Food safety inspections and investigations privacy notice
The council is the data controller for purposes of the Data Protection Act (2018) and EU General Data Protection Regulation as of May 2018 and is registered as a data controller with the Information Commissioner’s Office (ICO)
Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
Purposes and lawful basis of processing
We are collecting your data for the purpose of investigating compliance of a food business. Information gathered may be used to update and amend records or as part of our investigation. From our investigations we may issue food hygiene rating scores and/or take enforcement action where necessary. Contact details may be used in relation to any investigation.
Our lawful basis for processing data is due to our legal obligations under the Food Safety Act 1990.
During investigations we may collect special category data, which would be done so under substantial public interest, specifically the Data Protection Act 2018 Schedule 1, Part 2, Paragraph 12 ‘regulatory requirements relating to unlawful acts and dishonesty etc.’.
Who we will share your data with
Your data may be shared internally with other Regulatory Services Teams, Legal Services, School Organisations and the Communications Team.
Your information may also be shared externally with other local authorities, Food Standards Agency, Public Health England, the courts, the Chartered Institute of Environmental Health or the food business being investigated or their representative. We use an email service provider, MailChimp, to send our email updates. The mailing list is maintained on their servers in the United States of America. For more information on their terms and conditions see www.mailchimp.com/legal/terms. MailChimp has signed up to the EU/US Privacy Shield.
How long we will hold your data (retention)
For business operators, your information will be kept for six years from when your business closes and for those who have made a complaint, your information will be kept for six years from when the case closes.
Transferring data outside the European Economic Area
The email addresses used for food businesses may be stored outside of the European Economic Area. All other information gathered during an investigation is not.
Your information rights
Under GDPR you have certain rights concerning your information.
How to get advice or make a complaint
Data protection contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at firstname.lastname@example.org
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:
You can contact the ICO:
- on their website
- by telephone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This Privacy Notice will be subject to review when there is a change.