Domestic and sexual violence service privacy notice

Read our privacy notice for information on how we collect, store and process your data.

Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:

General Data Protection Regulation (GDPR)

Data Protection Act (DPA) (2018)

However, the Domestic and Sexual Violence team is also subject to other specific laws which define when and for what purposes it can use your personal data.

Why we are collecting your data and our lawful basis for doing so

We are collecting data for the purpose of understanding the risks and providing support to individuals who have experienced, or are experiencing, domestic or sexual violence. We receive referrals which are then discussed with the Police, Health Services and other agencies to tailor the support given.

Contact details provided may be used for communication purposes in relation to any support we are giving.

The legislation we will use will depends on the support we provide. We have duties under the Crime and Disorder Act 1998 and the Domestic Violence, Crime and Victim Act 2004.

The council also has powers under one or more of the following pieces of legislation:

  • The Human Rights Act 2000
  • The Housing Act 2004
  • The Children Act 1989 and 2005

The Domestic and sexual violence team also processes data in order to conduct homicide reviews. The purpose of which is to establish what lessons can be learned from domestic homicide in relation to professionals and organisations to help improve responses and prevent domestic violence and homicide. Our lawful basis for processing data is legal obligation, specifically working within the Domestic Violence, Crime and Victim Act 2004.

When processing special category data, we would be doing so because it’s necessary for reasons of substantial public interest, specifically the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 ‘statutory etc. and government purposes’; and Paragraph 18 ‘safeguarding of children and of individuals at risk.’

The data we may collect

Personal Data

  • contact details, including name, address, email address, phone number
  • date of birth
  • proof of identity
  • national identifiers such as National Insurance number
  • information about your family
  • social and personal circumstances
  • employment details (when you apply for jobs)
  • location service
  • housing information relating your council tenancy
  • visual images, personal appearance and behaviour
  • licenses or permits held
  • business activities

Special Category Data

  • physical or mental health details
  • racial or ethnic origin
  • gender and sexual orientation
  • political opinions and affiliation
  • offences (including alleged offences)
  • religion
  • criminal proceedings, outcomes and sentences
  • genetic data

Who we’ll share your data with

Your data may be shared internally with Adult Social Care, Children’s Services, Housing and the Traveller Liaison Team.

We may also share your information externally with:

  • Sussex Police
  • Brighton and Hove NHS Clinical Commissioning Group
  • Brighton and Sussex University Hospital
  • Brighton Oasis Project
  • East Sussex Fire and Rescue Service
  • Fulfilling Lives Project
  • Inspire
  • Kent Sussex and Surrey Community Rehabilitation Company
  • Living Without Violence Programme
  • Sussex Partnership Foundation Trust- Mental Health service
  • National Probation Service, Rise/ CRI – Specialist Domestic Abuse Service
  • South East Coast Ambulance Service
  • Southern Housing Group
  • Stopover project
  • Substance Misuse Service – Pavilions, Sussex Community NHS Trust School Nurse
  • Sussex Community NHS Trust School Health Visitor
  • Refuge and Victim Support

Data that is shared is always done:

  • on a case-by-case basis
  • using the minimum personal data necessary to provide the service
  • with the appropriate security controls in place
  • in line with legislation

Information is only shared with those agencies and bodies who have a need to know or where you have consented to the sharing of your personal data.

We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Holding your personal information

We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.

The principles we use to determine how long your data will be kept include:

  • the type of services you received and whether you are still receiving them
  • whether we are still under a legal obligation either to you or under UK Law
  • any standards and guidance set out by the various regulators for our functions
  • whether you have expressed a preference that your data be retained, such as exercising your right to restricted processing

We will hold your data for 12 years from when contact was last made.

How your data will be stored

Your information will be stored in electronic databases, document management systems and on paper records.

Who can access your data

We will only make your information available to those who need to know to perform their council role.

How we protect your data

Examples of the security measures we use are:

  • training our staff to make them aware of how to handle information securely and how and when to report when something goes wrong
  • encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’
  • data is pseudonymised where possible, meaning that your identity will be removed, so work can be done without your identity being known by the people doing that work
  • controlling access to systems and networks to stop people who are not allowed to view your personal information from getting access to it
  • regular testing of our technology and ways of working, including keeping up to date on the latest security updates (commonly called patches)

Transferring data outside the European Economic Area

Your information is not processed outside of the European Economic Area.

Your individual rights

In relation to your personal information, you have the right:

  • to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
  • of access – you can request to know what we hold on you along with an explanation for how it is used by making a Subject Access Request
  • to rectification – you have the right to ask us to update, amend or change your information if it’s factually inaccurate or incomplete
  • to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we are obliged to consider our use of the data and provide you with a response
  • to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data while we investigate and provide a response

Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do, you have the right to ask us to make this decision manually instead.

How to get advice or make a complaint 

Data Protection Officer 

If you have a concern about how we collect or use your personal data you can contact the Council’s Data Protection Officer.  

How to make a complaint 

We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.  

Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113. 

You can also make a complaint or find out more information on the Commissioner's Office website

If your complaint is not about data protection, find details on how to make a complaint about a council service