Dudley Metropolitan Borough Council (MBC) Environmental Health & Trading Standards (EHTS)
We are committed to protecting your personal data and ensuring that it is processed fairly and lawfully. Information you provide to us will be processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018) and subsequent legislation. For the purposes of Data Protection, Dudley MBC is the Data Controller.
We are the Trading Standards team, part of Dudley Metropolitan Borough Council’s Environmental Health and Trading Standards service. We are part of the Health and Wellbeing Service delivered within the People Directorate.
Trading Standards role is to enforce various consumer protection legislation with the purpose of protecting residents, ensuring fair trading amongst businesses and preventing and detecting crime. We also offer a civil advice service and may contact traders on behalf of consumers in an attempt to resolve a dispute. To enable us to perform our duties, intelligence and data will be collected, stored and processed about individuals and businesses. Information will be collected from complaints, inspections, investigations and service requests.
For more information about our services please see the Dudley Council website.
If you are a business, when you request advice from us or we contact you in relation to a trading standards matter, we collect the following information from you:
- Your name
- Business name
- Business address
- Telephone number(s)
- E-mail address
If you are a business applying to join the vetted traders scheme “Fix A Home” we collect the following additional information from you:
- Proof of satisfactory trading history of at least 12 months
- Details of public liability insurance
- Details of registration or membership of professional trade bodies/associations
- Details of 3 references
If you are a consumer making a complaint or seeking advice about a trading standards matter we collect the following information from you:
- Your name
- Address
- Telephone number
- E-mail address (if applicable).
- Details of the issue including copies of any correspondence with the trader and any trade bodies/associations
We collect information from you in the following ways:
- Paper forms
- Online forms and emails
- Telephone conversations
- Face to face meetings
We also receive information from other agencies, for example from:
- Citizens Advice Consumer Services (CACS), a government funded service receiving all first line consumer complaints and enquiries. If you live in the Dudley borough or the issue relates to a Dudley based business, CACS notify us of the matter including your details.
- Other regulators and enforcers, e.g. HMRC, Health & Safety Executive, Home Office Immigration, National Trading Standards
- The Police, where a matter which comes to the police’s attention may breach trading standards legislation
- Other local authorities including trading standards services where there is a relevance to the Dudley borough
- Trade and/or sector associations
- Judicial agencies including courts and Crown Prosecution Service in relation to criminal convictions
- National Trading Standards Scams team, hosted by Surrey County Council which provides information on scam victims to local authorities. There is a separate Privacy Notice is relation to the work of the Dudley Trading Standards Scams Unit.
Our legal basis for data processing comes from Articles 6, 9 and 10 of GDPR.
Legal obligation- Article 6 (1) (c) - processing is necessary for compliance with a legal obligation to which the controller is subject.
Public task-Article 6 (1) (e) – processing is necessary for us to perform a task carried out in the public interest or for our official functions. Information relating to criminal offences (including the suspected and alleged commission of offences) comes under Law Enforcement Directive EU2016/680 and is enshrined in UK law in Part 3 of the Data Protection Act 2018. The Council is a competent authority for processing of criminal offence and criminal penalty data as it has statutory functions for law enforcement purposes, i.e. enforcement of trading standards legislation. Article 10 of the GDPR requires that Member States provide safeguards for the rights and freedoms of data subjects in national law to authorise the processing of personal data relating to criminal convictions and offences. DPA 2018 therefore requires data controllers to have a policy document in place for processing of data relating to criminal offences. The Council has a Corporate Policy IGPOLO18 Law Enforcement Data Protection Policy.
Legislation enforced by the service includes (this is not an exhaustive list):
- Consumer Rights Act 2015
- Consumer Protection from Unfair Trading Regulations 2008
- Trade Marks Act 1994
- Consumer Protection Act 1987
- Agriculture Act 1970
- Fraud Act 2006
- Proceeds of Crime Act 2002
- Weights & Measures Act 1985
- Road Traffic Act 1988
- Children & Young Persons Act 1933
- General Product Safety Regulations 2005
- Criminal Justice Act 1988
- Anti-social Behaviour, Crime & Policing Act 2014
- Trade in Tobacco & Related Products Regulations 2016
- Standardised Packaging of Tobacco Regulations 2015
The information we collect is used for the following purposes:
- To monitor and ensure compliance with statutory requirements
- To investigate and enforce trading standards legislation
- To provide updates on the progress of investigations, complaints and enquiries
- To offer advice and guidance to businesses and members of the public.
If you are a member of the Fix A Home scheme or apply to become a member, we will share details of your application with Age UK Dudley, our partner in administrating the scheme. We will also make checks of the details provided by you in your application to ensure that you are able to meet the requirements of the Fix A Home Code of Practice.
Your details published in the Fix A Home brochure, available in hard copy and online, to enable consumers to contact your business will be checked and agreed with you for accuracy before publishing.
We may share information with our partner agency, Citizens Advice Consumer Services (CACS), who deal with all first line consumer complaints and enquiries.
We may share personal information about you with the following organisations
under prescribed circumstances, for example the prevention and detection of crime or for tax collection purposes:
- The Police
- Other regulators and enforcers, e.g. HMRC, Health & Safety Executive, Home Office Immigration, National Trading Standards
- Trade and/or sector associations
- Judicial agencies including courts and Crown Prosecution Service
- Other Dudley MBC departments/services, for example, planning, building control, licensing, adult safeguarding, revenues and benefits.
- Other local authorities
Please also see the Council's Anti-Fraud Privacy Notice.
If you are convicted of a trading standards offence, following a criminal investigation by Dudley Trading Standards, your name and any business name and the trading address will be published on the Council’s prosecution register. If the trading address is a domestic property, the full address is not published. We take into account the provisions of the Rehabilitation of Offenders Act 1974 and only publish prosecutions of individuals for the period during which the sentence in not spent. Otherwise, prosecutions are published for a period of 3 years.
We are committed to protecting personal data and have data policies and procedures in place to ensure that it is safeguarded. Contact information is held securely on the database service used. All staff undertake regular training in data protection and managing personal information.
Information is kept in accordance with our retention policy. After we deliver a service to you, we keep your information as a business record of what was delivered. The retention period is 7 years.
We do not process your personal information outside the EU unless you specifically request us to do so.
At no time will your information be passed to organisations external to us or our partners for marketing or sales purposes or for any commercial use without your prior express consent.
National Data Opt-Out and use of NHS data.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a Care or Patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit Your NHS Data Matters. On this web page you will:
• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
NHS UK Information About Patients (which covers health and care research); and
Understanding Patient Data What You Need to Know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations had until March 2021 to put systems and processes in place, so they were compliant with the national data opt-out and can apply your choice to any confidential patient information they use or share for purposes beyond your individual care.
What are your rights?
Your rights are detailed in the Council’s Corporate Privacy Notice
Should you wish to raise any concerns about how we have processed your personal data you can contact the data protection officer, email information.governance@dudley.gov.uk
You also have the right to contact the Information Commissioner.
If you would like a copy of this information in a different format, please email information.governance@dudley.gov.uk