The council is the data controller for purposes of the Data Protection Act (2018) and EU General Data Protection Regulation as of May 2018 and is registered as a data controller with the Information Commissioner’s Office (ICO)

Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

Purposes and lawful basis of processing

We are collecting your data for the purpose of registering a food business establishment. Information collected may also be used to carry out investigations and enforcement action should the need arise. Your data will be used to update our public register of food businesses in the city. You contact information will also be used for communication purposes, providing advice and guidance on running a food business, which includes legislative updates and standards. 

Our lawful basis for processing data is due to our legal obligations under the Food Safety Act 1990 and Food Safety and Hygiene (England) Regulations 2013.

Who we will share your data with

Your data will be shared internally with the Licensing Team and possibly Planning and Building Control. Your data will also be shared externally with East Sussex Fire and Rescue Service and other local authorities. We may use the information we hold about you to assist in the detection and prevention of crime or fraud which may mean sharing with other public bodies, such as the Police, Revenues and Customs, UK Visa and Immigration and the Department of Work and Pensions. We use an email and text message service provider, Gov.UK Notify to send email and text updates. Your contact email address and mobile number may be uploaded to Gov.UK Notify so that we can contact you quickly with information we are under a duty to provide to you in association with our services.  These details will be used solely for the purpose of making contact when we are required to.

Details are held on their servers for no longer than 7 days after an email/text has been sent. Find more information on their security settings.

How long we will hold your data (retention)

We will hold your data for the length of time you are trading plus six years.

Transferring data outside the European Economic Area

Your information is not processed outside of the European Economic Area.

Your information rights

Under GDPR you have certain rights concerning your information.

How to get advice or make a complaint

Data protection contacts

If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 59 59 or by email at

Contact the council's Data Protection Officer

Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:

You can contact the ICO:

  • on their website
  • by telephone: 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF

This privacy notice will be subject to review when there is a change.