This privacy notice explains how Suffolk Trading Standards uses information about you when carrying out its range of business activities and how we protect your privacy.
The processing of personal data is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), collectively referred to as data protection law.
Why we collect and use your information
Suffolk Trading Standards is responsible for ensuring businesses understand their legal obligations and trade in a fair and safe manner. Our work includes licencing, prevention of fraudulent trading, detection and prosecution in line with our enforcement policy, and advice to businesses.
Suffolk Trading Standards is a competent authority for the purposes of Part 3 of the DPA 2018 because we have legal powers to prosecute trading standards offences. This means that we can process personal data for law enforcement purposes.
We deliver services, regulate, or contribute in some way to a number of priority areas including, but not limited to the following:
- Animal health and welfare, contingency planning and disease prevention and control
- Business advice
- Implementation of No Cold Calling Zones
- Food authenticity, composition and safety
- Feed safety and hygiene
- Licensing - petroleum, explosives and performing animals
- Product safety including electrical goods, toys and cosmetics with a focus on control at point of entry into the UK
- Safety of sports grounds
- Fair trading including doorstep crime; consumer and business mass marketing scams; pricing; distance selling and misleading offers.
What personal data do we collect?
Personal data is information that is about living individuals who can be identified from it. The personal data that is collected by Suffolk Trading Standards is:
- Date of birth/age
- Gender
- Marital status
- Children
- Place of birth
- Contact details and preferred contact method
- National Insurance Number and other identifiers
- Job/profession and other information about employment history and current employment
- Professional qualifications
- Photographs, audio and video records
- Income and other financial information
- Services or products provided to individuals and information about the services or products
- Devices and technology used
- Passport and information contained in other documents
- Information from the Electoral Register
- Social relationships and emergency contacts
- Personal and social history.
What ‘special types’ of personal data do we collect?
The following types of information are classed as “special category data” under the UK GDPR.
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic and bio-metric data
- Sexual orientation
- Health including disabilities.
We also collect information concerning criminal convictions and offences.
The UK GDPR and DPA include extra safeguards to protect the use of your special category data and criminal conviction data i.e. offences (including alleged offences), criminal proceedings, outcomes and sentences.
How do we use your information?
Information is used to receive and investigate consumer complaints, and to monitor, research, analyse and report intelligence requirements.
We respond to service requests from businesses and individuals to facilitate enforcement of consumer protection legislation and prevent unfair trading, and to ensure service delivery, planning and improvement.
We may also use information in other ways compatible with the above purposes to enable us to deliver Trading Standards services to the residents of Suffolk.
The lawful bases on which we process information
Our lawful basis under the UK GDPR for holding and general processing of your personal information is because it is necessary for us to perform a task that is carried out in the public interest. A list of the different pieces of legislation that govern Trading Standards functions can be accessed on our website here: Legislation Enforced List
Our lawful bases under the UK GDPR for processing special category data are where processing is necessary for:
- establishing, exercising and defending legal claims
- reasons of substantial public interest, specifically:
- to prevent or detect unlawful acts
- to protect the public against dishonesty
- to prevent fraud.
Because we also process personal information for law enforcement purposes, our lawful bases for processing special category data for law enforcement purposes under Schedule 8 of the DPA 2018, are where processing is necessary for:
- the administration of justice, for reasons of substantial public interest
- establishing, exercising and defending legal claims
- preventing fraud.
The UK GDPR gives extra protection to the processing of criminal offence data. In respect of the use of information about criminal offences and convictions, our lawful bases for processing criminal offence data under Schedule 1, Part 3 of the DPA 2018 are where processing is necessary for:
- the establishment, exercise or defence of legal claims
- reasons of substantial public interest, specifically:
- preventing unlawful acts
- protecting the public against dishonesty
- preventing fraud.
Collecting this information
As well as information that you provide to us, we also collect information from:
- Other members of the public
- Citizens Advice Consumer Helpline (CitA)
- Police
- Other enforcers or regulators, including HMRC, Health and Safety Executive
- Other businesses or employers
- Judicial agencies – courts, bailiffs, lawyers and the Crown Prosecution Service
- Government Departments/agencies including Food Standards Agency
- Other local authorities, including Trading Standards Services
- Voluntary organisations and charities
- Witnesses, including expert witnesses
- Trade and/or sector associations.
Who do we share your information with
We share your personal information with:
- Your family – in respect incidents of doorstep crime when we might need to identify support
- Other residents in your area – in respect of No Cold Calling Zones
- Other enforcers or regulators, including HMRC, Health and Safety Executive
- Other local authorities outside of Suffolk, including Trading Standards Services
- Other local authority departments within Suffolk
- Government Departments/agencies – Department for Environment, Food & Rural Affairs, Department for Business, Energy & Industrial Strategy, Food Standards Agency
- Police
- Judicial agencies – courts, bailiffs, lawyers and the Crown Prosecution Service
- Voluntary organisations and charities
- Witnesses, including expert witnesses
- Other businesses.
Any information which is shared will be shared securely, with appropriate individuals and only the minimum information needed will be shared.
How we store your information
Your information is securely stored electronically on the County Council’s network. Information is also securely stored in other mediums, including email accounts, in paper files and our intelligence database.
We do not store or process your information outside of the European Economic Area.
How long will your data be kept?
We will stop using your data after 7 years from the conclusion of the matter for which it was collected, or where is it necessary and permitted for a longer specified period in accordance with our retention policy. Your data will be securely and permanently deleted one year after we stop using it.
Automated decision making
Suffolk Trading Standards does not make automated decisions about you.
Your rights
You have a number of rights under data protection law. To find out more, please visit Suffolk County Council’s corporate privacy notice.
If you have a question about the ways in which we are collecting or using your personal data please contact:
Marc Titford, Principal Trading Standards Officer, via email: marc.titford@suffolk.gov.uk
Independent advice
If you would like independent advice on this privacy notice or other matters about personal information, including complaints, you can contact the Information Commissioner's Office at:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk