Food safety privacy notice

How we use your information

The categories of information that we collect, process, hold and share include:

  • personal information (such as name, address)
  • business details (name, date of opening and food inspection details)
  • details of any relevant accidents
  • details of any infectious disease

Why we collect and use this information

We use your data to:

  • enable us to carry out specific food safety, infectious disease control and health and safety functions for which we are responsible
  • take any necessary enforcement action
  • take part in the Food Hygiene Rating Scheme
  • enable us to assess your application for a skin piercing registration
  • enable us to process your food business registration or approval application
  • derive statistics which inform decisions such as length of time between inspections
  • provide statistics to government departments such as the Food Standards Agency (FSA) and Health and Safety Executive (HSE)
  • process and collect payments for food safety course bookings and certificates

The lawful basis on which we use this information

We collect and use this information under for the purposes of carrying our statutory functions under the Food Safety Act 1990, Food Safety and Hygiene (England) Regulations 2013, Health and Safety at Work Act 1974 and associated regulations and the Public Health (Control of Disease) Act 1984 and associated regulations.

Collecting this information

Whilst the majority of the information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Storing this information

We hold your data for:

  • six years for Infectious disease notifications and investigations
  • a minimum of six years for food business unless they are required for longer retention because of reasons explained in the Food Law Code of Practice
  • three years after last action on any incidents or until three years after the 18th birthday if the accident involved a minor
  • health and safety interventions until business closes and a further 18 months after your business closes
  • three years post course date for course bookings

Who we share this information with

We routinely share information with:

  • Trading Standards, FSA, UK Health Security Agency, Public Health England, HSE and HM Revenue and Customs (HMRC)
  • Queen Ann Hospital Brighton (if required for infectious disease sampling)

Why we share this information

We share data with Trading Standards, UK Health Security Agency, FSA, HSE and HMRC on a statutory basis under Food Safety Act 1990, Food Safety and Hygiene (England) Regulations 2013, Health and Safety at Work Act 1974 and associated regulations and the Public Health (Control of Disease) Act 1984 and associated regulations.

We may also share data with the Chartered Institute of Environmental Health HSE for the purpose of processing food hygiene course certs.

Public register

The Council is required to keep a public register for cooling towers which records details of certain authorisations it issues. This register may contain personal data.

To view the council’s register see the Cooling tower list.

The council also maintains a public register of enforcement notices served for food and health and safety breaches.

Data collection requirements

To find out more about the data collection requirements placed on us see Food Safety Agency and Health and Safety Executive.

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information about them that we hold. To make a request for your personal information please contact Adrian Stanfield, the council’s Data Protection Officer at foi@tmbc.gov.uk.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the data protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at How to make a data protection complaint to an organisation.

Further information

If you would like further information about this privacy notice, please contact Adrian Stanfield, the council’s Data Protection Officer at foi@tmbc.gov.uk.

The council collects and uses personal information for a number of purposes across all of its departments and functions. To find out more about how the council uses the personal information it collects, please refer to the Corporate privacy notice.

Last updated: 25 February 2022.