Trading standards service privacy notice
Brighton & Hove City Council is committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as “Data”) about you are:
However, Trading Standards is also subject to other specific laws which define when and for what purposes it can use your personal data.
Why we are collecting your data and our lawful basis for doing so
So Trading Standards can function in Brighton & Hove we must collect and process personal and special category data. Information collected may be used for the prevention, investigation, detection or prosecution of criminal offences or for the execution of criminal penalties.
We may use data to monitor and promote compliance with legislation and the enforcement of civil law matters, which includes for the prevention and detection of crime, including fraud.
As a Trading Standards authority we collect and process data to perform our function in areas such as:
- criminal fair trading
- product safety
- letting and estate agents
- weights and measures
- food standards
- animal health
- feed standards
- feed hygiene
- road side car sales
As a Trading Standard authority, we have powers to investigate matters under the following:
- Consumer Rights Act 2015
- Animal Health Act 1981
- Enterprise and Regulatory Reform Act 2013
- The Energy Performance of Buildings (England and Wales) Regulations 2012
- Weights and Measures Act 1985
- Clean Neighbourhoods and Environment Act 2005
We also have duties under the following acts:
- Food Safety Act 1990
- The Food Safety (Sampling and Qualifications) (England) Regulations 2013
- Licensing Act 2003
- Regulations of Investigatory Powers Act 2000
- Criminal Justice Act 1988
- Firework Regulations 2004
- Health and safety at Work Act 1974
The council runs various schemes and support services, such as the Approved Traders List, to promote a fair trading environment in Brighton & Hove, and Support with Confidence Scheme for personal assistants. There may be occasions, due to safeguarding obligations, where we need to report on incidents or concerns we have. We process this data for the performance of a task carried out in the public interest.
We offer support to individuals who have been the victim of scams, working with the National Trading Standards scam team. This is also processed for the performance of a task carried out in the public interest
We are required to register and licence particular activities. For example, storing explosives. When we process data in relation to the managing and issuing of licences, we do so under the following legislation:
- Petroleum (Consolidation) Regulations 2014
- Explosives Regulations 2014
The council provides a mediation service between parties to try and resolve matters. We will process data for mediation work only with the consent of the data subject, which we will obtain at the earliest convenience.
Information may also be collected to respond to queries and complaints from businesses and members of the public. Information collected from these may also be used in our investigations and possibly any enforcement action that occurs.
Sometimes it’s also essential we collect special category data, and in these instances the lawful basis would fall under substantial public interest, specifically the Data Protection Act (2018), Schedule 1, Part 2, Paragraph 6 ‘Statutory etc. and government purposes’; and Paragraph 11 'preventing the public against dishonesty etc.'; and Paragraph 12 'Regulatory requirements relating to unlawful acts and dishonesty etc.’; and Paragraph 18 'Safeguarding of children and individuals at risk.'
The data we may collect
- contact details; including name, address, email address, telephone number, etc.
- date of birth
- proof of identity
- national identifiers like National Insurance number
- IP address and information regarding what pages are accessed and when
- social and personal circumstances
- financial details for purposes of receiving or making payments
- visual images, personal appearance and behaviour
- licenses or permits held
- business activities
Special Category Data
- offences (including alleged offences)
- criminal proceedings, outcomes and sentences
- genetic data
- biometric data
Who we’ll share your data with
Your data may be shared internally with:
- other regulatory service teams
- legal services
- national non-domestic rates
- democratic services
- environmental health
- children services
- emergency planning
- community safety casework team
We may also share your data externally with:
- other trading standards authorities
- Food Standards Agency
- public analyst
- Her Majesty’s Revenues and Customs
- Brand Holder’s representatives
- Department for Environment, Food & Rural Affairs
- Department of Health
- National Food Crime Unit
- Public Health England
- National Anti-Fraud Network
- legal representatives
- licence holders
- East Sussex Fire and Rescue Service
- enforcement agencies
- Halifax Home care Ltd
- Financial Conduct Authority
- Insurance Bureau
Data that is shared is always done:
- on a case-by-case basis
- using the minimum personal data necessary to provide the service
- with the appropriate security controls in place
- in line with legislation
Information is only shared with those agencies and bodies who need to know or where you have consented to the sharing of your personal data.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
Holding your personal information
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data. How long we keep it will vary according to the services you are involved with and the lawful basis for processing within those services.
The principles we use to determine how long your data will be kept include:
- the type of services you received and whether you are still receiving them
- whether we still are still under a legal obligation either to you or under UK Law
- any standards and guidance set out by the various regulators for our functions
- if you’ve expressed a preference that your data be retained, such as exercising your right to restricted processing
Data relating to complaints, queries, investigations, enforcement action and mediation, will be kept for 6 years from when last dealt with. If there’s no further action from a complaint or query we will hold it for one year from the date of contact.
Information relating to a business will be kept for 6 years from when the business is no longer open.
Data collected in the running of the Support with Confidence and Buy with Confidence Schemes are kept for the length of time they are part of the membership plus 3 years.
When dealing with explosive licences, data is kept for 6 years from date of application. If a licence is refused or revoked then kept for 3 years from the date of that decision.
The data held about the council’s work on under-aged sales training is kept for 3 years from when the training was completed. Also, data collected when completing visits in relation to under aged sales is kept for 6 years from date of visit.
Information relating to petroleum licences need to be kept indefinitely.
How your data will be stored
Your information will be stored in electronic databases, document management systems and on paper records.
Who can access your data
We will only make your information available to those who need to know to perform their council role.
How we protect your data
Examples of the security measures we used are:
- training our staff to make them aware of how to handle information securely and how and when to report when something goes wrong
- encryption when data is being sent, meaning that information is scrambled so that it cannot be read without access to an unlock key. The hidden information is said to then be ‘encrypted’
- data is pseudonymised where possible, meaning that your identity will be removed, so work can be done without your identity being known by the people doing that work
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Transferring data outside the European Economic Area
Your information is not processed outside the European Economic Area.
Your individual rights
In relation to your personal information you have the right:
- to be informed – you have right to know about the collection and use of your personal data. We will inform you through our service-specific notices
- of access – you can request to know what we hold on you along with an explanation for how it is used by making a Subject Access Request
- to rectification – you have the right to ask us to update, amend or change your information if it’s factually inaccurate or incomplete
- to erasure – you have the right to ask us to delete your personal information where it can be shown that we no longer have a lawful basis to retain it or the information was collected on the basis of consent only and you have withdrawn your consent
- to restrict processing – you have the right to request that we limit using your personal data for specific purposes if you do not believe we have a lawful basis for a particular purpose or where you consider the data to be incorrect. Upon receiving a restriction request, we have to consider our use of the data and provide you with a response
- to data portability – you can, in certain circumstances, ask us to provide you with the information you have supplied the council, where it was obtained on the basis of consent or performance of a contract
- to object – you have the right, in certain circumstances, to object to us collecting, using and storing your information. Upon receiving a request of this type, we are required to stop using your data whilst we investigate and provide a response
Automated decision making and profiling - we will tell you if we make an automated decision, including profiling, with your personal information. If we do, you have the right to ask us to make this decision manually instead.
How to get advice or make a complaint
Data protection contacts
If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 295959 or by email at email@example.com
Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.
Information Commissioner’s Office
You also have the right to lodge a complaint with a supervisory authority. Contact details for the ICO is stated below:
You can contact the ICO:
- on their website
- by telephone: 0303 123 1113
- by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF
This Privacy Notice will be subject to review when there is a change.