The council is the data controller for purposes of the Data Protection Act (2018) and EU General Data Protection Regulation as of May 2018 and is registered as a data controller with the Information Commissioner’s Office (ICO)
Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Purposes and lawful basis of processing
We are collecting your data for the purpose of registering a food business establishment. Information collected may also be used to carry out investigations and enforcement action should the need arise. Your data will be used to update our public register of food businesses in the city. You contact information will also be used for communication purposes, providing advice and guidance on running a food business, which includes legislative updates and standards.
Our lawful basis for processing data is due to our legal obligations under the Food Safety Act 1990 and Food Safety and Hygiene (England) Regulations 2013.
Who we will share your data with
Your data will be shared internally with the Licensing Team and possibly Planning and Building Control. Your data will also be shared externally with East Sussex Fire and Rescue Service and other local authorities. We may use the information we hold about you to assist in the detection and prevention of crime or fraud which may mean sharing with other public bodies, such as the Police, Revenues and Customs, UK Visa and Immigration and the Department of Work and Pensions. We use an email and text message service provider, Gov.UK Notify to send email and text updates. Your contact email address and mobile number may be uploaded to Gov.UK Notify so that we can contact you quickly with information we are under a duty to provide to you in association with our services. These details will be used solely for the purpose of making contact when we are required to.
Details are held on their servers for no longer than 7 days after an email/text has been sent. Find more information on their security settings.
How long we will hold your data (retention)
We will hold your data for the length of time you are trading plus six years.
Transferring data outside the European Economic Area
Your information is not processed outside of the European Economic Area.
Your information rights
Under GDPR you have certain rights concerning your information.
How to get advice or make a complaint
Data protection contact information
If you’d like to discuss your data protection rights, you can contact the Data Protection Team. Only use these contact details if you have questions about data protection and not for questions about other services.
We also have a Data Protection Officer. Visit our data protection officer page to find their contact details.
Please contact the Data Protection Team first if you have any concerns.
You can then contact the Information Commissioner’s Office (ICO). The ICO is the national regulator with responsibility for ensuring compliance with data protection.