Commercial services privacy notice
Information about our privacy notice and how we process your data in accordance with legal requirements.
What service is being provided?
The commercial services team carries out various functions under the remit of Food Safety, Health and Safety, Public Health including infectious diseases, Animal Health and Licensing of Explosives and Massage and Special Treatments.
The processing of your personal information is necessary for compliance with the legal obligation in the following Acts, to facilitate a statutory obligation, and to provide council services (this list is not exhaustive):
- The Food Safety Act 1990 and any other food and feed control legislation made thereunder.
- The General Food Regulations 2004
- Food safety and Hygiene (England) Regulations 2013
- Food Information Regulations 2014
- Health and Safety etc Act 1974, and health and safety regulation and any other relevant statutory provisions specified in Schedule 1 of the Act.
- Explosives Regulations
- Licensing Act 2003
- London Local Authorities Act 1991
- Local Government (Miscellaneous Provisions) Act 1976
- Public Health Act 1936 and 1961
- The Health Act 2006
- The Police and Criminal Evidence Act 1984
To make sure that business activities are carried out in the public interest we must operate according to the provisions of these Acts of parliament. To enable us to process applications and payments, to ensure continued compliance with the above regulations, to accept and investigate complaints or enquiries in relation to businesses we collect, store and process personal and sensitive information about individuals and businesses.
Our core obligations under the general data protection regulations (GDPR) and commitments are set out in the council’s privacy notice.
This notice provides additional privacy information for:
- Members of the Public (complaints, notification of infectious diseases)
It describes how we collect, use and share personal information about you, before, during and after your relationship with us ends, and the types of personal information we need to process.
This includes: name, address (business and personal), date of birth, gender, photographs, contact information (telephone, email) (business and personal), business activities, nationality, evidence of entitlement to work in the UK, national insurance number and payment information.
The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. We may collect the following information under this category.
- Sexuality and sexual life
- Physical or mental health
- Criminal convictions and offences
The main purposes for which we may process your personal information are:
- the processing of licensing applications
- the processing of payments
- to investigate complaints or enquiries
- to investigate accidents
- to carry out enforcement activities to ensure compliance
- to protect public health in the investigation of infectious diseases
- to allow us to communicate, provide information in relation to legislative changes, council policy changes, fees and charges, business specific advice and guidance
- to keep a public register in relation to food business registrations, licenses and enforcement notices
- for the prevention and detection of fraud, crime or both
- to issue fixed penalty notices under The Health Act 2006
- to fulfil a legal obligation
Don't you need my permission to keep and share information about me?
Information we collect is required by law. It enables us to have accurate information for the purposes of law enforcement, regulation and licensing, criminal prosecutions and court proceedings. Personal data we collect under the Public Health Act, by law, enables us to help protect people from the dangers of communicable diseases and environmental threats. If we intend to use your information beyond legal obligations or to exercise specific rights, we will seek your consent to process your information and full guidance will be provided.
Are there any laws applicable in the processing and protection of my information?
We are required to comply with the Data Protection Act to ensure information is managed securely. Personal data we collect under the Public Health Act is made available only to key professionals who have a clear and legal need to see it. We operate under a scheme of delegation and any legislation authorised under this delegation.
The Data Controller is London Borough of Hammersmith and Fulham
The Data Protection Officer for London Borough of Hammersmith and Fulham can be contacted at firstname.lastname@example.org
The Data Processor supporting this purpose is the IT Software provider who hosts and manages our comments data.
In addition to the general reasons for information sharing described in the council’s privacy notice, we may share your information with:
- other council departments for the purposes of law enforcement, regulation and licensing, criminal prosecutions, and court proceedings.
- the Police, and other crime enforcement agencies
- responsible Authorities including the Fire Brigade
- other Local Authorities
- third sector organisations working with the council
- other organisations, where the disclosure is necessary for the purposes of the prevention and detection of crime.
- when the law requires us to pass information under special circumstances, crime prevention or the detection of fraud as part of the National Fraud Initiative.
We also collect or receive information from external parties such as:
- Members of the Public
- Internal Council Departments, and Elected Members of the Council
- The Police
- The Fire Brigade
- Other Local Authorities
- The Home Office, and other Government Agencies
- The Health Protection Agency.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any future legal, accounting, or reporting requirements. The Council’s standard retention period is up to 6 years. We must retain necessary information in accordance with our corporate records policy to fulfil legal, statutory and regulatory requirements.
Rights of access, correction, erasure and restriction
You have the right:
- To ask for your information and there will not be a charge for you to do so. This is known as a subject access request and we act in accordance with this policy.
- To ask for your information to be corrected if it is inaccurate or incomplete.
- To ask for your information to be deleted or removed where there is no need for us to continue processing it (right to be forgotten).
- To ask us to restrict the use of your information, except when it is necessary for the purposes of the prevention and / or detection of crime.
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way without impacting on the quality of the information.
- To object to how your information is used.
- To challenge any decisions made without human intervention (automated decision making). To ask for access to your information you should submit a subject access request.
Right to withdraw consent at anytime
Where the legal reason for processing your personal information is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of our processing prior to the withdrawal of your consent. If you do not provide consent, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations as detailed above. If you wish to withdraw consent you should contact the Commercial Services Team via email@example.com who will process your request as a matter of priority.
In addition to the above you have legal rights in relation to your personal information. You have a right to be informed about how and why your personal information is being processed. This notice fulfils that obligation. Full details are contained in the council’s privacy notice and should be read before consenting to this document.
isit the following links for more information about Privacy Law, our obligations and your Rights: The ICO Guide to the General Data Protection Regulation 2016 and General Data Protection Regulation 2016
If you have concerns over the way we are asking for or using your personal data, please raise the matter with our H&F In Touch Team by the following means:
H&F In Touch Team, London Borough of Hammersmith and Fulham Hammersmith, London W6 9JU
020 8748 2456
If you still have concerns following our response you have the right to raise the matter with the Information Commissioner's Office: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113