Environmental Health Service - Privacy Notice

The Environmental Health team is part of Dudley MBC’s Development and Regulation group.

Our role is to protect public health and the environment within Dudley borough. We deliver a range of regulatory services, including:

• Issuing permits for prescribed activities
• Monitoring and improving air quality
• Investigating complaints relating to pollution, nuisance and environmental issues
• Providing comments on planning and licensing consultations
• Enforcing health and safety legislation in workplaces
• Investigating accidents, disease and dangerous occurrences
• Regulating animal health and welfare
• Licensing activities such as skin piercing
• Registering, approving and inspecting food businesses
• Investigating complaints about food and food premises
• Investigating and controlling cases of infectious disease
• Sampling food
• Enforcing smoke‑free requirements
• Providing advice and guidance to businesses and members of the public
• Supervision and enforcement of Exhumations

Further information about our services is available on the Council’s website.

Information we collect

Depending on the service provided, we may collect:

Personal and contact information:

• Name, address, telephone number and email address
• Date of birth
• Employment or business details

Business and licensing information:

• Business name and address
• Details of food business operators (FBOs)
• Employee names, roles and relevant qualifications
• Licence, permit and registration details

Complaint and investigation information:

• Details of complaints or service requests
• Witness names and contact details
• Evidence relating to investigations

Health and public protection information (where relevant):

• Medical or health information (e.g. symptoms, illness duration)
• Contact tracing information (e.g. family members, workplace or school details)
• Locations visited or premises attended

How we collect information:

We collect information in the following ways:

• Online and paper forms
• Emails, telephone calls and written correspondence
• Face‑to‑face meetings and site visits
• Statutory notifications (e.g. accidents or infectious diseases)
• Other organisations (e.g. UK Health Security Agency, Food Standards Agency, Environment Agency, Health and Safety Executive, other local authorities)
• Third parties such as complainants or witnesses

Our legal basis for data processing comes from Articles 6 and 9 of GDPR.

Legal obligation - Article 6 (1) (c) - processing is necessary for compliance with a legal obligation to which the controller is subject.

Public task - Article 6 (1) (e) – processing is necessary for us to perform a task carried out in the public interest or for our official functions.
When we investigate infectious disease, the lawful basis for processing is under Article 6 (1) (e), public task, and Article 9- processing is necessary for reasons of public interest in the area of public health.

Legislation enforced by the service includes (non‑exhaustive):

• Animal By‑Products (Enforcement) (England) Regulations 2013
• Animal Welfare Act 2006 and associated regulations
• Clean Air Act 1993
• Environmental Protection Act 1990
• Food Information Regulations 2014
• Food Safety Act 1990 (as amended)
• Food Safety and Hygiene (England) Regulations 2013
• Health Act 2006
• Health and Safety at Work etc. Act 1974
• Health Protection (Local Authority Powers) Regulations 2010
• Health Protection (Part 2A Orders) Regulations 2010
• Official Controls (Animals, Feed & Food) Regulations 2006
• Official Feed and Food Controls (England) Regulations 2009
• Pollution Prevention and Control Act 1999
• Prevention of Damage by Pests Act 1949
• Public Health (Control of Disease) Act 1984
• Trade in Animal and Related Products Regulations 2011
• Zoo Licensing Act 1981

We use your information to:

• Register, approve and regulate businesses
• Monitor and enforce compliance with relevant laws
• Investigate complaints and environmental or public health concerns
• Investigate accidents, diseases and outbreaks
• Prevent risks to public health and the environment
• Take enforcement action where necessary
• Provide advice and guidance
• Provide updates on investigations and outcomes

We may share your information where necessary and lawful with:

• Government bodies and regulators (e.g. Food Standards Agency, UK Health Security Agency, Health and Safety Executive, Environment Agency)
• The Police, HMRC and Home Office (where required for legal purposes such as crime prevention or taxation)
• Other Council departments (e.g. planning, licensing, building control, revenues and benefits)
• Other local authorities and government departments
• Courts and legal representatives

Information is shared only where necessary, proportionate and in accordance with data protection legislation.

We are committed to protecting personal data and have data policies and procedures in place to ensure that it is safeguarded. Contact information is held securely on the database service used. All staff undertake regular training in data protection and managing personal information.

Information is kept in accordance with our retention policy. After we deliver a service to you, we keep your information as a business record of what was delivered. The retention period is 7 years.

Personal information processed outside the European Economic Community (EU):

We do not process your personal information outside the EU unless you specifically request us to do so, for example on an export certificate.

At no time will your information be passed to organisations external to us or our partners for marketing or sales purposes or for any commercial use without your prior express consent.

National Data Opt-Out and use of NHS data:

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a Care or Patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

•  improving the quality and standards of care provided
•  research into the development of new treatments
•  preventing illness and diseases
•  monitoring safety
•  planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit Your NHS data matters. On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:
NHS UK Information about patients (which covers health and care research); and Understanding patient data what you need to know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until March 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.