collect:

We may collect Personal data or Special Category Data

The type of personal information collected from you is as follows:

  • Contact details; including name, address, email address.
  • Information about your family

We may also collect Special Category of personal data that may include:

  • Physical or mental health details
  • Racial or ethnic origin
  • Gender and sexual orientation
  • Religious

 Who we’ll share your data with

Your data will  be shared with Qa Research who are collecting data on behalf of Brighton & Hove City Council.  Your postcode will be shared with Jacobs Ltd who are processing the data on behalf of Brighton & Hove City Council. Data is being shared in order to develop a Strategic Transport Model for Brighton and Hove.

Holding your personal information

We will hold your data for no longer than 12 months after the data is collected.

However the Principles we will use to determine how long your data will be kept include:

  • Whether you have expressed a preference that your data be retained, such as exercising a right to restrict processing.

How your data will be stored

Your information will be stored electronic databases and document management systems.

Who can access your data?

We will only make your information available to those who have a need to know in order to perform their council role.

How do we protect your data?

Examples of the security measures we used are:

  • Training for our staff making them aware of how to handle information securely and how and when to report when something goes wrong.
  • We use Encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’.
  • Where possible, data will be pseudonymised, meaning that your identity will be removed, so that work can be done without your identity being known by the people doing that work.
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

 Transferring Data outside the European Economic Area

Your information is not processed outside of the European Economic Area.

Your Individual Rights (erase rights as applicable with reference to the Lawful Basis Impact on Individual Rights Table)

You have the following rights in relation to your personal information:

  • The right to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices.
  • The right of access – you can request to know what we hold on you along with an explanation for how it is used by making a “Subject Access Request”.
  • The right to rectification – you have the right to ask us to update, amend or change your information if it is factually inaccurate or incomplete.
  • The right to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent.
  • The right to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response.
  • The right to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the Council, where it was obtained on the basis of consent or performance of a contract.
  • The right to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response.

 Automated decision making and profiling

We will tell you if we make an automated decision, including profiling, with your personal information. If we do this you have the right to ask us to make this decision manually instead.

At present, the Council only uses automated decision processes to identify first round offers of school placements.  These offers are subject to appeal, and you have the right to seek a review of your school placement offer by a council officer.

How to get advice or make a complaint

 Data Protection Contacts

  • If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 5959 or by email at
  • The council also has a Data Protection Officer, who can be contacted via the Council website data protection officer page
  • Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

 You also have the right to lodge a complaint with a supervisory authority.

Contact details for ICO is stated below:

This Privacy Notice will be subject to review when there is a change.