This privacy notice applies to Community Facilities, which manages community centres, allotments, sports pavilions, and cemeteries, and uses associated booking systems, databases, CCTV, and access control systems.

This notice explains how personal information is used, what it is used for, who it might be shared with and why, and how long it is kept. We ensure that your personal data is processed fairly, lawfully, kept safe and secure, and retained for no longer than is necessary.

We are fully committed to complying with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

Our Data Protection Officer is the Head of Governance, People and Performance. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer.

We collect and process information to enable us to manage, operate, and provide access to our community facilities and related services. This includes:

• personal details: name, address, telephone number, email
• booking information: dates, times, and facilities requested
• payment details for facility hire or services
• tenancy information for allotments
• lease, licence, or exclusive right of burial details for cemeteries
• next of kin and family details for cemetery records
• correspondence between you and the Community Facilities team
• sensitive personal data where required (for example accessibility or health-related needs, optional)
• financial information (for example payment method or account details)
• CCTV footage for the prevention and detection of crime, safety, and security monitoring
• access control system data, such as key fob or card entry logs, used to manage authorised access to community buildings

We use this information to:

• manage bookings for community facilities, allotments, and sports pavilions
• administer cemetery burials and maintain grave ownership and memorial records
• process payments, refunds, deposits, and charges
• communicate with you about bookings, plots, or facility usage
• comply with statutory requirements relating to cemetery management
• prevent fraud or misuse of services
• inform customers about maintenance, closures, or service changes
• organise community activities and events
• collect statistical information to improve our services
• monitor facilities via CCTV for safety and security purposes
• operate access control systems to manage entry and safeguard council assets

With your consent (opt-in), we may also:

• provide you with updates or news related to community facilities
• inform you about relevant community events and activities
• conduct surveys to improve the services we provide

As a burial authority we are required by law to keep permanent and accurate statutory records of all burials and related information. These include:

• the name of the deceased
• the date and place of burial
• the grave or plot reference
• details of the owner of the exclusive right of burial

These records are maintained under the Local Authorities’ Cemeteries Order 1977 (LACO 1977) and related legislation.
Cemetery registers form part of the official public record and must be retained permanently. They are available for public inspection during normal office hours, in accordance with Regulation 10(2) of LACO 1977.

Crawley Borough Council is registered as a Data Controller with the Information Commissioner’s Office (Registration Number Z5327706).

Where external software or booking platforms are used to manage bookings or access control systems, these organisations act as data processors on our behalf.

We process personal data under the following lawful bases, as set out in the UK GDPR:

• contractual necessity – to provide the facility or service you have requested
• legal obligation – to comply with statutory duties such as cemetery record keeping under the Local Authorities’ Cemeteries Order 1977
• public task – to deliver services carried out in the public interest
• legitimate interests – to maintain security and prevent crime through the use of CCTV and access control systems
• consent – where you have given clear opt-in consent (for example, to receive updates or participate in surveys)

For special category data, processing is permitted where:

• it is necessary for reasons of substantial public interest
• it is required to protect the vital interests of an individual

We take appropriate organisational and technical measures to protect personal data from unauthorised access, loss, misuse, or disclosure.

Where systems require account passwords, users are responsible for keeping their passwords confidential.

CCTV footage and access control data are securely stored, with access limited to authorised personnel for security and safety purposes only.

We may share your data with:

• other council departments where necessary for service delivery
• payment processors and finance providers for handling transactions and refunds
• external contractors or service providers who support facility management, maintenance, or security systems
• regulatory or statutory bodies where required by law (for example under LACO 1977)
• partner agencies involved in delivering community wellbeing programmes
• law enforcement agencies, such as the police, for the prevention or detection of crime

We do not share your data with third parties for marketing purposes without your explicit consent.

Your personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, and in line with legal and statutory obligations:

• CCTV footage is normally retained for up to 30 days unless required for investigation
• access control records are retained only as long as operationally necessary for monitoring and security purposes
• cemetery records are retained permanently as required by law under the Local Authorities’ Cemeteries Order 1977
• all other records are kept in line with our corporate retention schedule

You have the right to:

• be informed about how your data is processed
• access your personal information (Subject Access Request)
• have inaccuracies corrected
• have personal data erased (where appropriate)
• restrict processing
• request data portability
• object to certain types of processing
• withdraw consent (where consent is the lawful basis)
• complain to the Information Commissioner’s Office (ICO)

If you have any questions or concerns about how your personal information is handled, you can email the Date Prtection officer at dpo@crawley.gov.uk or write to:

For independent advice about data protection and privacy rights, you can contact the Information Commissioner on:

• telephone: 0303 123 1113
• online: visit the Information Commissioner's Office website
• email: casework@ico.org.uk
• or write to the address below: