Privacy Notices - Food Business - Health and safety concern Privacy Notice


You need to be aware of this Privacy Notice if you are reporting a Health and safety concern. 

Who is collecting and using your personal data?

Swindon Borough Council will act as a "Data Controller" for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations (GDPR).

Please note that not providing your personal data may lead to you being unable to use services provided by the Public Protection department.

Your personal data – what is it?

The purpose of this privacy policy is to tell you about what information we collect about you when you use our service, how we use that information and who we may share it with.  

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

The Swindon Borough Council Data Protection Officer can be contacted via email:

What personal data do we collect?

To deliver this service, we will process your contact name & address and contact details (including telephone number(s) and email addresses), and sometimes sensitive personal information relating to your health and special needs.

If you are acting on behalf of someone reporting a problem or concern, we'll ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else's behalf.

Why do we need your personal information?

We will collect enough personal information to deliver the following services to:

  • administer investigations
  • investigate a health and safety concern
  • investigate a health and safety complaint
  • investigate a health and safety enquiry 
  • investigate RIDDOR notifications 
  • collect statistical and analytical data
  • undertake investigations and fulfil our regulatory function

We retain personal information only for as long as necessary and in line with our retention policy.

How the law allows us to use your information?

The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

If the information you provide us in relation to your report contains special category data, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the DPA2018 which relates to statutory and government purposes.

Who do we share your information with?

We will never share your data with third parties except for where we are legally required to do so for the detection and prevention of crime in accordance with the Data Protection Act. 

These include the following:

  • Health and Safety Executive (HSE) 
  • Public Health England 
  • Other Local Authorities 
  • Office for Standards in Education (Ofsted) – only for registered child minders 
  • HMRC
  • Department for Work and Pensions
  • Home Office
  • The Police

If this is required we will seek your consent. If consent is given the data will be shared securely and only with an authorised recipient via encrypted email.

How do we protect your information?

All data you give us as part of your reporting a problem with a food product, reporting a problem with misleading or incorrect food product labelling, reporting hygiene or safety concerns about a food business or reporting suspect food poisoning, that data is held on an electronic system that is a closed system (which means it cannot be accessed outside of this department).  

We will maintain the reliability, accuracy, completeness and currency of personal data in our databases and to protect the privacy and security of our databases. We keep your personal data only for as long as reasonably necessary for the purposes for which it was collected.

Our servers and databases are protected by industry standard security technology.

The access to this archived data is limited to authorised users only. 

The employees who have access to personal data have been trained to handle such data properly and in accordance with latest regulation.

How long do we keep your personal information?

We keep your personal data only for as long as reasonably necessary for the purposes for which it was collected. At the end of the retention period, your personal data will be disposed of securely.

What you can do with your information?

Unless subject to an exemption under GDPR you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Swindon Borough Council holds about you
  • The right to request that Swindon Borough Council corrects any personal data if it is found to be inaccurate or out of date
  • The right to request your personal data is erased where it is no longer necessary for Swindon Borough Council to retain such data
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data
  • The right to lodge a complaint with the Information Commissioners Office

For further details on how your information is used, how we maintain the security of your information, and your rights to access information we hold on you please contact or contact the Data Protection Officer at:

Swindon Borough Council
Civic Offices
Euclid Street

Your right to complain

You also have a right of complaint to the Information Commissioner’s Office (ICO) at if you think we have dealt with your information in an inappropriate manner.

You can ask to see what information we hold about you and have access to it.  You can do this, by contacting: Data Protection Officer Swindon Borough Council

Any further questions regarding the data being processed may also be sent to the Data Protection Officer at the above email address.

What if you do not provide personal data?

You are under no statutory obligation to provide personal data to Swindon Borough Council during the reporting process. However, if you do not provide the data, we may not be able to investigate your reported problem or concern properly and fulfil our regulatory function.

Main privacy notice

You are viewing the Privacy Notice for reporting a Health and safety concern.

Read the main Privacy Notice