Trading Standards Privacy Notice

This Privacy Notice is designed to help you understand how and why the Trading Standards processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.

Who are we?

Redcar and Cleveland Borough Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). Trading Standards is a regulatory service, enforcing consumer protection legislation to reduce consumer detriment.

We work with other organisations when responding to service requests and investigating complaints to provide you with the best advice and information as possible, and for the detection and investigation of any potential criminal offences.

The Council has an internal Data Protection Officer. Their contact details are:

Data Protection Officer

Redcar and Cleveland House

Kirkleatham Street

Redcar

TS10 1RT

informationgovernance@redcar-cleveland.gov.uk

01642 444573

What personal information do we collect?

We collect and use information about people and businesses to enable us to carry out specific functions for which we are responsible and to provide you with a service.

We keep records about persons and businesses that are relevant to our enquiries, investigations, and projects. These may be written down (manual records) or kept on a computer (electronic records).

These records may include:

  • basic details about you, for example, name, address, date of birth,
  • unique identifiers (such as your NI number),
  • contact we have had with you, for example, appointments & letters of correspondence,
  • notes and reports about your relevant circumstances
  • details and records about the service you have received
  • relevant information from other people that we have been in contact with, in relation to the service that you have received

For example:

  • The details are provided to us by the Citizens Advice Customer Service Team may be used to contact you and investigate your complaint as appropriate.
  • We collate basic details about you as part of Redcar & Cleveland’s No Cold Calling Homes Scheme and to allow us to send out our bi-annual newsletter.

In relation to criminal investigations or potential criminal proceedings and proceedings under the Proceeds of Crime Act 2002, the data recorded about businesses and individuals can include special category data. These records may include:

  • Previous Convictions
  • Current and past employment
  • Bank Details (including transactional data)
  • National Insurance Details
  • Social Media subscriber details
  • Communications Data
  • Credit History

Why do we collect your personal information?

Your records are used to help ensure that we provide you with the service that you need or to enable us to investigate complaints on your behalf.

For example:

If your complaint concerns a market trader selling short measure produce, we will gather information about this business and how you are affected by it in terms of consumer detriment.

If we commence a criminal investigation, we will gather information about the suspect(s) and victims involved and use this information to determine whether we have sufficient evidence to progress with formal criminal proceedings.

Who do we obtain your information from and who do we share it with?

These could include (please note that this list is not exhaustive)

  • Citizens Advice Customer service (CACS) – share your information with our service, this allows us to determine whether further investigation is required.
  • North East Trading Standards Service (NETSA)
  • National Trading Standards (NTS)
  • North East Regional Enforcement Team
  • National Scams Team
  • Victim Care and Advice Services (VCAS)
  • Police / Fire Service / Local Authority (services outside of TS such as Environmental Health, Housing and Council Tax)
  • HM Revenue and Customs (HMRC)
  • Medicines and Healthcare products Regulatory Agency (MHRA)
  • Animal and Plant Health Agency (APHA)
  • National Crime Agency (NCA)
  • Liberata Plc who provide Council Tax and Benefits services on behalf of the Council.
  • Other NHS organisations / teams who are involved in your care.
  • Office for Product Safety and Standards (OPSS)
  • Other Trading Standards Services, throughout the UK
  • National Money Lending Team (NMLT)
  • National Trading Standards Estate and Letting Agency Team (NTSELAT)
  • National Crime Agency (NCA)
  • General Medical Council (GMC)
  • Appointed Disclosure Officers

Information will only be shared when it is necessary, proportionate, and justified to do so, examples are provided:

  • Your complaint or the investigation needs to be dealt with jointly or solely by another agency.
  • Where the health and safety of others is at risk
  • Where a legal gateway to share the information exists and is relevant, proportionate, and necessary to do so.
  • Where the law requires us to pass on information under certain circumstances
  • For the prevention and detection of crime

How long do we keep your information for?

We will keep your personal data in accordance with our retention schedule unless you explicitly request it to be removed under GDPR/Data Protection Act 2018 information rights. This right to have your data removed is not an absolute right, for example, we will need to retain your data if this information forms part of a legal requirement, public registry or an existing contract.

We will hold your personal information for no longer than necessary in relation to the purposes for which is was collected. All personal information is held securely, and once it is no longer needed, is securely destroyed.

Data held

Retention period

CACS records

6 years following receipt. This allows us to refer to previous information when considering any future enforcement activities.

Case Management Records

6 years after a case is closed. This allows us to refer to previous cases when considering any future enforcement activities.

Investigation / Prosecution Records and Files

6 years after a case is closed. This allows us to refer to previous cases when considering any future enforcement activities.

What is our lawful basis for processing your information?

Redcar and Cleveland Borough Council relies on the following lawful basis to process your personal data:

UK GDPR Article 6(1)(c) – Legal obligation: processing is necessary to comply with the law, or;

UK GDPR Article 6(1)(e) – Public task; processing is necessary to perform a task in the public interest or for official functions.

When processing special category data, the Council will rely on the following lawful basis:

UK GDPR Article 9(2)(g) and DPA 2018, Schedule 1, Part 2, paragraphs (6), (10), (14) and (15) – Reasons of substantial public interest (with a basis in law) *

(6). Statutory and government purposes

(10). Preventing or detecting unlawful acts

(14). Preventing fraud

(15). Suspicion of terrorist financing or money laundering

When processing criminal conviction data, the Council will rely on the following lawful basis:

UK GDPR Article 10 as supplemented by DPA 2018 Section 10(5) & Schedule 1, Part 2, paragraphs (10), (12) & (14) – where processing is necessary for the reasons of substantial public interest.

(10) Preventing or detecting unlawful acts

(12) Regulatory requirements relating to unlawful acts and dishonesty etc

(14) Preventing Fraud.

Data may also be processed under Part 3 DPA 2018, Schedule 8 of the DPA 2018 and under S19 of the Anti-Terrorism Crime and Security Act

The legislations, policies and guidance that relate to this service includes, but is not limited to:

  • The Consumer Rights Act 2015
  • The Enterprise Act 2002
  • The Fraud Act 2006
  • The Consumer Protection from Unfair Trading Regulations 2008
  • Business Protection from Misleading Marketing Regulations 2008
  • The Estate Agents Act 1979
  • The Tenants Fee’s Act 2019
  • The Proceeds of Crime Act 2002
  • The Agriculture Act 1970
  • Animal Health Act 1981
  • Animal Welfare Act 2006
  • Animal Feed (Hygiene, Sampling, etc. and Enforcement (England) Regulations 2015
  • Food Safety Act 1990
  • Regulation of Investigative Powers Act 200
  • The Weights and Measures Act 1985
  • The Trade Marks Act 1994
  • The Police and Criminal Evidence Act 1984
  • The General Product Safety Regulations 2005
  • Licensing Act 2003
  • Criminal Procedure Rules 2020

Your rights

There are a number of rights that you may exercise depending on the legal basis for processing your personal data.

  • Request a copy of the personal information the Council holds about you
  • To have any inaccuracies corrected
  • To have your personal data erased
  • To place a restriction on the Council’s processing of your data
  • To object to processing
  • To request your data to be ported (data portability)
  • To object to any automated decision-making including profiling.

In most cases, these rights are not absolute and there may be compelling or overriding legal reasons why we cannot meet these rights in full. This will be explained to you in more detail should you contact us for any of the reasons detailed above.

For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.