Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.

Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

Purposes and lawful basis of processing

The reason and legal basis for collecting the data will be different for each consultation. For each consultation, the legal basis will be included on the consultation start page.

If special category data is being processed, then we will state this on the consultation start page.

Who we will share your data with

Your data may be shared with internal departments in the council. If we intend to share your data with external organisations, we will include this on the consultation start page:

  • who the data will be shared with
  • why the data is being shared with them

How long we will hold your data (retention)

We will not hold your data beyond the stated need for each consultation.

Data we may collect

Depending on the consultation, we may collect the following personal data:

  • name
  • age or date of birth
  • email address
  • post codes or part of a post code

We may also collect special category (sensitive data) personal data if you provide answers to our equalities monitoring questions. This could include:

  • health details
  • ethnicity
  • gender
  • religion
  • sexual orientation
  • other protected characteristics

Email notifications

Citizen Space (the consultation portal software) will ask for your email address if you want to:

  • save your progress and complete the consultation later
  • receive a submission acknowledge email

In these instances, the email address you supply will not be linked to your consultation response and will be deleted from the system within a few days.

How your data will be stored

Your information will be stored electronically and/or on paper records. We will only make them available to those who have a right to see them.

Example of the security measures we used are:

  • controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
  • training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
  • regular testing of our technology and ways of working including keeping up to date on the latest security updates.

Will my data be transferred outside of the European Economic Area?


Your information rights

Under data protection legislation you have certain rights concerning your information, namely:    

  • the right to be informed - to be informed regarding why, where and how we use your information
  • the right of access – to request access to the information we hold about you
  • the right to rectification– to have your information corrected if it is inaccurate or incomplete
  • the right to erasure or the ‘right to be forgotten’– to ask for your information to be deleted or removed where there is no need for us to continue processing it, except when processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest
  • the right to restriction of processing– to ask us to restrict the use of your information in certain circumstances
  • right to data portability, to ask us to copy or transfer your information from one data controller to another in a safe and secure way, without impacting the quality of the information
  • the right to object to processing– to object to how your information is used in certain circumstances.
  • the data subject right not to be subject to a decision based solely on automated processing

Not all these rights may be applicable to you.

Learn more about your rights.

How to get advice or make a complaint

Contact the council's Data Protection Officer

If you wish to discuss any of your data protection rights, you can contact the Data Protection team by phone on 01273 29 59 59 or sending an email

Contact the council's Data Protection Officer.

While we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:

You can contact the ICO:

  • on their website
  • by phone 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF

This privacy notice will be subject to review when there is a change.

Delib Privacy Information

Delib's software (this website) enables organisations to set up and operate activities, through which they can engage with you.

This site is managed by the controlling organisation, Brighton & Hove City Council. When you access and use this site, the personal information you have submitted to these activities will go to the organisation. Delib will not access your personal information unless requested to do so by the organisation, and only for the purposes of assisting them with the administration of this site.

Accessing your Personal Information

If you have any questions or requests about your personal information, for example to request a copy of it, or to ask for it to be corrected if you think it is wrong, please contact the organisation (as stated in their Privacy Notice / Privacy Statement / Privacy Policy). It is the controlling organisation's responsibility to answer any questions or requests about your personal information.

Collection of Browser Information

The information provided by your computer when you use this website is collected by Delib. For example, your browser type, IP address, language preference, referring site and the date and time. The purpose for collecting this information is to maintain the security of the website and for operating and improving the software.