Privacy notice: Commercial Food and Safety Team

Contents

  1. Introduction
  2. Who we are
  3. What type of personal information do we collect?
  4. How do we collect personal information?
  5. Why do we collect your personal information?
  6. Who might we share personal information with?
  7. How long will we keep your personal information?
  8. What is our legal basis for using your personal information?
  9. How do we keep your personal information secure?
  10. Is your personal information used overseas?
  11. What are your rights?
  12. Contact us

1. Introduction

storage of food business operator details on the Council's Management Information Database and for the storage of other personal data used for Licensing/Registration purposes for which this Department is responsible, service requests and food poisoning investigations.

We will keep our privacy notice under regular review and will advise you of any updates.

This Notice was last reviewed in (March 2023).

2. Who we are

For the purposes of Data Protection legislation, South Tyneside Council is the Data Controller.

3. What type of personal information do we collect?

We collect the following types of personal/commercial information:

  • The personal information we collect
  • Name of Food Business Operators
  • Address of food business and address of food business operator or registered office details of company ownership
  • Telephone number
  • Email address
  • National Insurance number is requested in some instances to verify identity
  • Date of Birth
  • GP details

4. How do we collect personal information?

We collect your personal information in several ways, for example:

  • In writing - via food registration application form.
  • Online forms and service requests.
  • Family members, employees or business colleagues acting on your behalf.
  • Information supplied by outside organisations as part of our statutory functions and responsibilities.

5. Why do we collect your personal information?

Under Article 6(2) of Regulation 852/2004, food business operators must register their establishments (i.e., each separate unit of their food businesses) with the appropriate competent authority. This data set is a public register freely available to anyone on request.

We also receive personal data in order to carry out investigations, to deliver service request and to undertake and carry out statutory duties and regulatory functions for which we are the enforcing authority. 

6. Who might we share personal information with?

We may share your information internally within the Council so long as the information gathered is used for the same purposes.

We will not share your personal information with any other third parties unless you have specifically asked us to, or unless we have a legal obligation to do so.

Data which is collected for specific purposes, such as that for regulatory monitoring and/or records relating to public registers, to enable us to undertake our statutory responsibilities, will be made available to third parties in accordance with the data protection requirements below.

Personal data obtained in the course of service request submissions or to deliver public health functions will only be held for as long as is necessary. Data which may be required for subsequent legal or civil interests may be held for a further 2 years. In the case that no further intentions are considered, the information will be deleted.

Information containing personal data that forms part of a legal case file where criminal/civil sanctions are being or have been pursued, will be kept in accordance with GDPR Part 3 section 31 namely: for 'law enforcement purposes' (i.e., for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security) and will be held for no longer than is necessary for the purposes for which it was collected.

7. How long will we keep your personal information?

Whilst the information remains current, personal data relating to business activity will remain on the public registers and within the department's secure information database. If the information is no longer current or we receive notice to this effect, it will be replaced with current information, or the record will be closed. Personal data on closed records will be removed unless there is any special reason for keeping it for law enforcement purposes.

8. What is our legal basis for using your personal information?

To use your personal information there must be a lawful basis to do this, such as, through a contract, performing a public task or where there is a legal obligation. 

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent.

(b) We have a legal obligation.

(c) We have a vital interest.

(d) We need it to perform a public task.

You can remove your consent at any time unless you are legally obliged to provide the information. You can do this by contacting the Operations Manager for Commercial Food and Safety at environmental.healthmailbox@southtyneside.gov.uk.

9. How do we keep your personal information secure?

The Information provided is stored as a record on the electronic Management Information Database accessed by Administrative & Regulatory Officers of the Council's Environment Services and within secure data storage files accessed by officers of the Commercial Food and Safety Team only.

10. Is your personal information used overseas?

We will not process your personal information outside of the European Economic Area (EEA).

11. What are your rights? 

Your individual rights are set out in law. Subject to some legal exemptions, you have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relating to automated decision making and profiling

12. Contact us

If you would like to exercise your rights in relation to your personal information, or you feel that something has gone wrong with your personal information, you can contact us in either of the following ways:

By email:                 data.protection@southtyneside.gov.uk

By telephone:          0191 424 6539

In writing:                South Tyneside Council

                               Information Governance

                               Town Hall and Civic Offices

                               South Shields

                               NE33 2RL

If you feel that the Council has not handled your information correctly you can contact the Information Commissioner's Office (ICO). The ICO is the Government's Independent Body responsible for overseeing data protection. In most cases the ICO will only review cases that have exhausted the Council's internal procedures.

The ICO's contact details are as follows: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. More information can be found on the ICO's website at www.ico.org.uk.