Dudley Council
Dudley Skyline

Privacy Notice for the Food Safety Service

Dudley Metropolitan Borough Council (MBC) - Environmental Health & Trading Standards (EHTS)

We are committed to protecting your personal data and ensuring that it is processed fairly and lawfully. Information you provide to us will be processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018) and subsequent legislation. For the purposes of Data Protection, Dudley MBC is the Data Controller.

Who we are and what we do

We are the Food team, part of Dudley Metropolitan Borough Council’s Environmental Health and Trading Standards service. We are part of the Health and Wellbeing Service delivered within the People Directorate.

The Food team’s role is to ensure food produced, handled or sold within the Dudley Borough is safe to eat and correctly labelled. We do this by:

  • Registering/approving and inspecting food businesses
  • Investigating complaints about food and food premises
  • Investigating cases of infectious disease
  • Sampling of food
  • Providing advice and guidance to food business operators, food handlers and members of the public

We also inspect food premises for compliance with health & safety legislation and enforce the smoke free requirements for all premises in the borough.

For more information about our services please see the Dudley Council website.

What type of personal information do we collect and how do we collect it?

If you are a food business operator (FBO), when we register/approve your business we collect the following information from you:

  • Your name
  • Business name
  • Address (including the address of the FBO if this is different to the business address)
  • Telephone number (including the number of the FBO if this is different to the business number)
  • E-mail address (including that of the FBO if this is different to the business email)
  • The names of your employees who are food handlers and their food hygiene qualifications

If you are making a complaint about food or a food business or you are requesting advice we collect the following information:

  • Your name
  • Your business name (if applicable)
  • Address
  • Telephone number
  • E-mail address (if applicable)

When we investigate cases of infectious disease (including food poisoning), we collect the following information:

  • Your name
  • Your job or business name (if applicable)
  • Address
  • Date of birth
  • Telephone number
  • E-mail address (if applicable)
  • Details of your employment (or in the case of your child, their school details)
  • Medical information, including when you became ill, symptoms and duration of illness
  • Names of family members, or other close contacts, together with their employment or school details
  • Places you have visited, eaten at or bought food from

We collect information from you in the following ways:

  • Paper forms
  • Online forms
  • Telephone conversations
  • Face to face meetings
  • Copies of notifications
  • From other agencies (for example Public Health England, the Food Standards Agency or other local authorities)
  • From copies of certificates
  • From other people (for example from people making a complaint about a business)


Legal basis for processing

Our legal basis for data processing comes from Articles 6 and 9 of GDPR.

Legal obligation - Article 6 (1) (c) - processing is necessary for compliance with a legal obligation to which the controller is subject.

Public task - Article 6 (1) (e) – processing is necessary for us to perform a task carried out in the public interest or for our official functions.
When we investigate infectious disease, the lawful basis for processing is under Article 6 (1) (e), public task, and Article 9- processing is necessary for reasons of public interest in the area of public health.

Legislation enforced by the service includes:

  • Food Safety Act 1990, as amended
  • Food Safety and Hygiene (England ) Regulations 2013
  • Official Feed and Food Controls (England ) Regulations 2009
  • Trade in Animal and Related Products Regulations 2011
  • Food Information Regulations 2014
  • Official Controls (Animals, Feed & Food ) Regulations 2006
  • Animal By-Products (Enforcement) (England) Regulations 2013
  • Public Health (Control of Disease Act) 1984
  • Health Protection (Local Authority Powers) Regulations 2010
  • Health Protection (Part 2A Orders) Regulations 2010
  • Health Act 2006
  • Health & Safety at Work etc Act 1974

What is your personal information used for?

The information we collect is used for the following purposes:

  • To register/approve and regulate food businesses and check compliance with food law
  • To hold FBOs who fail to comply with the law to account
  • To investigate complaints about food and food premises
  • To investigate the causes of infectious disease and prevent its spread
  • To provide updates on the progress of investigations
  • To offer advice and guidance to businesses and members of the public

Sharing your personal information

Details of food businesses and food business operators may be shared with the Food Standards Agency, the independent government department responsible for food safety.

Under prescribed circumstances, for example the prevention and detection of crime or for tax collection purposes, we may share food business or FBO personal information with:

  • The Police
  • HMRC
  • Home Office Immigration
  • Other Dudley MBC departments/services, for example, planning, building control, licensing, revenues and benefits
  • Other local authorities

We share personal details relating to cases of infectious disease with Public Health England.

Keeping your personal information secure

We are committed to protecting personal data and have data policies and procedures in place to ensure that it is safeguarded. Contact information is held securely on the database service used. All staff undertake regular training in data protection and managing personal information.

Amount of time we hold your information

Information is kept in accordance with our retention policy. After we deliver a service to you, we keep your information as a business record of what was delivered. The retention period is 7 years.
Personal information processed outside the European Economic Community (EU)
We do not process your personal information outside the EU unless you specifically request us to do so, for example on an export certificate.


At no time will your information be passed to organisations external to us or our partners for marketing or sales purposes or for any commercial use without your prior express consent.

What are your rights?

Your rights are detailed in the Council’s Corporate Privacy Notice

Should you wish to raise any concerns about how we have processed your personal data you can contact the data protection officer, email

You also have the right to contact the Information Commissioner.
If you would like a copy of this information in a different format, please email