GDPR Statement for Environmental Health Services

Data Privacy Notice – Environmental Health – Council of the Isles of Scilly

Information on Environmental Health policy, why we require data, what we do with the data and your rights.

Last updated 23 May

Personal data held by Environmental Health.

In order to carry out our statutory duty to provide monitoring and interventions within the remit of Environmental Health, it is necessary for us to collect and hold personal information. This information may be collected during complaint investigations and may include:-

Basic personal information such as address, telephone number, email address;

In addition to this basic information, for specific interventions, we may hold the following extra information;

FOOD SAFETY / HEALTH AND SAFETY

Details about your business such as size and scope, staff training information, intervention history.

PRIVATE SECTOR HOUSING

Details about the premises and conditions/ landlord/ legal action/ property documentation / Licence details for certain premises etc

PRIVATE WATER SUPPLIES

Details about your business / property such as size and scope, representative names for interventions

INFECTIOUS DISEASES / FOOD POISONING -

‘sensitive data’ - details about the nature of the illness , details of the immediate family / detail, timeline of events. For this category, we will seek your permission before sharing. This will normally be in the form of telephone call or email/letter.

Who is processing your data?

All personal data held, is processed in accordance with data protection law. The Data Controller in relation to Environmental Health is the Council of the Isles of Scilly.

Why do we collect your information?

We will collect information about you (where applicable):-

  • To process a food business registration request
  • To log address and investigate complaints
  • At the start of a food intervention inspection ( or sometimes in advance)
  • For breaches in health and safety
  • To collaborate on safety improvement

What is the legal basis for us to process your data?

The legal basis for processing the data is
• it is in the public interest or in the exercise of official authority/under environmental health statutory legislation

Data protection principles (www.gov.uk)

We will make sure the information is:-

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the European Economic Area without adequate protection

Who do we share your information with?

We may share your information with government departments and agencies and third party contractors such as:-

  • Third party contractors as required specifically for Pest Control and Cornwall Council for the provision of IT systems and services.
  • The Police
  • The Fire Service
  • The Food Standards Agency
  • Trading Standards
  • The Health and Safety Executive
  • The Water Authority.
  • The Medical Authority
  • Environment Agency
  • Department for Environment , Food and Rural Affairs
  • Public Health England

We will not normally share your information with organisations other than our contractors and relevant organisations without your consent, however, there may be certain circumstances where we would share without consent such as where we are required to do so by law (i.e. Public Registers), to safeguard public safety, and in risk of harm or emergency situations. Any information which is shared will only be shared on a need to know basis, with appropriate individuals. Only the minimum information for the purpose will be shared.

How long do we keep your records

We will only keep your information for the minimum period necessary. The information outlined in this privacy notice will be kept in accordance with our retention scheme which includes a table of retention periods.  All information will be held securely and destroyed under confidential conditions.

Your rights

You have a number of rights under data protection law, including the right to request your information and to request that the information be amended or erased if incorrect.

To request your records, you will need to put your request in writing and provide proof of identification to The Data Protection Officer, The Council of the Isles of Scilly, Town Hall, St Marys, Isles of Scilly, TR21 0LW or via email; smansell@scilly.gov.uk  

You also have a right to make a complaint about our handling of your personal data to the Information Commissioner’s Office https://ico.org.uk/

Providing accurate information

It is important that we hold accurate and up to date information about you in order to assess your needs and deliver the appropriate services. If any of your details have changed, or change in the future, please ensure that you inform us as soon as possible so that we can update your records.

Further information

If you have any questions or concerns about how your information is used, please contact the Data Protection Officer at the Council of the Isles of Scilly or by emailing smansell@scilly.gov.uk

More information about data protection and how it applies to you can be found on the Information Commissioner’s Office website at https://ico.org.uk/