Privacy notices

Redcar and Cleveland Borough Council privacy notices.

Guide contents

Trading Standards Privacy Notice

This Privacy Notice is designed to help you understand how and why the Trading Standards processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.

Who are we? 

Redcar and Cleveland Borough Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). Trading Standards is a regulatory service, enforcing consumer protection legislation to reduce consumer detriment. 

We work with other organisations when responding to service requests and investigating complaints to provide you with the best advice and information as possible, and for the detection and investigation of any potential criminal offences.

What personal information do we collect?

We collect and use information about people and businesses to enable us to carry out specific functions for which we are responsible and to provide you with a service. 

We keep records about persons and businesses that are relevant to our enquiries, investigations, and projects. These may be written down (manual records) or kept on a computer (electronic records).

These records may include data that falls into any of the following three categories:

  • Personal Information: e.g. details about you, for example, name, address, date of birth, unique identifiers e.g. national insurance number
  • Special Category Data e.g. Health conditions (where relevant)
  • Data relating to Criminal Convictions and Offences.

For example:

  • The details are provided to us by the Citizens Advice Customer Service Team may be used to contact you and investigate your complaint as appropriate.
  • We collate basic details about you as part of Redcar & Cleveland’s No Cold Calling Homes Scheme and to allow us to send out our bi-annual newsletter.

Why do we collect your personal information? 

Your records are used to help ensure that we provide you with the service that you need or to enable us to investigate complaints on your behalf. 

For example: If your complaint concerns a market trader selling short measure produce, we will gather information about this business and how you are affected by it in terms of consumer detriment. 

If we commence a criminal investigation, we will gather information about the suspect(s) and victims involved and use this information to determine whether we have sufficient evidence to progress with formal criminal proceedings. 

Who do we obtain your information from and who do we share it with?

These could include (please note that this list is not exhaustive)

  • Citizens Advice consumer service (CACS) – share your information with our service, this allows us to determine whether further investigation is required.
  • North East Trading Standards Service (NETSA)
  • National Trading Standards (NTS)
  • North East Regional Enforcement Team
  • National Scams Team
  • Victim Care and Advice Services (VCAS)
  • Police / Fire Service / Local Authority (services outside of TS such as Environmental Health, Housing, Adult Social Care and Council Tax)
  • HM Revenue and Customs (HMRC)
  • HM Court Services
  • Medicines and Healthcare products Regulatory Agency (MHRA)
  • Animal and Plant Health Agency (APHA)
  • National Crime Agency (NCA)
  • Liberata Plc who provide Council Tax and Benefits services on behalf of the Council.
  • Other NHS organisations / teams who are involved in your care.
  • Office for Product Safety and Standards (OPSS)
  • Other Trading Standards Services, throughout the UK
  • National Money Lending Team (NMLT)
  • National Trading Standards Estate and Letting Agency Team (NTSELAT)
  • National Crime Agency (NCA)
  • General Medical Council (GMC)
  • Appointed Disclosure Officers

Information will only be shared when it is necessary, proportionate, and justified to do so, examples are provided:

  • Your complaint or the investigation needs to be dealt with jointly or solely by another agency.
  • Where the health and safety of others is at risk
  • Where a legal gateway to share the information exists and is relevant, proportionate, and necessary to do so.
  • Where the law requires us to pass on information under certain circumstances
  • For the prevention and detection of crime

How long do we keep your information for?

We will keep your personal data in accordance with our retention schedule unless you explicitly request it to be removed under GDPR/Data Protection Act 2018 information rights. This right to have your data removed is not an absolute right, for example, we will need to retain your data if this information forms part of a legal requirement, public registry or an existing contract. 

We will hold your personal information for no longer than necessary in relation to the purposes for which is was collected. All personal information is held securely, and once it is no longer needed, is securely destroyed. 

Data held Retention period
CACS records  6 years following receipt. This allows us to refer to previous information when considering any future enforcement activities.
Case Management Records  6 years after a case is closed. This allows us to refer to previous cases when considering any future enforcement activities.
Investigation / Prosecution Records and Files 6 years after a case is closed. This allows us to refer to previous cases when considering any future enforcement activities.
No Cold Calling Home Scheme 6 years following request of a pack and/or becoming a registered member of the No Cold Calling Home Scheme.

What is our lawful basis for processing your information?

Redcar and Cleveland Borough Council relies on the following lawful basis to process your personal data:

  • UK GDPR Article 6(1)(c) – Legal obligation: processing is necessary to comply with the law, or;
  • UK GDPR Article 6(1)(e) – Public task; processing is necessary to perform a task in the public interest or for official functions. 

When processing special category data, the Council will rely on the following lawful basis:

UK GDPR Article 9(2)(g) and DPA 2018, Schedule 1, Part 2, paragraphs (6), (10), (14) and (15) – Reasons of substantial public interest (with a basis in law) *

(6). Statutory and government purposes 

(10). Preventing or detecting unlawful acts 

(14). Preventing fraud

(15). Suspicion of terrorist financing or money laundering

When processing criminal conviction data, the Council will rely on the following lawful basis:

UK GDPR Article 10 as supplemented by DPA 2018 Section 10(5) & Schedule 1, Part 2, paragraphs (10), (12) & (14) – where processing is necessary for the reasons of substantial public interest. 

(10) Preventing or detecting unlawful acts 

(12) Regulatory requirements relating to unlawful acts and dishonesty etc 

(14) Preventing Fraud. 

Data may also be processed under Part 3 DPA 2018, Schedule 8 of the DPA 2018 and under S19 of the Anti-Terrorism Crime and Security Act 2001.

The legislations, policies and guidance that relate to this service includes, but is not limited to:

  • The Consumer Rights Act 2015
  • The Enterprise Act 2002
  • The Fraud Act 2006
  • Digital Markets, Competition and Consumers Act 2024
  • The Consumer Protection from Unfair Trading Regulations 2008
  • Business Protection from Misleading Marketing Regulations 2008
  • The Environmental Protection (Single Use Vapes) (England) Regulations 2024
  • The Estate Agents Act 1979
  • The Tenants Fee’s Act 2019
  • The Proceeds of Crime Act 2002
  • The Agriculture Act 1970
  • Animal Health Act 1981
  • Animal Welfare Act 2006
  • Animal Feed (Hygiene, Sampling, etc. and Enforcement (England) Regulations 2015
  • Food Safety Act 1990
  • Regulation of Investigative Powers Act 2000
  • The Weights and Measures Act 1985
  • The Trade Marks Act 1994
  • The Police and Criminal Evidence Act 1984
  • The General Product Safety Regulations 2005
  • Licensing Act 2003
  • Criminal Procedure Rules 2020             

Your Rights

You have a number of rights that you may exercise in relation to your personal data. Some of the rights do not apply automatically and may not be available in certain circumstances where a lawful exception applies. 

  • You have a right to access your personal data. You can request a copy of personal data that we hold about you and ask us to explain how we use your data.
  • You have a right to object to processing of your personal data. You have an absolute right to stop your data being used for direct marketing. In other cases where the right to object applies, we may be able to continue using your data if we have a compelling reason for doing so. 

If we are relying on consent as the lawful basis to process your data you can withdraw your consent at any time, and we will stop further processing. 

  • You have a right to request the restriction or suppression of your personal data.
  • You have a right to have your personal data erased, if we no longer have a legitimate use for it. This right is sometimes called the ‘right to be forgotten’.
  • You have a right to rectification of your personal data if the information we hold in relation to you is inaccurate or incomplete.
  • You have a right not to be subject to any decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. You can request human intervention or challenge any solely automated decision-making that significantly affects you. 

The Council has appointed a Data Protection Officer. Their contact details are:

Data Protection Officer, Redcar and Cleveland House, Kirkleatham Street, Redcar, TS10 1RT 

You can contact the team by emailing InformationGovernance@redcar-cleveland.gov.uk or by calling 01642 774774

If you would like to request access to your personal data or exercise any of your other data protection rights, please contact the Information Governance Team:

Information Governance, Redcar and Cleveland Borough Council, Redcar and Cleveland House, Kirkleatham Street, Redcar, TS10 1RT

Email: InformationGovernance@redcar-cleveland.gov.uk 

Telephone: 01642 774 774 

You can seek advice and have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. You can contact them through the ICO website www.ico.org.uk, their helpline on 0303 123 1113, or in writing to:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.