Environmental Health

This Privacy Notice is designed to help you understand how and why the Environmental Health (Commercial) Team processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.


Who are we?

Redcar and Cleveland Borough Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR).

The Environmental Health (Commercial) Service is a regulatory service that inspects food businesses for food hygiene and standards, monitors health and safety at work in commercial businesses, investigates accidents and infectious diseases, and monitors private water supplies.


The Council has an internal Data Protection Officer. Their contact details are:

Data Protection Officer

Redcar and Cleveland House

Kirkleatham Street


TS10 1RT

You can also contact them by emailing informationgovernance@redcar-cleveland.gov.uk or by calling 01642 444573.


What personal information do we collect?

We collect and use information about people and businesses to enable us to carry out specific functions for which we are responsible and to provide you with a service.


These records may include;

  • basic details about you, for example, name, address, date of birth,
  • unique identifiers (such as your NI number),
  • contact we have had with you, for example, appointments & letters of correspondence,
  • notes and reports about your relevant circumstances,
  • details and records about the service you have received,
  • relevant information from other people that we have been in contact with, in relation to the service that you have received.


Why do we collect your personal information?

We collect personal information in order to inspect and carry out interventions in your business, investigate complaints, carry out sampling of private water supplies, and investigate infectious diseases, for example;

  • If you operate a food business, we will gather information about you and your business in order to carry out risk based inspections,
  • If you had a work place accident, we will gather information about you and details of the incident, including the effect it had on you,
  • If we were to instigate criminal proceedings, we would need to gather information on both the business and the person making the complaint.


Who do we obtain your information from?

  • UK Health Security Agency for infectious disease identification and control.
  • Food Standards Agency for notification of a prohibited person.
  • Health and Safety Executive to investigate accidents and near misses.
  • Police/Fire Service/Other relevant Local Authorities
  • Northumbrian Water


Information will only be shared where it is necessary, proportionate and justified to do so, for example;

  • Your complaint or the investigation needs to be dealt with jointly or solely by another agency.
  • Where the health and safety of others is at risk.
  • Where a legal gateway to share the information exists and is relevant, proportionate, and necessary to do so.
  • Where the law requires us to pass on information under certain circumstances.
  • For the prevention and detection of crime


How long do we keep your information for?

Data held

Retention period

Case Management Records

6 years after the case is closed. This allows us to refer to previous cases when considering any future enforcement activities.

Investigation / Prosecution Records and Files

6 years after the case is closed. This allows us to refer to previous cases when considering any future enforcement activities.


What is our lawful basis for processing your information?

Redcar and Cleveland Borough Council relies on the following lawful basis to process your personal data:

  • UK GDPR Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject
  • UK GDPR Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


For the processing of personal data relating to criminal convictions and offences, processing meets Schedule 1, Part 2 of the Data Protection Act 2018 as below:

  • (6) Statutory and Government Purposes


When processing special category data, the Council will rely on the following lawful basis:

  • UK GDPR Article 9 (2) (g) – processing is necessary for reasons of substantial public interest with processing meeting Schedule 1, Part 2 of the Data Protection Act 2018 as below:
  • (6) Statutory and Government Purposes


The legislations, policies and guidance that relate to this service includes, but is not limited to:

  • The Food Safety Act 1990
  • The Public Health (Control of Diseases) Act 1984
  • Health Act 2006
  • The Environmental Protection Act 1990
  • Water Industry Act 1991
  • Health and Safety at Work etc. Act 1974


Your rights

There are a number of rights that you may exercise depending on the legal basis for processing your personal data.

  • Request a copy of the personal information the Council holds about you,
  • To have any inaccuracies corrected,
  • To have your personal data erased,
  • To place a restriction on the Council’s processing of your data,
  • To object to processing,
  • To request your data to be ported (data portability),
  • To object to any automated decision-making including profiling.

In most cases, these rights are not absolute and there may be compelling or overriding legal reasons why we cannot meet these rights in full. This will be explained to you in more detail should you contact us for any of the reasons detailed above.

For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.